Commit Graph

2084 Commits

Author SHA1 Message Date
Chris Conlon 9892ae0cb3 Enable DTLS 1.3 by default in --enable-jni build 2025-02-20 15:05:56 -07:00
Sean Parkinson 82b50f19c6 ML-KEM/Kyber: improvements
ML-KEM/Kyber:
  MakeKey call generate random once only for all data.
  Allow MakeKey/Encapsulate/Decapsulate to be compiled separately.
  Pull out public key decoding common to public and private key decode.
Put references to FIPS 140-3 into code. Rename variables to match FIPS
140-3.
  Fix InvNTT assembly code for x64 - more reductions.
  Split out ML-KEM/Kyber tests from api.c.

TLSX:
Store the object instead of the private key when WOLFSSL_MLKEM_CACHE_A
is defined or WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ. Faster decapsulation
when A is cached and object stored.
To store private key as normal define
WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY.

misc.c: when Intel x64 build, assume able to read/write unaligned
2025-02-20 08:14:15 +10:00
Marco Oliverio d7711f04ab openssl compat: skip OCSP response verification in statusCb
This aligns with OpenSSL behavior
2025-02-17 08:58:02 +00:00
Daniel Pouzzner 39ed0eabff configure.ac: fix handling of --enable-wolfEntropy (don't re-default to no in following --enable-entropy-memuse clause). 2025-02-14 15:39:42 -06:00
Daniel Pouzzner e806bd76bb Merge pull request #8445 from SparkiDev/perf_improv_1
Performance improvements
2025-02-13 23:25:47 -06:00
Sean Parkinson 9253d1d3ac ML-KEM/Kyber: cache A from key generation for decapsulation
Matrix A is expensive to calculate.
Usage of ML-KEM/Kyber is
  1. First peer generates a key and sends public to second peer.
2. Second peer encapsulates secret with public key and sends to first
peer.
3. First peer decapsulates (including encapsulating to ensure same as
seen) with key from key generation.
Caching A keeps the matrix A for encapsulation part of decapsulation.
The matrix needs to be transposed for encapsulation.
2025-02-13 10:12:05 +10:00
Sean Parkinson bfd52decb6 Performance improvements
AES-GCM: don't generate M0 when using assembly unless falling back to C
and then use new assembly code.
HMAC: add option to copy hashes (--enable-hash-copy
-DWOLFSSL_HMAC_COPY_HASH) to improve performance when using the same key
for multiple operations.
2025-02-13 09:55:55 +10:00
Andrew Hutchings 8870b76c26 Fix SE050 Port
The SE050 port won't compile in the latest wolfSSL. This patch:

* Updates the documentation
* Fixes a missing `#ifdef` that breaks the build
* Changes the use of `mp_int` to `MATH_INT_T`
* Fixes compiler error with `ecc.c`
* Adds a tiny bit of extra debugging info
2025-02-10 14:27:28 +00:00
Anthony Hu f86b19dd30 Fix some typoes around Kyber and Dilithium 2025-01-31 10:13:39 -05:00
Juliusz Sosinowicz c5ad780798 Force experimental flag to enable ascon 2025-01-29 11:02:47 +01:00
Juliusz Sosinowicz e3a612300b Initial ASCON hash256 and AEAD128 support based on NIST SP 800-232 ipd
Implemented based on the NIST Initial Public Draft "NIST SP 800-232 ipd". Testing based on KAT's available at https://github.com/ascon/ascon-c. Added configuration for testing in github action.
2025-01-29 11:02:47 +01:00
Daniel Pouzzner 2eb775d5c3 configure.ac: add enable_dtls_mtu, enable_dtlscid, and enable_dtls_frag_ch to features disabled when $ENABLED_TLS" = "no". 2025-01-28 09:46:39 -06:00
Juliusz Sosinowicz 8ca59242a2 Expand enable-all
- Add dtls mtu to enable-all
- Add dtls 1.3 to enable-all
- Add dtls cid to enable-all
- Add dtls ch frag to enable-all
2025-01-27 13:38:00 +01:00
Daniel Pouzzner bd014e02e0 configure.ac: tweaks for clarity 2025-01-24 16:09:43 -06:00
Daniel Pouzzner 6102dafa48 configure.ac: require explicit arg for --enable-fips. 2025-01-22 12:48:52 -06:00
Daniel Pouzzner ad5018ee5d configure.ac: fix --enable-debug-trace-errcodes=backtrace with --enable-reproducible-build: don't add -g0 to CFLAGS when both are enabled, because -g0 makes backtracing impossible. 2025-01-08 15:59:11 -06:00
Sean Parkinson 7d3ee74a71 Aarch64 ASM: Use CPU features for more
AES GCM streaming - fix GHASH_ONE_BLOCK to use CPU feature information.
AES-GCM uses EOR3 (SHA-3 instruction) - split assembly code.
Kyber uses SQRDMLSH - split assembly code.

