John Safranek
90752e89fb
Restore a configure check lost in a rebase.
2021-10-26 20:24:25 -05:00
John Safranek
6dfef1400d
Use the new APIs for HKDF extract with label.
2021-10-26 20:24:25 -05:00
John Safranek
e67bbf7526
1. Add flag to DH keys when using safe parameters.
...
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
John Safranek
7f64fc4efb
Move the TLSv1.3 KDF into wolfCrypt with the other KDFs.
2021-10-26 20:24:25 -05:00
John Safranek
38064bb396
Add HMAC-SHA2-512 to the TLSv1.2 PRF.
2021-10-26 20:24:25 -05:00
John Safranek
c7ea896759
Add prototype for the ssh-kdf test in the wolfCrypt test.
2021-10-26 20:24:24 -05:00
John Safranek
de4af35f89
KDF Update
...
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
John Safranek
a49125e613
FIPS KDF Update
...
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
for older FIPS builds only.
2021-10-26 20:24:24 -05:00
John Safranek
a935f2f86d
FIPS CAST Update
...
1. In the unit test, when checking the build options, also check for
FIPSv4 to make sure 2048-bit RSA is used.
2. In the standalone SHA-1 one step hash function, wc_InitSha() wasn't
getting called, so the FIPS flags didn't get checked. (It was using
wc_InitSha_ex() which bypasses the FIPS checks.)
2021-10-26 20:24:24 -05:00
John Safranek
11fb1abe74
Fix a bad assignment in the configure script.
2021-10-26 20:24:24 -05:00
John Safranek
e855654fff
FIPS CAST Update
...
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
2021-10-26 20:24:24 -05:00
John Safranek
a5032e8087
Update the fips-check script to pull the sources from GitHub rather than
...
from a directory on a local machine.
2021-10-26 20:24:24 -05:00
John Safranek
df859d30f3
FIPS 140-3
...
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek
1683644e77
FIPS 140-3
...
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
version in the code, but that leaves DES3 out of the build. The code
was still including the header. Force DES3 disabled in FIPS Ready
builds.
2021-10-26 20:24:24 -05:00
John Safranek
9e92c118ed
FIPS 140-3
...
1. Add the old known answer test prototype back into fips_test.h for FIPSv2 builds.
2021-10-26 20:24:24 -05:00
John Safranek
f1bd79ac50
FIPS 140-3
...
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
JacobBarthelmeh
d27a49b98c
Merge pull request #4507 from cconlon/cavpselftest2
...
fix CAVP selftest v2 build error in test.c
2021-10-27 06:04:06 +07:00
JacobBarthelmeh
4825534062
Merge pull request #4500 from cconlon/errorQueueFix
...
fix wc_ERR_print_errors_fp() unit test with NO_ERROR_QUEUE
2021-10-27 05:56:32 +07:00
David Garske
9c665d7282
Merge pull request #4501 from embhorn/zd13114
...
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
David Garske
87baf7818e
Merge pull request #4505 from julek-wolfssl/fix-nids
...
Make NID's consistent v2
2021-10-26 10:29:42 -07:00
Chris Conlon
5810e45cb7
fix CAVP selftest v2 build error in test.c
2021-10-26 10:33:05 -06:00
David Garske
529f1c63dd
Merge pull request #4503 from SparkiDev/opensslcoexist_ed
...
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
2021-10-26 09:19:08 -07:00
Eric Blankenhorn
19feab7850
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz
48b304be00
Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID
2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz
348fec3d29
wc_ClearErrorNodes is a local API that is not exported for linking
2021-10-26 09:14:48 +02:00
Juliusz Sosinowicz
fa3cf590d5
Fix NID conflicts
...
- `NID_sha224` conflicted with `NID_sha1WithRSAEncryption`
- `NID_commonName` conflicted with `PBE-SHA1-3DES`
- `NID_X9_62_prime239v3` conflicted with `AES128CBCb`
- `NID_md5` conflicted with `NID_surname`
- `NID_md2WithRSAEncryption` conflicted with `NID_localityName`
- `NID_md5WithRSAEncryption` conflicted with `NID_stateOrProvinceName`
NID conflicts found by examining the runtime values in `wolfssl_object_info`
2021-10-26 09:14:34 +02:00
Juliusz Sosinowicz
57b9170ac0
Make NID's consistent
...
