Commit Graph

2084 Commits

Author SHA1 Message Date
John Safranek 04ffd2ab45 Fixes:
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
John Safranek c5d575c8ae Remove RDSEED from the intel asm build. 2021-10-26 20:24:25 -05:00
John Safranek f69b6ac5eb Add missing verify curves into configure. Copy the kdf files when building for FIPSv5. 2021-10-26 20:24:25 -05:00
John Safranek 6cf186696e Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS. 2021-10-26 20:24:25 -05:00
John Safranek a967cbcb7b 56Ar3 Testing Updates
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
John Safranek a562db82ef 1. Rename and relabel the FIPS 140-3 option as wolfCrypt v5.
2. Make sure the correct SHA assembly files are copied over for the latest FIPS build.
2021-10-26 20:24:25 -05:00
John Safranek c47e354eed Add callback option for RNG seeding. 2021-10-26 20:24:25 -05:00
John Safranek e03b29966c Remove MD5 and old TLS from the newest FIPS build. 2021-10-26 20:24:25 -05:00
John Safranek 1fcf33b898 Fix another configure error due to rebase. 2021-10-26 20:24:25 -05:00
John Safranek 9656b83a03 Add ECDSA-KAT CAST. 2021-10-26 20:24:25 -05:00
John Safranek 3994a6b5e7 FIPSv3
1. Remove the CAST IDs for the redundant RSA tests.
2. Remove the flags in configure.ac that enable the keys for the redundant RSA tests.
2021-10-26 20:24:25 -05:00
John Safranek 90752e89fb Restore a configure check lost in a rebase. 2021-10-26 20:24:25 -05:00
John Safranek e67bbf7526 1. Add flag to DH keys when using safe parameters.
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
John Safranek de4af35f89 KDF Update
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
John Safranek 11fb1abe74 Fix a bad assignment in the configure script. 2021-10-26 20:24:24 -05:00
John Safranek e855654fff FIPS CAST Update
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
2021-10-26 20:24:24 -05:00
John Safranek df859d30f3 FIPS 140-3
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
2021-10-26 20:24:24 -05:00
John Safranek 1683644e77 FIPS 140-3
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
   version in the code, but that leaves DES3 out of the build. The code
   was still including the header. Force DES3 disabled in FIPS Ready
   builds.
2021-10-26 20:24:24 -05:00
John Safranek f1bd79ac50 FIPS 140-3
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
David Garske a50d1f4870 Merge pull request #4301 from julek-wolfssl/issue-4298
`mem_buf` only used with memory BIO
2021-10-18 10:29:55 -07:00
David Garske 185d48938d Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if WOLFSSL_SE050_INIT is defined. Optionally can override the portName using SE050_DEFAULT_PORT. 2021-10-11 11:53:21 -07:00
David Garske 29f051e585 Fixes and cleanups for NXP SE050 support. 2021-10-11 11:53:19 -07:00
Ethan 3f76a76c46 SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519 2021-10-11 11:52:12 -07:00
David Garske 854512105f Merge pull request #4314 from SparkiDev/libkcapi
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
Sean Parkinson e0abcca040 KCAPI: add support for using libkcapi for crypto (Linux Kernel)
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
Sean Parkinson dd6e4093b3 Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer
remove error queue from JNI build and set a default upper bound on it
2021-10-08 08:35:03 +10:00
elms 8c178118a4 Configure: add option to enable alternate certificate chains (#4455) 2021-10-07 11:14:51 +10:00
Jacob Barthelmeh 34c9367cbe refactor location of error queue count and consolidate no error queue macro 2021-10-06 11:55:40 -06:00
Jacob Barthelmeh 40ac1c4dd2 remove error queue from JNI build and put a default max on error queue size 2021-10-04 11:45:18 -06:00
David Garske 0abbd9b1ec Merge pull request #4438 from ejohnstown/dtls-big
DTLS Related Fixes
2021-10-01 13:04:20 -07:00
David Garske 97d96c6cf8 Merge pull request #4422 from haydenroche5/cmake
Add a CMake option to build wolfcrypt test and bench code as libraries.
2021-10-01 12:32:50 -07:00
John Safranek cd2bd0b7a3 Enable All Disable DTLS fixes
1. Remove mcast and jni from enable-all.
2. Add comment to DTLS section.

Testing `./configure --enable-all --disable-dtls` would leave DTLS still
enabled. enable-all was also enabling mcast, which it doesn't need to
do, that would force DTLS back on. JNI also forces DTLS on. The other
language wrappers are not included in enable-all, so leave JNI out.
2021-10-01 09:56:58 -07:00
Jacob Barthelmeh 2871fc670f initial serialization of TLS session 2021-09-27 14:00:13 -06:00
Hayden Roche 709a84f8b5 Add support for libwolfcrypttest and libwolfcryptbench to autotools flow.
These can be built by configuring with `--enable-crypttests-libs`.
2021-09-25 10:31:06 -07:00
Anthony Hu 33cb823148 Remove legacy NTRU and OQS (#4418)
* Remove NTRU and OQS

* Keep the DTLS serialization format backwards compatible.

* Remove n from mygetopt_long() call.