Changed define from WOLFSSL_AARCH64_NO_SQRMLSH to
WOLFSSL_AARCH64_NO_SQRDMLSH to match instruction.

Improved array data format for inline assembly code.
2025-01-02 19:56:04 +10:00
JacobBarthelmeh 70e41d1ed1 prepare for release 5.7.6 2024-12-31 08:27:53 -07:00
Sean Parkinson 93812e4286 Merge pull request #8289 from JacobBarthelmeh/harden
add option for additional sanity checks
2024-12-24 09:17:08 +10:00
JacobBarthelmeh ee9b88541f change default to no for --enable-faultharden 2024-12-23 13:51:30 -07:00
Daniel Pouzzner 994f218fcb src/ssl.c and wolfssl/internal.h: gate in wolfSSL_get_ciphers_compat() in OPENSSL_EXTRA builds, so that --with-sys-crypto-policy works with OPENSSL_EXTRA but without OPENSSL_ALL.
configure.ac: more fixes for FIPS v6 armasm settings, re ENABLED_ARMASM_CRYPTO.
2024-12-19 14:29:39 -06:00
jordan b5c47d27e0 fedora crypto-policies: initial support. 2024-12-18 16:56:36 -06:00
Sean Parkinson ba050d6a3f Merge pull request #8296 from douzzer/20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes
20241217-FIPS-v6-ENABLED_ARMASM_CRYPTO-fixes
2024-12-18 15:27:08 +10:00
David Garske 356889a528 Add --disable-tls option that can be used with --enable-all to disable TLS features and set NO_TLS. Useful for allowing certificate manager and crypto compatibility API's only. 2024-12-17 13:40:03 -08:00
Daniel Pouzzner 7b57ef4912 configure.ac: fix faulty logic in FIPS v6 feature calculation re ENABLED_ARMASM_CRYPTO, originally added in 6e0a90190f. 2024-12-17 12:21:47 -06:00
Daniel Pouzzner 5aeabbfa3c Merge pull request #8245 from julek-wolfssl/mbed-interop
Add CID interop with mbedtls
2024-12-16 23:04:19 -06:00
Daniel Pouzzner b5935f38d7 Merge pull request #8282 from SparkiDev/iphone_no_sha3_instrs
MacOS: allow SHA-3 instructions to be explicitly not used
2024-12-16 16:55:09 -06:00
Daniel Pouzzner fd22bfc0b7 Merge pull request #8293 from SparkiDev/aarch64_no_crypto
Aarch64: make code compile when no hardware crypto avail
2024-12-16 14:57:53 -06:00
Sean Parkinson 514a92d6ee Aarch64: make code compile when no hardware crypto avail
Detects availability of instructions for Aarch64.
2024-12-16 17:46:08 +10:00
David Garske 71325a2a32 Revert "Aarch64: make code compile when no hardware crypto avail" 2024-12-13 13:52:53 -08:00
JacobBarthelmeh f0f50f1837 add option for additional sanity checks 2024-12-13 14:42:51 -07:00
JacobBarthelmeh d7e40e7413 Merge pull request #8264 from dgarske/various_20241206
Various cleanups and fixes
2024-12-13 13:48:10 -07:00
JacobBarthelmeh e76e0e33fd Merge pull request #8283 from rlm2002/enableAlwaysKeepSNI
WOLFSSL_ALWAYS_KEEP_SNI enabled by default with --enable-jni
2024-12-13 13:32:47 -07:00
