Chris Conlon
b29fe41a35
Merge pull request #2738 from SparkiDev/cppcheck_fixes_3
...
Changes to clear issues raised by cppcheck
2020-02-03 17:02:40 -07:00
toddouska
63a73be3f0
Merge pull request #2777 from dgarske/constchar
...
Fixes for char strings not marked as const.
2020-02-03 11:12:55 -08:00
David Garske
928f641064
Fixes for char strings not marked as const. The const is an optimization to allow use from flash, which saves RAM space on embedded devices.
2020-01-30 13:53:06 -08:00
David Garske
32f478d335
Better fix for using the ASN.1 provided length, not provided inSz. Confirmed CheckBitString will check case where inSz < ASN.1 length.
2020-01-30 08:38:22 -08:00
David Garske
9bfbdfe695
Fix for wc_EccPublicKeyDecode to use the length from ASN sequence, not the provided inSz. Also checked the case where the sequence number is larger than supplied inSz and it will properly return ASN_PARSE_E. ZD 9791
2020-01-30 06:20:29 -08:00
Sean Parkinson
55ea2facdd
Changes to clear issues raised by cppcheck
2020-01-30 14:24:32 +10:00
David Garske
1ea7755232
Merge pull request #2742 from tmael/dsa_mem_leak
...
Fix mem leak in DSA
2020-01-28 06:25:58 -08:00
Tesfa Mael
43b7258d3b
Review comments
2020-01-27 12:44:16 -08:00
JacobBarthelmeh
695b126a1c
Merge pull request #2739 from dgarske/pkcs8_ed25519
...
Added PKCS8 support for ED25519
2020-01-24 10:56:40 -08:00
toddouska
945d34533c
Merge pull request #2727 from JacobBarthelmeh/Windows
...
update to ECC key parsing custom curves for Windows
2020-01-23 13:57:06 -08:00
David Garske
2cd3474e9d
Improve "keyFormat" to always set based on "algId" and let the later key parsing code produce failure.
2020-01-20 20:49:55 -08:00
David Garske
0489cc97a8
Fix for ProcessBuffer with PEM private keys, where PemToDer call was only setting eccKey. Cleanup to use "keyFormat" OID sum.
2020-01-20 20:49:55 -08:00
David Garske
de8e5ffd6e
Cleanup asn.c use of WOLFSSL_LOCAL (only required in the header).
2020-01-20 20:49:55 -08:00
David Garske
40c8562dc2
Added PKCS8 support for ED25519.
2020-01-20 20:47:47 -08:00
David Garske
98f14eff9f
Refactor to combine duplicate ECC param parsing code.
2020-01-20 16:17:12 -08:00
toddouska
204ef9543a
Merge pull request #2728 from ejohnstown/maint-x509
...
Maintenance: X509
2020-01-17 13:51:02 -08:00
toddouska
60afa72330
Merge pull request #2731 from SparkiDev/auth_key_id_set
...
Fix when extAuthKeyIdSet is set.
2020-01-17 13:14:22 -08:00
Tesfa Mael
fbf91f7397
Fix mem leak in DSA
2020-01-15 16:03:42 -08:00
David Garske
22f49d8597
Fixes for building with ECC sign/verify only.
2020-01-13 15:35:08 -08:00
David Garske
8974827fbe
Added WOLFSSL_ECC_CURVE_STATIC build option to allow using fixed arrays for ECC parameters. This is enabled by default on Windows. Fixed several compiler warnings. Fixed build macro for key->deallocSet.
2020-01-13 07:15:17 -08:00
John Safranek
8d1b20706c
Maintenance: X509
...
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
2020-01-10 20:26:35 -08:00
John Safranek
5dcffa6b40
Maintenance: X509
...
1. Fix for issue #2724 . When making a certificate out of an X.509
structure, the subject alt names weren't getting correctly copied.
2. Added a function to flatten the DNS_entries into a sequence of
GeneralNames.
3. Put the proper certificate extension wrapping around the flattened
general names.
2020-01-10 20:26:35 -08:00
JacobBarthelmeh
6b4551c012
Merge pull request #2654 from cariepointer/qt-512-513
...
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Carie Pointer
de3536a067
More fixes from review
2020-01-09 17:28:20 -07:00
Sean Parkinson
6e8f3faedd
Fix when extAuthKeyIdSet is set.