* Fix over-zealous deletion.

* Resolve problems found by @SparkiDev
2021-09-24 08:37:53 +10:00
John Safranek a4609c612f Merge pull request #4413 from kabuobeid/wpas_keying
Add HAVE_KEYING_MATERIAL requirement to WPAS, to use wolfSSL_export_keying_material
2021-09-23 10:20:34 -07:00
Daniel Pouzzner ec21dd6d13 miscellaneous buildability fixes:
configure.ac: fix ed25519/sha512 dependency test to not misfire when ENABLED_32BIT;

wolfssl/wolfcrypt/curve{25519,448}.h: fix redundant typedefs of curve{25519,448}_key (fixes -Wpedantic warnings);

configure.ac: fix for "ISO C forbids an empty translation unit [-Werror=pedantic]", re wolfcrypt/src/sp_c{32,64}.c;

configure.ac: fixes for --enable-32bit versus pedantic "ISO C forbids an empty translation unit", including explicit exclusion of 32bit-incompatible algorithms from enable-all and enable-all-crypto sets;

tests/api.c: fixes for a couple inadequately gated SHA2 dependencies;

tests/api.c:test_wolfSSL_set_alpn_protos(): fix prototype missing (void);

wolfcrypt/src/misc.c and wolfssl/wolfcrypt/misc.h: fix ForceZero() definition and NO_INLINE prototype to not counterfactually constify the mem ptr, to avoid -Wmaybe-uninitialized from gcc11;

wolfcrypt/src/des3.c: drop obsolete register qualifier from declaration in DesSetKey(), for c++17 compatibility;

src/ssl.c:wolfSSL_BN_mod_word(): fix cast of arg2 to mp_mod_d().
2021-09-20 13:38:52 -05:00
Kareem Abuobeid 5c3c2dd1bf Add HAVE_KEYING_MATERIAL requirement to WPAS, to use wolfSSL_export_keying_material 2021-09-17 14:53:01 -07:00
John Safranek 3503be2c13 Merge pull request #4362 from JacobBarthelmeh/wolfCLU
add wolfclu enable option and remove test macro guard
2021-09-15 13:57:50 -07:00
John Safranek 71e8d3ca3c Merge pull request #4358 from SparkiDev/arm_sha512_crypto
AARCH64 SHA512: implementation using crypto instructions added
2021-09-15 09:51:09 -07:00
Sean Parkinson 17c2e9e1cd AARCH64 SHA512: implementation using crypto instructions added
Use --enable-armasm=sha512-crypto or define WOLFSSL_ARMASM_CRYPTO_SHA512
to use SHA512 cryptographic instructions.
Checks system register for the feature before using the SHA512
instructions.
Added SHA512 input data alignment test.
Add support for SHA512/224 and SHA512/256 to ARM port.
2021-09-15 12:05:48 +10:00
David Garske 3c21996002 Merge pull request #4353 from SparkiDev/pkcs11_static_link
PKCS #11: support static linking with PKCS #11 library
2021-09-14 15:26:52 -07:00
Juliusz Sosinowicz bfbb445e06 Register cleanup with atexit for OpenSSL compat layer 2021-09-14 16:45:11 +02:00
Jacob Barthelmeh 93d805352f move setting of ENABLED_MD5 2021-09-10 12:17:11 -06:00
Jacob Barthelmeh 4844f7598e account for 32bit build with ed25519 2021-09-03 10:03:37 -06:00
Jacob Barthelmeh c412d23b07 add wolfclu enable option 2021-09-02 16:46:38 -06:00
Juliusz Sosinowicz 4a26b53dfc Changes for ED25519 and HAVE_SECRET_CALLBACK
- `HAVE_SECRET_CALLBACK` needs to have `wolfSSL_SSL_CTX_get_timeout` and `wolfSSL_SSL_get_timeout` available
- Call `wolfSSL_KeepArrays` for `HAVE_SECRET_CALLBACK`
- Increase the default `DTLS_MTU_ADDITIONAL_READ_BUFFER` and make it adjustable by the user
- Don't truncate application data returned to user in `wolfSSL_read_internal`
2021-09-02 15:58:30 +02:00
David Garske 9b6cf56a6e Expanded support for Curve25519/Curve448 and TLS v1.3 sniffer (#4335)
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.

* Fix for sniffer with TLS v1.3 session tickets.

* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).

* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.

* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.

* Fix for static ephemeral loading of file buffer.

* Added sniffer Curve25519 support and test case.

* Fix for sniffer to not use ECC for X25519 if both are set.

* Fix Curve448 public export when only private is set.

* Fix for `dh_generate_test` for small stack size.

* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.

* Fix invalid comment.
2021-09-01 09:28:24 +10:00
John Safranek ee07bd3fa9 Merge pull request #4331 from SparkiDev/jenkins_fixes_4
Jenkins nighlty fixes
2021-08-30 10:29:00 -07:00
Sean Parkinson 218f4c80f9 PKCS #11: support static linking with PKCS #11 library
--enable-pkcs11=static LIBS=-l<pkcs11 static library>
or
define HAVE_PKCS11_STATIC
2021-08-30 12:28:28 +10:00