Commit Graph

15182 Commits

Author SHA1 Message Date
David Garske d297a06c25 Fix for wolfCrypt test with custom curves without Brainpool. Tested all changes on NXP K82 LTC. 2021-10-19 13:12:12 -07:00
Fabio Utzig ed243b3327 nxp: ksdk: add support for Koblitz curves
The Kinetis port implementation currently only supports SECP random
curves. This commit expands it to also support the accepted SECP
koblitz curves, based on user settings. The implementation also makes
it easy to add Brainpool curves.

Signed-off-by: Fabio Utzig <utzig@apache.org>
2021-10-14 12:33:30 -03:00
Sean Parkinson 4c70ac73f1 Merge pull request #4467 from dgarske/smtp
Example client: fix for SMTP temp buffer size
2021-10-14 08:16:42 +10:00
Sean Parkinson b93b7b07a9 Merge pull request #4463 from JacobBarthelmeh/fuzzing
DSA: add check on bit length of q
2021-10-14 08:06:53 +10:00
Chris Conlon cc63668691 Merge pull request #4445 from TakayukiMatsuo/tsip113
Add support for TSIPv1.13
2021-10-13 09:26:58 -06:00
Sean Parkinson 7f1dbd8709 Merge pull request #4420 from douzzer/smallstack-ge-sp
SP, Ed25519: smallstack
2021-10-13 08:33:36 +10:00
Sean Parkinson 03d2e9ad8c Merge pull request #4466 from embhorn/zd13059
Fix for ecc_projective_*_safe visibility
2021-10-13 08:27:47 +10:00
David Garske bc97539756 Increase the size of the temp buffer for starttls. Some SMTP servers send larger messages. 2021-10-12 15:13:38 -07:00
David Garske b9b5661550 Merge pull request #4465 from LinuxJedi/stm32-fixes
Minor STM32F1 fixes
2021-10-12 11:57:18 -07:00
Andrew Hutchings 66c4b6d270 Improve STM32 documentation
Walk through how to create a new STM32CubeMX project for wolfSSL.
2021-10-12 17:13:41 +01:00
Eric Blankenhorn be6bf5687b Fix for ecc_projective_*_safe visibilty 2021-10-12 11:12:42 -05:00
Andrew Hutchings 97883d78ac Minor STM32F1 fixes
* Not all STM32 RTCs support subseconds in the time struct, so this is
  now ifdef'd using the only obvious define which exists when subseconds
  exist.
* Let wc_GenerateSeed detect STM32's without RNG correctly.
* wolfCrypt test was attempting to use variables that don't exist when
  both WOLFSSL_SMALL_STACK and WC_NO_RNG is defined.
2021-10-12 16:20:36 +01:00
David Garske f20f883e94 Merge pull request #4464 from SparkiDev/tls_hs_state_fix
TLS: don't set the handshake state to the record type
2021-10-12 08:18:17 -07:00
Daniele Lacamera ec78b2e368 Merge pull request #4322 from dgarske/se050_branch
NXP SE050 Support
2021-10-12 07:37:58 -07:00
Sean Parkinson 6fbc9be71a Merge pull request #4462 from guidovranken/zd13048
Check return value of mp_grow in mp_mod_2d
2021-10-12 11:36:59 +10:00
Sean Parkinson 544e64f9e4 TLS: don't set the handshake state to the record type 2021-10-12 08:52:58 +10:00
Sean Parkinson 69d5405e91 Merge pull request #4350 from cconlon/pythonCompatD
OpenSSL compatibility fixes: BIO_set_nbio(), SHA3 NID, WOLFSSL_PYTHON
2021-10-12 08:14:34 +10:00
David Garske 70894383ce Fix for new SHA512 224/256 support with NXP SE050. 2021-10-11 13:01:38 -07:00
David Garske 90a51490a9 Peer review feedback. Improvements with small stack. 2021-10-11 11:54:03 -07:00
David Garske 0c1d12c224 Improve keyId logic. Fix minor compile warnings. Change wc_se050_set_config to match naming convention of other function in port. 2021-10-11 11:53:21 -07:00
Ethan Looney 09ce1e3c5f Improvements to the key id allocation 2021-10-11 11:53:21 -07:00
David Garske 185d48938d Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if WOLFSSL_SE050_INIT is defined. Optionally can override the portName using SE050_DEFAULT_PORT. 2021-10-11 11:53:21 -07:00
David Garske 2028d8b63d Add missing se050_port.h. 2021-10-11 11:53:21 -07:00
David Garske 29f051e585 Fixes and cleanups for NXP SE050 support. 2021-10-11 11:53:19 -07:00
Ethan 3f76a76c46 SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519 2021-10-11 11:52:12 -07:00
Jacob Barthelmeh 63c9fa7a37 add check on bit length of q with DSA 2021-10-11 09:52:57 -06:00
Sean Parkinson b8c4e89ea0 Merge pull request #4460 from dgarske/test_init
Refactor API unit test named initializer code for `callback_functions`
2021-10-11 08:25:38 +10:00
Sean Parkinson 511c74ea52 Merge pull request #4456 from dgarske/zd13032
Fix to not try OCSP or CRL checks if there is already an error
2021-10-11 08:20:58 +10:00
Guido Vranken 0522e19fc1 Check return value of mp_grow in mp_mod_2d
ZD13048
2021-10-10 21:02:03 +02:00
David Garske a395305cab Refactor API unit test named initializer code for callback_functions, to avoid older g++ build issues. 2021-10-08 14:04:21 -07:00
JacobBarthelmeh f757318eeb Merge pull request #4454 from dgarske/static_mem
Fix for `Bad memory_mutex lock` on static memory cleanup
2021-10-09 00:13:10 +07:00
David Garske 854512105f Merge pull request #4314 from SparkiDev/libkcapi
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
Sean Parkinson dd6e4093b3 Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer
remove error queue from JNI build and set a default upper bound on it
2021-10-08 08:35:03 +10:00
David Garske 668f8700a4 Fix to not try OCSP or CRL checks if there is already an error. This fix prevents an error code from being overwritten if there is already a failure. ZD13032 2021-10-07 15:30:16 -07:00
David Garske 725e503c57 Merge pull request #4451 from SparkiDev/asn_templ_fix_1
ASN template: replicate AddAltName change in template code
2021-10-07 09:23:37 -07:00
elms 8c178118a4 Configure: add option to enable alternate certificate chains (#4455) 2021-10-07 11:14:51 +10:00
David Garske 9d2082f7e1 Fixes and improvements for crypto callbacks with TLS (mutual auth) (#4437)
* This PR resolves issues with using TLS client authentication (mutual auth) with crypto callbacks. The TLS client auth will not be sent without a private key being set. The solution is to allow setting a public key only if crypto callbacks is enabled and a devId is set.