David Garske 79d9b2d6c3 Merge pull request #8277 from SparkiDev/aarch64_no_crypto
Aarch64: make code compile when no hardware crypto avail
2024-12-12 15:49:57 -08:00
Sean Parkinson 24bb2b7fab Aarch64: make code compile when no hardware crypto avail
Detects availability of instructions for Aarch64.
2024-12-13 09:16:11 +10:00
Ruby Martin b34a39a6bc WOLFSSL_ALWAYS_KEEP_SNI enabled by default with --enable-jni 2024-12-12 15:49:47 -07:00
Sean Parkinson 2aacc7cd87 MacOS: allow SHA-3 instructions to be explicitly not used
Some iPads and iPhones don't support SHA-3 instructions.
Allow SHA-3 instructions to explicitly not be used for these devices.
2024-12-13 08:25:39 +10:00
Daniel Pouzzner d257a59087 add support for WOLFSSL_NO_OPTIONS_H:
* activate WOLFSSL_NO_OPTIONS_H in linuxkm/Kbuild for in-module test.o and benchmark.o.
* refine explanatory comments in settings.h re WOLFSSL_USE_OPTIONS_H, WOLFSSL_NO_OPTIONS_H, and WOLFSSL_CUSTOM_CONFIG.
* add safety catch to options.h/options.h.in to inhibit inclusion if defined(WOLFSSL_NO_OPTIONS_H).
* for good measure, add explicit check for WOLFSSL_NO_OPTIONS_H to wolfcrypt/benchmark/benchmark.c and wolfcrypt/test/test.c.
2024-12-10 13:02:37 -06:00
Juliusz Sosinowicz 0e8320347c CID also supported in DTLS 1.2 2024-12-09 12:09:54 +01:00
David Garske 017f931f8b Various cleanups and fixes:
* Fix to properly set configure.ac LMS/XMSS enables and build of those code files.
* Remove duplicate aes.c `wc_AesSetKeyLocal` call to `wc_AesSetIV`. Moved earlier in function in commit a10260ca5f.
* Benchmark missing time.h with NO_ASN_TIME.
* Added option to support disabling AES CFB 1/8 `WOLFSSL_NO_AES_CFB_1_8`.
* Fixes for building with combinations of `WOLFSSL_RSA_VERIFY_ONLY` and `WOLFSSL_RSA_PUBLIC_ONLY`.
* Fix for building `--enable-stacksize=verbose` with single threaded.
* Various tab and formatting cleanups.
ZD 18996
2024-12-06 16:45:33 -08:00
Daniel Pouzzner 37acac2eb3 configure.ac: fix SC1105 ("Shells disambiguate (( differently or not at all."). 2024-12-06 13:01:40 -06:00
Daniel Pouzzner 66c874bded configure.ac: add --enable-fips=cert4718 alias for v5, and make --enable-fips=v5 set FIPS to 5.2.1; set DEF_FAST_MATH and DEF_SP_MATH to "no" when "yes" would conflict with user-supplied arguments. 2024-12-06 13:01:40 -06:00
David Garske 57e1bf9fba Fixes for building with SP RSA small and RSA Public only. ZD 18996 2024-11-27 13:26:45 -08:00
Daniel Pouzzner d85c108952 wolfssl/wolfcrypt/error-crypt.h, wolfcrypt/src/error.c: add WC_FAILURE ("wolfCrypt generic failure") with value -1, for traceable error return of -1 in wolfCrypt.
configure.ac: add OPENSSL_EXTRA to --enable-wolfsentry.

