Commit Graph

716 Commits

Author SHA1 Message Date
Chris Conlon b29fe41a35 Merge pull request #2738 from SparkiDev/cppcheck_fixes_3
Changes to clear issues raised by cppcheck
2020-02-03 17:02:40 -07:00
toddouska 63a73be3f0 Merge pull request #2777 from dgarske/constchar
Fixes for char strings not marked as const.
2020-02-03 11:12:55 -08:00
David Garske 928f641064 Fixes for char strings not marked as const. The const is an optimization to allow use from flash, which saves RAM space on embedded devices. 2020-01-30 13:53:06 -08:00
David Garske 32f478d335 Better fix for using the ASN.1 provided length, not provided inSz. Confirmed CheckBitString will check case where inSz < ASN.1 length. 2020-01-30 08:38:22 -08:00
David Garske 9bfbdfe695 Fix for wc_EccPublicKeyDecode to use the length from ASN sequence, not the provided inSz. Also checked the case where the sequence number is larger than supplied inSz and it will properly return ASN_PARSE_E. ZD 9791 2020-01-30 06:20:29 -08:00
Sean Parkinson 55ea2facdd Changes to clear issues raised by cppcheck 2020-01-30 14:24:32 +10:00
David Garske 1ea7755232 Merge pull request #2742 from tmael/dsa_mem_leak
Fix mem leak in DSA
2020-01-28 06:25:58 -08:00
Tesfa Mael 43b7258d3b Review comments 2020-01-27 12:44:16 -08:00
JacobBarthelmeh 695b126a1c Merge pull request #2739 from dgarske/pkcs8_ed25519
Added PKCS8 support for ED25519
2020-01-24 10:56:40 -08:00
toddouska 945d34533c Merge pull request #2727 from JacobBarthelmeh/Windows
update to ECC key parsing custom curves for Windows
2020-01-23 13:57:06 -08:00
David Garske 2cd3474e9d Improve "keyFormat" to always set based on "algId" and let the later key parsing code produce failure. 2020-01-20 20:49:55 -08:00
David Garske 0489cc97a8 Fix for ProcessBuffer with PEM private keys, where PemToDer call was only setting eccKey. Cleanup to use "keyFormat" OID sum. 2020-01-20 20:49:55 -08:00
David Garske de8e5ffd6e Cleanup asn.c use of WOLFSSL_LOCAL (only required in the header). 2020-01-20 20:49:55 -08:00
David Garske 40c8562dc2 Added PKCS8 support for ED25519. 2020-01-20 20:47:47 -08:00
David Garske 98f14eff9f Refactor to combine duplicate ECC param parsing code. 2020-01-20 16:17:12 -08:00
toddouska 204ef9543a Merge pull request #2728 from ejohnstown/maint-x509
Maintenance: X509
2020-01-17 13:51:02 -08:00
toddouska 60afa72330 Merge pull request #2731 from SparkiDev/auth_key_id_set
Fix when extAuthKeyIdSet is set.
2020-01-17 13:14:22 -08:00
Tesfa Mael fbf91f7397 Fix mem leak in DSA 2020-01-15 16:03:42 -08:00
David Garske 22f49d8597 Fixes for building with ECC sign/verify only. 2020-01-13 15:35:08 -08:00
David Garske 8974827fbe Added WOLFSSL_ECC_CURVE_STATIC build option to allow using fixed arrays for ECC parameters. This is enabled by default on Windows. Fixed several compiler warnings. Fixed build macro for key->deallocSet. 2020-01-13 07:15:17 -08:00
John Safranek 8d1b20706c Maintenance: X509
1. Add a test for the new alt name handling.
2. Added an API to set altnames in a WOLFSSL_X509 struct. Just adds
DNS_entries.
3. Removed the "static" from a bunch of constant byte arrays used inside
some of the ASN.1 code.
2020-01-10 20:26:35 -08:00
John Safranek 5dcffa6b40 Maintenance: X509
1. Fix for issue #2724. When making a certificate out of an X.509
structure, the subject alt names weren't getting correctly copied.
2. Added a function to flatten the DNS_entries into a sequence of
GeneralNames.
3. Put the proper certificate extension wrapping around the flattened
general names.
2020-01-10 20:26:35 -08:00
JacobBarthelmeh 6b4551c012 Merge pull request #2654 from cariepointer/qt-512-513
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Carie Pointer de3536a067 More fixes from review 2020-01-09 17:28:20 -07:00
Sean Parkinson 6e8f3faedd Fix when extAuthKeyIdSet is set.
Was set when extension is seen - extension may not have hash.
But is used to indicate that the hash is set - ie look up by hash.
2020-01-10 09:28:45 +10:00
toddouska f3b2815e1f Merge pull request #2708 from julek-wolfssl/nginx-fix
Nginx fix
2020-01-09 15:00:59 -08:00
Jacob Barthelmeh 41f134ae31 update to ECC key parsing custom curves for Windows 2020-01-08 14:45:59 -07:00
Carie Pointer b9c99709f7 Fixes from review 2020-01-08 12:48:01 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Juliusz Sosinowicz e0ab92058b Check CRL extension errors but don't require them 2020-01-07 11:55:07 +01:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Juliusz Sosinowicz 1bf6eb466f CRL extensions are optional so ext errors should be skipped 2019-12-30 19:08:59 +01:00
toddouska 3b7b71c9e0 Merge pull request #2700 from JacobBarthelmeh/HardwareAcc
Hardware calls for DSP use
2019-12-27 13:58:43 -08:00
Eric Blankenhorn b83804cb9d Correct misspellings and typos from codespell tool 2019-12-24 12:29:33 -06:00
JacobBarthelmeh ad9011a863 initial DSP build and success with Debug mode
build dps with ARM neon 64