* Fix to allow using crypto callbacks with TLS mutual authentication where a private key is not available.
* Fix for ED25519 sign when only a private key is loaded.
* Fix to enable crypto callbacks for ED25519 and Curve25519 in TLS by using the _ex init functions.
* Fix for wc_PemToDer return code where a PKCS8 header does not exist.
* Remove duplicate logs in DoCertificateVerify.
* Doxygen API updates: Added crypto callback help and updated use_PrivateKey with info about public key use.

* * Added crypto callback tests for TLS client and server with mutual auth for RSA, ECC and ED25519.
* Enhanced the API unit test TLS code to allow setting CA, cert and key.

* Revert ED25519 changes. Opt to calculate public key directly when required for signing in the TLS crypto callback test. Build configuration fixes.

* Fix to use proper devId in `ProcessBufferTryDecode`.

* Various build fixes due to changes in PR. G++ issue with `missing-field-initializers`. Unused api.c func with DTLS and session export. Duplicate `eccKeyPubFile` def.

* Added crypto callback TLS tests at WOLFSSL object level. Fix for ED25519/ED448 with client mutual auth where the private key is not set till WOLFSSL object. Fix issues with  `wolfSSL_CTX_GetDevId` where devId is set on WOLFSSL object. Enable the `_id` API's for crypto callbacks.

* Proper fix for `eccKeyPubFile` name conflict. Was causing RSA test to fail (expected DER, not PEM).
2021-10-07 11:12:06 +10:00
Sean Parkinson dfbdcf9400 ASN template: replicate AddAltName change in template code 2021-10-07 09:51:56 +10:00
Jacob Barthelmeh 34c9367cbe refactor location of error queue count and consolidate no error queue macro 2021-10-06 11:55:40 -06:00
David Garske 928f4ad430 Merge pull request #4452 from LinuxJedi/stm32-readme-fix
Fixes to STM32 README
2021-10-06 10:07:41 -07:00
David Garske 9f57345614 Fix for Bad memory_mutex lock on static memory cleanup (was free'ing mutex then trying to use it). 2021-10-05 13:46:42 -07:00
David Garske da15356c2a Merge pull request #4444 from anhu/pq_bench
Benchmarking the supported groups.
2021-10-05 09:52:51 -07:00
JacobBarthelmeh 43ffe26133 Merge pull request #4430 from embhorn/zd12976
Add support for X9.42 header
2021-10-05 23:47:42 +07:00
Andrew Hutchings fd54dc4838 Fixes to STM32 README
* Reordered things so that the installation of the Cube Pack comes
  before the Cube Pack usage.
* Added another way to find the pack installation menu (because I'm
  blind to the box on the screen apparently).
* Two extra steps in the Cube Pack Usage that were missing (6 & 8)
* Added syntax highlighting to the markdown.
2021-10-05 14:19:35 +01:00
David Garske 310a75ff43 Merge pull request #4449 from SparkiDev/fix_1
X509 name: remove unused variable
2021-10-04 20:01:04 -07:00
David Garske 024c59a04c Merge pull request #4439 from SparkiDev/tls13_min_down_no_ext
TLS 1.3: Check min downgrade when no extensions in ServerHello
2021-10-04 16:39:29 -07:00
Sean Parkinson 152da35ca4 X509 name: remove unused variable 2021-10-05 09:06:10 +10:00
Anthony Hu 41b9b14cfb whitespace 2021-10-04 18:35:09 -04:00
Anthony Hu f77a5e26b5 semi-colon --> colon and use wolfTLSv1_3_server_method when NO_WOLFSSL_CLIENT. 2021-10-04 18:31:28 -04:00