Commit Graph

15333 Commits

Author SHA1 Message Date
John Safranek 90752e89fb Restore a configure check lost in a rebase. 2021-10-26 20:24:25 -05:00
John Safranek 6dfef1400d Use the new APIs for HKDF extract with label. 2021-10-26 20:24:25 -05:00
John Safranek e67bbf7526 1. Add flag to DH keys when using safe parameters.
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
John Safranek 7f64fc4efb Move the TLSv1.3 KDF into wolfCrypt with the other KDFs. 2021-10-26 20:24:25 -05:00
John Safranek 38064bb396 Add HMAC-SHA2-512 to the TLSv1.2 PRF. 2021-10-26 20:24:25 -05:00
John Safranek c7ea896759 Add prototype for the ssh-kdf test in the wolfCrypt test. 2021-10-26 20:24:24 -05:00
John Safranek de4af35f89 KDF Update
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
John Safranek a49125e613 FIPS KDF Update
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
   HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
   for older FIPS builds only.
2021-10-26 20:24:24 -05:00
John Safranek a935f2f86d FIPS CAST Update
1. In the unit test, when checking the build options, also check for
   FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
   getting called, so the FIPS flags didn't get checked. (It was using
   wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
John Safranek 11fb1abe74 Fix a bad assignment in the configure script. 2021-10-26 20:24:24 -05:00
John Safranek e855654fff FIPS CAST Update
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
2021-10-26 20:24:24 -05:00
John Safranek a5032e8087 Update the fips-check script to pull the sources from GitHub rather than
from a directory on a local machine.
2021-10-26 20:24:24 -05:00
John Safranek df859d30f3 FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek 1683644e77 FIPS 140-3
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
   version in the code, but that leaves DES3 out of the build. The code
   was still including the header. Force DES3 disabled in FIPS Ready
   builds.
2021-10-26 20:24:24 -05:00
John Safranek 9e92c118ed FIPS 140-3
1. Add the old known answer test prototype back into fips_test.h for FIPSv2 builds.
2021-10-26 20:24:24 -05:00
John Safranek f1bd79ac50 FIPS 140-3
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
JacobBarthelmeh d27a49b98c Merge pull request #4507 from cconlon/cavpselftest2
fix CAVP selftest v2 build error in test.c
2021-10-27 06:04:06 +07:00
JacobBarthelmeh 4825534062 Merge pull request #4500 from cconlon/errorQueueFix
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
David Garske 9c665d7282 Merge pull request #4501 from embhorn/zd13114
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
David Garske 87baf7818e Merge pull request #4505 from julek-wolfssl/fix-nids
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
Chris Conlon 5810e45cb7 fix CAVP selftest v2 build error in test.c 2021-10-26 10:33:05 -06:00
David Garske 529f1c63dd Merge pull request #4503 from SparkiDev/opensslcoexist_ed
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
2021-10-26 09:19:08 -07:00
Eric Blankenhorn 19feab7850 Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow 2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz 48b304be00 Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID 2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz 348fec3d29 wc_ClearErrorNodes is a local API that is not exported for linking 2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz fa3cf590d5 Fix NID conflicts
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`

NID conflicts found by examining the runtime values in `wolfssl_object_info`
2021-10-26 09:14:34 +02:00
Juliusz Sosinowicz 57b9170ac0 Make NID's consistent
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
Sean Parkinson 08d9b145d9 ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
Change SSL_FATAL_ERROR to  WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
Daniel Pouzzner 49e29eb811 Merge pull request #4504 from wolfSSL/revert-4429-fix-nids
Revert "Make NID's consistent"
2021-10-26 00:09:56 -05:00
John Safranek a0c7c079b8 Revert "Make NID's consistent" 2021-10-25 21:57:28 -07:00
Sean Parkinson cdf72facbf Merge pull request #4429 from julek-wolfssl/fix-nids
Make NID's consistent
2021-10-26 09:59:26 +10:00
Sean Parkinson 905683c98c Merge pull request #4496 from dgarske/sniffer_keywatch
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
Sean Parkinson 6070981366 Merge pull request #4490 from dgarske/static_mem_unittest
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
David Garske aa72f0685d Merge pull request #4499 from SparkiDev/dec_ku_len
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 15:11:18 -07:00
Chris Conlon eb0b6ca122 fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined 2021-10-25 13:50:39 -06:00
David Garske 517225e135 Merge pull request #4497 from cconlon/authInfo
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-25 09:29:09 -07:00
Sean Parkinson 8e6c6e7757 KeyUsage dcoding: Ensure data length is 1 or 2 2021-10-25 09:22:31 +10:00
David Garske bf2b13939f Merge pull request #4329 from kaleb-himes/OE22-Porting-Changes
Oe22 porting changes
2021-10-22 16:16:26 -07:00
Chris Conlon 402ee29163 fix nid2oid/oid2nid for oidCertAuthInfoType 2021-10-22 16:53:18 -06:00
David Garske e4da9c6f48 Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA. 2021-10-22 14:29:06 -07:00
kaleb-himes 5859779ddf Check-in non-FIPS specific porting changes for OE22
Fix no new line

Change comment style in testsuite.c

Add include for proper socket header in wolfio.h

Add dc_log_printf support to benchmark application

Pull in changes for examples

Refector NETOS check in test.c

Fix format and remove settings used only for validation testing

Implement peer review feedback

Address last items noted in peer review

Add new README to include.am

Adjust comment style on TODO

Gate changes in client and server properly

Add static on customer feedback

Fix settings include

Update latest peer feedback
2021-10-22 15:01:14 -06:00
John Safranek d83d16af59 Merge pull request #4483 from julek-wolfssl/cov-reports 2021-10-22 13:07:57 -07:00
David Garske 229f0d5fd1 Merge pull request #4485 from JacobBarthelmeh/certs
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
David Garske c027fffa92 Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment. 2021-10-22 11:58:02 -07:00
John Safranek 734a73dd35 Add missing null-check. Fix dead store. 2021-10-22 11:17:41 -07:00
David Garske f8178b4896 Merge pull request #4495 from utzig/fix-mmacu-sha256-warn
Fix MMCAU_SHA256 type warnings
2021-10-22 10:55:43 -07:00
David Garske 587077856e Merge pull request #4494 from utzig/fix-forcezero-comment
Fix comment that applies to fp_forcezero
2021-10-22 10:55:30 -07:00
David Garske c54f906678 Merge pull request #4492 from haydenroche5/pem_password_cb
Rename pem_password_cb to wc_pem_password_cb.
2021-10-22 10:51:47 -07:00
John Safranek aad230a7e3 Restore a test case. Add a missing null-check. 2021-10-22 10:36:17 -07:00
David Garske 4c0527490d Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error. 2021-10-22 09:59:16 -07:00