fix for release mode build

add in threading protection and seperate out rng

added callback function and updates to README

update default handle to lock, and add finished handle call

cleanup after veiwing diff of changes
2019-12-23 14:17:58 -07:00
Sean Parkinson 64a1045dc3 Cleanup ParseCertRelative code
Fix for case:
- can't find a signer for a certificate with the AKID
- find it by name
Has to error as the signer's SKID is always set for signer and would
have matched the AKID.
Simplify the path length code - don't look up CA twice.
Don't require the tsip_encRsaKeyIdx field in DecodedCert when
!WOLFSSL_RENESAS_TSIP - use local variable.
2019-12-19 08:53:24 +10:00
toddouska 0057eb16f8 Merge pull request #2686 from ejohnstown/crl-skid
Check name hash after matching AKID for CRL
2019-12-18 13:48:59 -08:00
toddouska 573d045437 Merge pull request #2682 from SparkiDev/akid_name_check
Check name hash after matching AKID
2019-12-18 13:08:19 -08:00
John Safranek 6c6d72e4d6 Find CRL Signer By AuthKeyId
When looking up the signer of the CRL by SKID/AKID, also verify that the
CRL issuer name matches the CA's subject name, per RFC 5280 section 4.1.2.6.
2019-12-18 10:17:51 -08:00
toddouska b89121236f Merge pull request #2635 from dgarske/async_date
Fix for async date check issue
2019-12-18 09:34:08 -08:00
toddouska c2e5991b50 Merge pull request #2681 from ejohnstown/crl-skid
Find CRL Signer By AuthKeyId
2019-12-18 09:29:17 -08:00
Sean Parkinson c1218a541b Check name hash after matching AKID
RFC 5280, Section 4.1.2.6:
If the subject is a CA (e.g., the basic constraints extension, as
discussed in Section 4.2.1.9, is present and the value of cA is TRUE),
then the subject field MUST be populated with a non-empty distinguished
name matching the contents of the issuer field (Section 4.1.2.4) in all
certificates issued by the subject CA.

The subject name must match - even when the AKID matches.
2019-12-18 17:57:48 +10:00
toddouska ff026efe49 Merge pull request #2670 from SparkiDev/dec_pol_oid_fix
DecodePolicyOID - check out index
2019-12-17 16:47:36 -08:00
toddouska 892e951c8a Merge pull request #2669 from SparkiDev/name_joi_fix
Decode X.509 name - check input length for jurisdiction
2019-12-17 16:46:30 -08:00
toddouska 435d4bf427 Merge pull request #2658 from SparkiDev/asn_date_check
Check ASN date characters are valid
2019-12-17 16:39:35 -08:00
John Safranek 037c319bab Find CRL Signer By AuthKeyId
1. Add parsing of CRL extensions, specifically the Auth Key ID extension.
2. To verify CRL, search for CA signer by AuthKeyId first, then by name.  If NO_SKID is set, just use name.
3. Update the ctaocrypt settings.h for the NO_SKID option with CRL so FIPS builds work.
2019-12-17 15:33:39 -08:00
David Garske a176789f13 Fix for async issue with "badDate" and "criticalExt" check getting skipped on call to ConfirmSignature with WC_PENDING_E response. Added log message when date failure is skipped. 2019-12-17 15:03:00 -08:00
Sean Parkinson 6a2975c742 DecodePolicyOID - check out index 2019-12-13 12:13:38 +10:00
Sean Parkinson b3cbab4bf3 Decode X.509 name - check input length for jurisdiction 2019-12-13 11:55:15 +10:00
Sean Parkinson 05dafd0adb Check ASN date characters are valid 2019-12-11 09:22:26 +10:00