wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-29 13:02:13 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,433 Commits 12 Branches 184 Tags
255d2d650f0e15d82adddee276fa316c4b1cfdd4
Commit Graph

15433 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
255d2d650f rsa.c: add missing WOLFSSL_ASYNC_CRYPT clauses to _ifc_pairwise_consistency_test(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87b965c964 include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0f407b4bfc test.c: fix indirection flubs in _ASYNC_CRYPT parts of ecc_test_sign_vectors(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f264741aa0 benchmark.c: fix -Wstringop-truncation in _ASYNC_CRYPT bench_stats_add(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0231446006 configure.ac: don't warn about loading real async files if async.c is present and non-empty. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
3745b1c9db linuxkm: fix clean rules/definitions to not pick up top level Makefile, and to clean up empty object directories. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8e131620ae .gitignore: add linuxkm/libwolfssl.lds 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
14f39f07a2 fips-check.sh: add linuxv5-ready (--enable-fips=v5-ready). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f9627e4b14 configure.ac: for --enable-fips, make v5 an alias for v5-RC8 (alias to be updated after newer lab-approved snapshots are tagged), and add v5-ready and a placeholder v5-REL. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
5ef97acbab types.h: add back missing WC_HASH_TYPE_MAX to enum wc_HashType when HAVE_FIPS_VERSION <= 2 (now WC_HASH_TYPE_BLAKE2S, since SHAKE is now excluded from the enum). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
40c32081bb types.h: rename STRINGIFY() macro to WC_STRINGIFY(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
e3989edd39 wolfcrypt/benchmark/benchmark.c: fix typo. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
4a451caf7b src/sniffer.c: fix rebase errors. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
834efe4ff6 fips-check.sh: update to test 140-3 using --enable-fips=v5-RC8 and the WCv5.0-RC8 version tags. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
db26e0a40a Makefile.am: .build_params belongs in DISTCLEANFILES, not CLEANFILES. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9f36df44a4 wolfssl/wolfcrypt/types.h: define WOLFSSL_NOSHA512_224, WOLFSSL_NOSHA512_256, and WOLFSSL_NO_SHAKE256 in SELFTEST/FIPS<=v2 version of enum wc_HashType definition, to assure synchrony. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
1c27654300 configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
aa6ca43e91 api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
22f947edd6 configure.ac and wolfssl/wolfcrypt/asn_public.h: add --enable-fips=v5-RC8 for use with WCv5.0-RC8 codebase; add HAVE_FIPS_VERSION_MINOR, and refactor main $ENABLED_FIPS switch to set HAVE_FIPS_VERSION and if applicable HAVE_FIPS_VERSION_MINOR for use in subsequent tests and the main FIPS setup code; in asn_public.h, use HAVE_FIPS_VERSION_MINOR to exclude declaration of wc_RsaKeyToPublicDer() when building FIPS WCv5.0-RC8. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8c3cbf84f9 add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
7b40cd6cef configure.ac: fips tweaks: add --enable-fips=disabled to allow non-fips build in a fips tree, for convenient testing; add ENABLED_SHAKE256=no override to fipsv5 setup; don't add an RSA_MAX_SIZE setting to AM_CFLAGS when FIPS, to avoid a conflict with old rsa.h. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
083b97c5a3 tls.c: fix rebase error in TLSX_KeyShare_FreeAll(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
19b33d5a76 configure.ac: don't include rc2 in enable-all or enable-all-crypto (memory leaks). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b77000bcfb add smallstack codepath to ecc_test_sign_vectors(), and add missing rc2.h include to linuxkm/module_exports.c.template. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9e3fb73567 configure.ac: improvement for enable-all and enable-all-crypto: 
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;

add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;

add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);

add ssh, rc2 and srp to all-crypto;

reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
fae342940c .gitignore: add .build_params. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
d39d389c6e aes.c: in CheckAesGcmIvSize(), don't disallow GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b93a18b34e src/internal.c: in SendServerKeyExchange() case diffie_hellman_kea, #ifdef HAVE_SECURE_RENEGOTIATION, enlarge buffers.serverDH_Pub.buffer to accomodate larger new key replacing smaller old key, whether or not ssl->namedGroup is set (copy-paste of existing in !ssl->namedGroup path). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32 fixes for issues identified by Jenkins run: 
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87578262aa wolfcrypt smallstack refactors: 
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0f201a7394 wolfcrypt/types.h: revert change to WOLFSSL_LINUXKM XFREE() macro added in commit "remove frivolous semicolons at end of several macro definitions." 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
947a0d6a2f autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS; 
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;

add support for EXTRA_CFLAGS on the make command line;

in FIPS builds, exclude pkcallbacks from --enable-all;

linuxkm: move test.o out of PIE container (uses function pointers as operands).
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f1c1f76851 ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
ddda108de6 sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
cdcb8fb9da configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
220a255281 use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
1e3d47af57 remove frivolous semicolons at end of several macro definitions. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
64bfe81ff5 configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible". 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
2bf711341b wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
4cf1826c8f PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash(). 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
cff7c5b3c0 wolfcrypt/benchmark/benchmark.c: in bench_dh(), add a missing #ifdef HAVE_PUBLIC_FFDHE around a DhParams use. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
8de8af8b43 wolfcrypt/test/test.c: disable hmac_md5_test() for FIPS 140-3, and rename hkdf_test to wc_hkdf_test to eliminate namespace collision. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
89797db946 configure.ac: enable_stunnel for enable-all only if !FIPS; add enable_tcpdump if !FIPS; add -DWOLFSSL_ECDSA_SET_K to FIPS 140-3 CFLAGS; use DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS to set FP_MAX_BITS indirectly for FIPS 140-3; use AC_MSG_NOTICE() for informational notices previously echoed; gate informational output appropriately on $verbose and $silent. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
5293180566 linuxkm/module_exports.c.template: tweaks for FIPS compatibility. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
ed33315f25 wolfcrypt/src/sp_int.c: add pragma to sp_set() to suppress false positive -Warray-bounds on gcc-11. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
54b3f1b252 src/tls.c:TLSX_KeyShare_GenDhKey(): don't generate a key if one is already set. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
34e88b0605 linuxkm: properly pass {AM_,}CPPFLAGS to Kbuild, and include kdf.h in module_exports.c.template. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek
b615309a7b update FFDHE4096 test with the updated usage 2021-10-26 20:24:26 -05:00
John Safranek
c31ed64eb5 Add guard around the public key check for DH to skip it when we have 
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
 2021-10-26 20:24:26 -05:00