* Create a new method DecodePrivateKey_ex() that gets the key to decode as parameters
* Adapt DecodePrivateKey() and DecodeAltPrivateKey() to use this new method
* Fix unblinding for TLS 1.3 Dual Algorithm Certificate alternative keys
This removes a lot of nearly duplicate code and simplifies maintenance.
Branching to a common block encrypt/decrypt may work for assembly but
not always for C code.
Added option, for assembly and inline assembly, to inline block
encrypt/decrypt: WOLFSSL_ARMASM_AES_BLOCK_INLINE.
Add non-constant time implemenations of mod_inv for x64 and Aarch64
assembly.
Generate base point table, with better formatting, for double smul with
a script.
Increase Bi table size to 32 entries for 64-bit asm.
Minor improvements to double smul.
WOLFSSL_CURVE25519_NOT_USE_ED25519 to not use ed25519 base smul in
curve25519 base smul.
RHEL9 kernels (9.6+) disable RSA signing and decryption in the kernel
crypto API for security reasons (CVE-2023-6240). The kernel forcibly
overwrites akcipher sign/decrypt callbacks to return -ENOSYS, regardless
of what the driver provides.
Commit 3709c35c in the RHEL kernel:
"crypto: akcipher - Disable signing and decryption"
This affects our self-tests which call crypto_akcipher_sign() and
crypto_akcipher_decrypt(). On RHEL9, these operations return -ENOSYS
even though our driver correctly implements them.
Add compile-time checks for RHEL_RELEASE_CODE >= 9.6 to detect this
scenario and skip the affected self-tests gracefully. The tests pass
since the algorithms are registered correctly; the kernel simply
refuses to execute sign/decrypt operations as a matter of policy.
Note: encrypt and verify operations are unaffected and continue to be
tested normally.
Signed-off-by: Sameeh Jubran <sameeh@wolfssl.com>
The size of the PreMasterSecret buffer is based on the ENCRYPT_LEN
constant, which has been increased to 5kB for PQC support (Dilithium and
Falcon, as their signatures are that large).
However, only in the TLS 1.2 case, the PreMasterSecret buffer is used to
store signatures. In the TLS 1.3 path, only actual symmetric secrets are
stored in that buffer, which are much smaller in size (the "old" size of
the constant without the PQC increase).
As PQC is only allowed in TLS 1.3 and NOT in TLS 1.2, we can revert
that size increase, saving around 4,5kB of dynamic memory during the
handshake.
* Add `WOLFSSL_USER_SETTINGS` to CMake `options.h.in`
* Add CMake support for Dilithium
* Add user_settings.h support for aes_asm.S
* Add PKCS#11 support to CMake
* Minor ARM assembly port fixes
... by using the same additional includes as on Linux.
Fixes:
CC tests/api/unit_test-test_rsa.o
tests/api.c:19554:9: error: call to undeclared function 'waitpid'; ISO C99 and later do not support implicit function declarations [-Werror,-Wimplicit-function-declaration]
19554 | waitpid(pid, &waitstatus, 0);
| ^
Tested on ElectroBSD amd64 14.3-STABLE.