...
Was set when extension is seen - extension may not have hash.
But is used to indicate that the hash is set - ie look up by hash.
2020-01-10 09:28:45 +10:00
toddouska
f3b2815e1f
Merge pull request #2708 from julek-wolfssl/nginx-fix
...
Nginx fix
2020-01-09 15:00:59 -08:00
Jacob Barthelmeh
41f134ae31
update to ECC key parsing custom curves for Windows
2020-01-08 14:45:59 -07:00
Carie Pointer
b9c99709f7
Fixes from review
2020-01-08 12:48:01 -07:00
Carie Pointer
28cf563c76
Fixes from PR review: styling and formatting, remove duplicate code
2020-01-07 17:01:53 -07:00
Juliusz Sosinowicz
e0ab92058b
Check CRL extension errors but don't require them
2020-01-07 11:55:07 +01:00
Chris Conlon
45c5a2d39c
update copyright to 2020
2020-01-03 15:06:03 -08:00
Juliusz Sosinowicz
1bf6eb466f
CRL extensions are optional so ext errors should be skipped
2019-12-30 19:08:59 +01:00
toddouska
3b7b71c9e0
Merge pull request #2700 from JacobBarthelmeh/HardwareAcc
...
Hardware calls for DSP use
2019-12-27 13:58:43 -08:00
Eric Blankenhorn
b83804cb9d
Correct misspellings and typos from codespell tool
2019-12-24 12:29:33 -06:00
JacobBarthelmeh
ad9011a863
initial DSP build and success with Debug mode
...
build dps with ARM neon 64
fix for release mode build
add in threading protection and seperate out rng
added callback function and updates to README
update default handle to lock, and add finished handle call
cleanup after veiwing diff of changes
2019-12-23 14:17:58 -07:00
Sean Parkinson
64a1045dc3
Cleanup ParseCertRelative code
...
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
2019-12-19 08:53:24 +10:00
toddouska
0057eb16f8
Merge pull request #2686 from ejohnstown/crl-skid
...
Check name hash after matching AKID for CRL
2019-12-18 13:48:59 -08:00
toddouska
573d045437
Merge pull request #2682 from SparkiDev/akid_name_check
...
Check name hash after matching AKID
2019-12-18 13:08:19 -08:00
John Safranek
6c6d72e4d6
Find CRL Signer By AuthKeyId
...
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
2019-12-18 10:17:51 -08:00
toddouska
b89121236f
Merge pull request #2635 from dgarske/async_date
...
Fix for async date check issue
2019-12-18 09:34:08 -08:00
toddouska
c2e5991b50
Merge pull request #2681 from ejohnstown/crl-skid
...
Find CRL Signer By AuthKeyId
2019-12-18 09:29:17 -08:00
Sean Parkinson
c1218a541b
Check name hash after matching AKID
...
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.
The subject name must match - even when the AKID matches.
2019-12-18 17:57:48 +10:00
toddouska
ff026efe49
Merge pull request #2670 from SparkiDev/dec_pol_oid_fix
...
DecodePolicyOID - check out index
2019-12-17 16:47:36 -08:00
toddouska
892e951c8a
Merge pull request #2669 from SparkiDev/name_joi_fix
...
Decode X.509 name - check input length for jurisdiction
2019-12-17 16:46:30 -08:00
toddouska
435d4bf427
Merge pull request #2658 from SparkiDev/asn_date_check
...
Check ASN date characters are valid
2019-12-17 16:39:35 -08:00
John Safranek
037c319bab
Find CRL Signer By AuthKeyId
...
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name. If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
2019-12-17 15:33:39 -08:00
David Garske
a176789f13
Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to ConfirmSignature with WC_PENDING_E response. Added log message when date failure is skipped.
2019-12-17 15:03:00 -08:00
Sean Parkinson
6a2975c742
DecodePolicyOID - check out index
2019-12-13 12:13:38 +10:00
Sean Parkinson
b3cbab4bf3
Decode X.509 name - check input length for jurisdiction
2019-12-13 11:55:15 +10:00
Sean Parkinson
05dafd0adb
Check ASN date characters are valid
2019-12-11 09:22:26 +10:00