linuxkm/linuxkm_wc_port.h, linuxkm/module_hooks.c, wolfssl/ssl.h: accommodate backward dependencies for wolfSSL_X509_NAME_add_entry_by_NID, wolfSSL_X509_NAME_free, and wolfSSL_X509_NAME_new_ex.

linuxkm/lkcapi_glue.c: if CONFIG_CRYPTO_MANAGER, assert match of CONFIG_CRYPTO_FIPS and HAVE_FIPS.

src/ssl_crypto.c, wolfcrypt/src/wc_lms.c, wolfcrypt/src/wc_lms_impl.c, wolfcrypt/src/wc_xmss.c, wolfcrypt/test/test.c: add missing casts for XMALLOC()s.

src/ssl_crypto.c: in wolfSSL_AES_decrypt(), fix gate for wc_AesDecryptDirect() return type.

wolfcrypt/test/test.c: smallstack refactor in test_dilithium_decode_level().

tests/api.c: fix uninited vars and "embedding a directive within macro arguments is not portable" in test_wc_dilithium_der().
2024-11-21 21:59:26 -06:00
David Garske 3444d5c526 Fixes from compatibility header decoupling PR #8182. Fixes issue with wolfEngine and wolfProvider. Change behavior for openssl compatibility headers to be installed unless --enable-opensslextra=noinstall is used. Removed dependency on X509 small with SESSION_CERTS, KEEP_PEER_CERTS and KEEP_OUR_CERT. 2024-11-21 12:09:57 -08:00
David Garske ef67b1c06a Support for building without wolfssl/openssl header files. ZD 18465
* Fix for `TlsSessionCacheGetAndLock` that was not checking the sessionIDSz, so could return a pointer to an invalid session (if 0's). Resolves issue with `test_wolfSSL_CTX_sess_set_remove_cb` test.
* Fix cast warning with `HAVE_EX_DATA` in Windows VS.
* Fix openssl_extra without PKCS12.
* Refactor the EX data crypto and session API's to gate on `HAVE_EX_DATA_CRYPTO`.
* Grouped the EX data API's in ssl.h
* Moved API's in ssl.h to separate the compatibility ones from ours.
2024-11-20 12:32:32 -08:00
Sean Parkinson 886f5b0a5b Kyber: fixes to configure and wolfSSL_get_curve_name
Remote original-only option for kyber in configure.ac.
Default is ML-KEM only.
original is Kyber only.
ml-lem is ML-KEM.
to have both: all,original,ml-kem.

Use WOLFSSL_NO_ML_KEM* instead of WOLFSSL_WC_ML_KEM_* which requires the
inclusion of kyber headers.
2024-11-14 16:25:41 +10:00
Daniel Pouzzner 165b4afbeb Merge pull request #8143 from SparkiDev/kyber_plus_mlkem
Kyber/ML-KEM: make both available
2024-11-09 00:09:51 -06:00
Daniel Pouzzner aa18bbca55 assorted cleanups and refactors for C89 conformance, codespell and check-source-text, and consistent heap shim usage.
.github/workflows/codespell.yml: remove */README_jp.txt from "skip" list.

IDE/Renesas/cs+/Projects/t4_demo/README_jp.txt: convert from SHIFT_JIS to UTF-8.

cmake/options.h.in: use "#cmakedefine HAVE_PTHREAD 1" to avoid conflict with config.h.

configure.ac: add --enable-c89, and remove !ENABLED_OPENSSLEXTRA dependency from AM_CONDITIONAL([BUILD_CRYPTONLY],...).

wolfcrypt/src/asn.c: refactor SetOthername() for efficiency, and add PRAGMA_GCC to suppress false positive -Wstringop-overflow associated with -fstack-protector.

wolfssl/wolfcrypt/rsa.h: add WC_ prefixes to RSA_PKCS1_PADDING_SIZE and RSA_PKCS1_OAEP_PADDING_SIZE, and define unprefixed compat aliases only if !OPENSSL_COEXIST.

wolfssl/wolfcrypt/types.h:

  #ifdef WOLF_C89, #define WC_BITFIELD unsigned;
  enhance WOLF_ENUM_DUMMY_LAST_ELEMENT() to include the line number, to construct unique labels given a per-filename argument, to accommodate anonymous enums.

examples/asn1/asn1.c:
examples/client/client.c:
examples/pem/pem.c:
examples/server/server.c:
wolfcrypt/src/sp_dsp32.c:
wolfcrypt/src/wc_port.c:
wolfssl/test.h:

  use XMALLOC/XREALLOC/XFREE consistently, not malloc/realloc/free.

wolfcrypt/benchmark/benchmark.c:
wolfcrypt/src/memory.c:
wolfcrypt/test/test.c:
wolfssl/wolfcrypt/mem_track.h:
wolfssl/wolfcrypt/settings.h:
wolfssl/wolfcrypt/types.h:

  annotate intentional native heap access with "/* native heap */".

wolfcrypt/src/asn.c:
wolfssl/callbacks.h:
wolfssl/openssl/ec.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/hpke.h:
wolfssl/wolfcrypt/types.h:

  fix enum trailing commas.

wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/rsa.h:
wolfssl/openssl/ssl.h:

  use WC_BITFIELD in bitfield elements, not byte or word16, to allow for pedantic C89 conformant builds.

wolfssl/openssl/ec.h:
wolfssl/openssl/evp.h:
wolfssl/openssl/pem.h:
wolfssl/openssl/ssl.h:
wolfssl/wolfcrypt/logging.h:
avoid variadic macros wherever possible, and where unavoidable, #ifdef WOLF_NO_VARIADIC_MACROS, define them with empty arg lists, rather than ..., to support Watcom compiler.

wolfssl/wolfcrypt/settings.h: if defined(__WATCOMC__), define WOLF_NO_VARIADIC_MACROS.
2024-11-07 22:36:24 -06:00
David Garske b648d35449 Merge pull request #8138 from JacobBarthelmeh/wolfclu_config
wolfCLU added support for PKCS7
2024-11-07 12:44:06 -08:00