Commit Graph

5633 Commits

Author SHA1 Message Date
John Safranek 6dfef1400d Use the new APIs for HKDF extract with label. 2021-10-26 20:24:25 -05:00
John Safranek 7f64fc4efb Move the TLSv1.3 KDF into wolfCrypt with the other KDFs. 2021-10-26 20:24:25 -05:00
John Safranek a49125e613 FIPS KDF Update
1. Copied the TLSv1.2 PRF into hmac.c since it uses it and the TLSv1.3
   HKDF is in there as well.
2. Added guard around the old TLS PRF so that it switches in correctly
   for older FIPS builds only.
2021-10-26 20:24:24 -05:00
John Safranek df859d30f3 FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek f1bd79ac50 FIPS 140-3
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
David Garske 9c665d7282 Merge pull request #4501 from embhorn/zd13114
Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow
2021-10-26 10:47:59 -07:00
Eric Blankenhorn 19feab7850 Fix wolfSSL_ASN1_TIME_diff use of gmtime and 32-bit overflow 2021-10-26 07:14:53 -05:00
Juliusz Sosinowicz 48b304be00 Fix issues with AIA_OCSP_OID and AIA_CA_ISSUER_OID 2021-10-26 11:47:27 +02:00
Juliusz Sosinowicz 57b9170ac0 Make NID's consistent
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-26 09:14:25 +02:00
John Safranek a0c7c079b8 Revert "Make NID's consistent" 2021-10-25 21:57:28 -07:00
Sean Parkinson cdf72facbf Merge pull request #4429 from julek-wolfssl/fix-nids
Make NID's consistent
2021-10-26 09:59:26 +10:00
Sean Parkinson 905683c98c Merge pull request #4496 from dgarske/sniffer_keywatch
Fix for sniffer key watch callback
2021-10-26 09:55:17 +10:00
Sean Parkinson 6070981366 Merge pull request #4490 from dgarske/static_mem_unittest
Add CTX static memory API unit tests
2021-10-26 09:52:14 +10:00
David Garske 517225e135 Merge pull request #4497 from cconlon/authInfo
fix nid2oid/oid2nid for oidCertAuthInfoType
2021-10-25 09:29:09 -07:00
David Garske bf2b13939f Merge pull request #4329 from kaleb-himes/OE22-Porting-Changes
Oe22 porting changes
2021-10-22 16:16:26 -07:00
Chris Conlon 402ee29163 fix nid2oid/oid2nid for oidCertAuthInfoType 2021-10-22 16:53:18 -06:00
David Garske e4da9c6f48 Fix for sniffer key callback. Fix for building sniffer without RSA. Fix for wolfCrypt test cert ext without RSA. 2021-10-22 14:29:06 -07:00
kaleb-himes 5859779ddf Check-in non-FIPS specific porting changes for OE22
Fix no new line