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
Sean Parkinson
08d9b145d9
ED25519 and ED448 api.c tests: doesn't compile with --opensslcoexist
...
Change SSL_FATAL_ERROR to WOLFSSL_FATAL_ERROR
2021-10-26 15:50:52 +10:00
Daniel Pouzzner
49e29eb811
Merge pull request #4504 from wolfSSL/revert-4429-fix-nids
...
Revert "Make NID's consistent"
2021-10-26 00:09:56 -05:00
John Safranek
a0c7c079b8
Revert "Make NID's consistent"
2021-10-25 21:57:28 -07:00
Sean Parkinson
cdf72facbf
Merge pull request #4429 from julek-wolfssl/fix-nids
...
Make NID's consistent
2021-10-26 09:59:26 +10:00
Sean Parkinson
905683c98c
Merge pull request #4496 from dgarske/sniffer_keywatch
...
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
Sean Parkinson
6070981366
Merge pull request #4490 from dgarske/static_mem_unittest
...
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
David Garske
aa72f0685d
Merge pull request #4499 from SparkiDev/dec_ku_len
...
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 15:11:18 -07:00
Chris Conlon
eb0b6ca122
fix unit test for wc_ERR_print_errors_fp() when NO_ERROR_QUEUE is defined
2021-10-25 13:50:39 -06:00
David Garske
517225e135
Merge pull request #4497 from cconlon/authInfo
...
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-25 09:29:09 -07:00
Sean Parkinson
8e6c6e7757
KeyUsage dcoding: Ensure data length is 1 or 2
2021-10-25 09:22:31 +10:00
David Garske
bf2b13939f
Merge pull request #4329 from kaleb-himes/OE22-Porting-Changes
...
Oe22 porting changes
2021-10-22 16:16:26 -07:00
Chris Conlon
402ee29163
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-22 16:53:18 -06:00
David Garske
e4da9c6f48
Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA.
2021-10-22 14:29:06 -07:00
kaleb-himes
5859779ddf
Check-in non-FIPS specific porting changes for OE22
...
Fix no new line
Change comment style in testsuite.c
Add include for proper socket header in wolfio.h
Add dc_log_printf support to benchmark application
Pull in changes for examples
Refector NETOS check in test.c
Fix format and remove settings used only for validation testing
Implement peer review feedback
Address last items noted in peer review
Add new README to include.am
Adjust comment style on TODO
Gate changes in client and server properly
Add static on customer feedback
Fix settings include
Update latest peer feedback
2021-10-22 15:01:14 -06:00
John Safranek
d83d16af59
Merge pull request #4483 from julek-wolfssl/cov-reports
2021-10-22 13:07:57 -07:00
David Garske
229f0d5fd1
Merge pull request #4485 from JacobBarthelmeh/certs
...
Improve permitted alternate name logic in certificate ASN handling
2021-10-22 11:59:16 -07:00
David Garske
c027fffa92
Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment.
2021-10-22 11:58:02 -07:00
John Safranek
734a73dd35
Add missing null-check. Fix dead store.
2021-10-22 11:17:41 -07:00
David Garske
f8178b4896
Merge pull request #4495 from utzig/fix-mmacu-sha256-warn
...
Fix MMCAU_SHA256 type warnings
2021-10-22 10:55:43 -07:00
David Garske
587077856e
Merge pull request #4494 from utzig/fix-forcezero-comment
...
Fix comment that applies to fp_forcezero
2021-10-22 10:55:30 -07:00
David Garske
c54f906678
Merge pull request #4492 from haydenroche5/pem_password_cb
...
Rename pem_password_cb to wc_pem_password_cb.
2021-10-22 10:51:47 -07:00
John Safranek
aad230a7e3
Restore a test case. Add a missing null-check.
2021-10-22 10:36:17 -07:00
David Garske
4c0527490d
Fixes for API unit test with WOLFSSL_NO_ASN_STRICT. Fix spelling error.
2021-10-22 09:59:16 -07:00