Change comment style in testsuite.c

Add include for proper socket header in wolfio.h

Add dc_log_printf support to benchmark application

Pull in changes for examples

Refector NETOS check in test.c

Fix format and remove settings used only for validation testing

Implement peer review feedback

Address last items noted in peer review

Add new README to include.am

Adjust comment style on TODO

Gate changes in client and server properly

Add static on customer feedback

Fix settings include

Update latest peer feedback
2021-10-22 15:01:14 -06:00
John Safranek d83d16af59 Merge pull request #4483 from julek-wolfssl/cov-reports 2021-10-22 13:07:57 -07:00
David Garske c027fffa92 Fix for CTX free heap hint issue. With openssl extra the param and x509_store.lookup.dirs are allocated at CTX init and if heap or static pool was used depends on ctx->onHeapHint. Added test case for this and inline code comment. 2021-10-22 11:58:02 -07:00
John Safranek 734a73dd35 Add missing null-check. Fix dead store. 2021-10-22 11:17:41 -07:00
John Safranek aad230a7e3 Restore a test case. Add a missing null-check. 2021-10-22 10:36:17 -07:00
Hayden Roche 0b6523d933 Rename pem_password_cb to wc_pem_password_cb.
Recently, we had a wolfEngine customer report a compilation error because
wolfSSL and OpenSSL both define the typedef pem_password_cb. The solution is to
namespace our typedef with the wc_ prefix. In order to not break existing code
that relies on wolfSSL providing pem_password_cb, if OPENSSL_COEXIST is not
defined, we define pem_password_cb as a macro that maps to wc_pem_password_cb.
2021-10-21 16:47:29 -07:00
David Garske b5f4a0c005 Improve API unit test to use X509_NAME_get_sz and make it widely available. 2021-10-21 16:42:19 -07:00
David Garske f17187aad9 Fixes for static memory testing. Fix clang memory sanitizer warnings. 2021-10-21 16:33:57 -07:00
Juliusz Sosinowicz 79b738b5a6 commit-test and jenkins fixes 2021-10-21 14:29:28 +02:00
Juliusz Sosinowicz 44d8ab20e1 #456 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz f512514fd6 #450 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz a4a093ebed #449 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 9e3ff9c92c #427 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 9386a882b9 #424
Refactor d2i key API to use common code
2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 4d5dceaa4e #421 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 9d989689c6 #420 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 86f93e5c1b #419 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 70901f0626 #257 2021-10-21 14:25:06 +02:00
Juliusz Sosinowicz 1d5f4a6664 #118 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz 81c3f4b925 #114 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz a1127be18e #95 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz 2678a3b981 #67 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz e97e8bc7d0 #59 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz 74cf332a8b #37 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz e82ae7b072 #17 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz 79682fd30a #15 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz 97c89dd072 #9 2021-10-21 14:22:54 +02:00
Juliusz Sosinowicz 20473ba563 Make NID's consistent
- `CTC_SHAwDSA` -> `NID_dsaWithSHA1`
- `CTC_SHA256wDSA` -> `NID_dsa_with_SHA256`
- `CTC_MD2wRSA` -> `NID_md2WithRSAEncryption`
- `CTC_MD5wRSA` -> `NID_md5WithRSAEncryption`
- `CTC_SHAwRSA` -> `NID_sha1WithRSAEncryption`
- `CTC_SHA224wRSA` -> `NID_sha224WithRSAEncryption`
- `CTC_SHA256wRSA` -> `NID_sha256WithRSAEncryption`
- `CTC_SHA384wRSA` -> `NID_sha384WithRSAEncryption`
- `CTC_SHA512wRSA` -> `NID_sha512WithRSAEncryption`
- `CTC_SHA3_224wRSA` -> `NID_RSA_SHA3_224`
- `CTC_SHA3_256wRSA` -> `NID_RSA_SHA3_256`
- `CTC_SHA3_384wRSA` -> `NID_RSA_SHA3_384`
- `CTC_SHA3_512wRSA` -> `NID_RSA_SHA3_512`
- `CTC_SHAwECDSA` -> `NID_ecdsa_with_SHA1`
- `CTC_SHA224wECDSA` -> `NID_ecdsa_with_SHA224`
- `CTC_SHA256wECDSA` -> `NID_ecdsa_with_SHA256`
- `CTC_SHA384wECDSA` -> `NID_ecdsa_with_SHA384`
- `CTC_SHA512wECDSA` -> `NID_ecdsa_with_SHA512`
- `CTC_SHA3_224wECDSA` -> `NID_ecdsa_with_SHA3_224`
- `CTC_SHA3_256wECDSA` -> `NID_ecdsa_with_SHA3_256`
- `CTC_SHA3_384wECDSA` -> `NID_ecdsa_with_SHA3_384`
- `CTC_SHA3_512wECDSA` -> `NID_ecdsa_with_SHA3_512`
- `DSAk` -> `NID_dsa`
- `RSAk` -> `NID_rsaEncryption`
- `ECDSAk` -> `NID_X9_62_id_ecPublicKey`
2021-10-21 13:01:57 +02:00
Sean Parkinson 817cd2f2a6 Merge pull request #4487 from haydenroche5/openssh
Make several changes to support OpenSSH 8.5p1.
2021-10-21 08:59:38 +10:00
Sean Parkinson ac3612bbef Merge pull request #4469 from dgarske/android_keystore
Support for Android KeyStore compatibility API's
2021-10-21 08:30:08 +10:00
Sean Parkinson a9f467a6b0 Merge pull request #4457 from dgarske/zd13036
Fix for sniffer to trap negative size calculation
2021-10-21 08:17:52 +10:00
John Safranek ff8e7609f5 Merge pull request #4458 from kosmas-valianos/SkipCRLnoCDP 2021-10-20 13:45:58 -07:00
Hayden Roche 864f913454 Make several changes to support OpenSSH 8.5p1.
- Permit more wolfSSL_EC_POINT_* functions for FIPS builds. This requires one
workaround in wolfSSL_EC_POINT_mul where wc_ecc_get_generator isn't available.
- Permit more AES-GCM code in EVP code for FIPS v2 builds. It's unclear why this
code wasn't already available.
- Add EVP_CIPHER_CTX_get_iv to the compatibility layer.
- Clear any existing AAD in the EVP_CIPHER_CTX for AES-GCM when we receive the
EVP_CTRL_GCM_IV_GEN control command. OpenSSL does this, and OpenSSH is relying
on this behavior to use AES-GCM correctly.
- Modify ecc_point_test in testwolfcrypt so that it doesn't fail when doing a
FIPS build with HAVE_COMP_KEY defined.
2021-10-20 11:00:42 -07:00