Commit Graph

2084 Commits

Author SHA1 Message Date
Daniel Pouzzner a540c6ade5 configure.ac: activate opensslextra for --enable-curl even if ENABLED_OPENSSLCOEXIST; tests/api.c: in test_wolfSSL_SESSION(), use WOLFSSL_SUCCESS, not SSL_SUCCESS, in HAVE_SESSION_TICKET span reachable in non-OPENSSL_EXTRA builds. 2024-11-05 00:15:18 -06:00
Sean Parkinson 7d42ddae48 Kyber/ML-KEM: make both available
Make Kyber and ML-KEM individually available as well as at the same
time.
Modified TLS layer to support both Kyber and ML-KEM.
Added new identifiers in TLS layer for ML-KEM.
2024-11-04 23:51:51 +10:00
Daniel Pouzzner 6f7c968c56 rename MAX_CERT_VERIFY_SZ to WC_MAX_CERT_VERIFY_SZ, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h.
rename WOLFSSL_MAX_RSA_BITS to WC_MAX_RSA_BITS, and move its setup from wolfssl/internal.h to wolfssl/wolfcrypt/asn.h, preceding setup for WC_MAX_CERT_VERIFY_SZ.

configure.ac: restore opensslextra-linuxkm assertion, with a twist: "--enable-opensslextra with --enable-linuxkm-pie and without --enable-cryptonly is incompatible with --enable-linuxkm."

wolfcrypt/src/asn.c: fix trailing comma in enum.

wolfcrypt/src/port/arm/armv8-aes.c: fix wc_AesCcmEncrypt() and wc_AesCcmDecrypt() for test_wolfssl_EVP_aes_ccm_zeroLen().
2024-11-02 23:50:34 -05:00
Daniel Pouzzner 6119c52802 Merge pull request #8043 from bandi13/addCodespell
Add Codespell test to PRs
2024-11-01 21:20:29 -05:00
David Garske 836b741402 Merge pull request #8132 from douzzer/20241024-opensslcoexist-opensslextra
20241024-opensslcoexist-opensslextra
2024-11-01 14:34:11 -07:00
Andras Fekete 34298e8ada More spelling fixes 2024-11-01 12:59:01 -04:00
Daniel Pouzzner 9db74dc128 configure.ac: add AM_MAINTAINER_MODE([disable]);
add config-time assert for "dual-alg-certs is incompatible with --enable-cryptonly.";

remove obsolete config-time check for "--enable-opensslextra without --enable-cryptonly is incompatible with --enable-linuxkm.";

linuxkm/linuxkm_wc_port.h: add fallback definitions for INT32_MAX and UINT32_MAX;

linuxkm/module_exports.c.template: add wolfssl/openssl/fips_rand.h;

wolfssl/wolfcrypt/settings.h: add #undef HAVE_ATEXIT to WOLFSSL_LINUXKM settings;

wolfssl/wolfcrypt/types.h: fix trailing comma in the DYNAMIC_TYPE_* enum.
2024-11-01 11:57:36 -05:00
JacobBarthelmeh 13ad54cf46 wolfCLU added support for PKCS7 2024-11-01 09:44:46 -06:00
Daniel Pouzzner 950ee40111 additional fixes and enhancements for -DOPENSSL_EXTRA -DOPENSSL_COEXIST:
configure.ac:
* add --enable-all-osp to separate OSP meta-feature sets from --enable-all, allowing --enable-all --disable-all-osp --disable-opensslall (e.g. for testing OPENSSL_COEXIST).
* fix enable_all_crypto=yes in enable-all to be conditional on "$enable_all_crypto" = "".
* move enable_rsapss=yes from enable-all to enable-all-crypto.

examples/ and testsuite/: #undef OPENSSL_COEXIST unconditionally rather than only if defined(OPENSSL_EXTRA), to capture -DOPENSSL_EXTRA_X509_SMALL or any other such variants.
2024-10-31 13:42:04 -05:00
Daniel Pouzzner cf95fdc071 Globally remap & refactor conflicting symbols to allow -DOPENSSL_EXTRA -DOPENSSL_COEXIST, or equivalently, --enable-opensslextra --enable-opensslcoexist.
No functional changes.

Several compat symbols that were formerly enums are now macros.

All library source is refactored to use only native symbols in all code gated in with --enable-all-crypto --enable-opensslextra.

wolfcrypt/test/test.c is similarly refactored to use only native symbols.

examples/ and tests/ are unmodified except for header setup to disable OPENSSL_COEXIST and TEST_OPENSSL_COEXIST.
2024-10-31 00:10:21 -05:00
JacobBarthelmeh 8604024b95 prepare for release 5.7.4 2024-10-24 11:32:33 -06:00
Daniel Pouzzner 508555c927 configure.ac: add several missing low level crypto algorithms to all-crypto that are already included indirectly in enable-all. 2024-10-23 00:02:29 -05:00
Daniel Pouzzner 30181f2ced configure.ac: for reproducible-build, use --build-id=sha1, not --build-id=none, to support users relying on build-id in the linked object. 2024-10-23 00:02:29 -05:00
Sean Parkinson 1ce90cc8a5 Thumb2 ASM: indicated by WOLFSSL_ARMASM_THUMB2
Detecting ARM or Thumb2 is not simple so making our own define that will
work: WOLFSSL_ARMASM_THUMB2 to indicate to use Thumb2 assembly code.
2024-10-16 13:56:44 +10:00
Daniel Pouzzner 4fd33b6b5d Merge pull request #8014 from SparkiDev/lms_sha256_192
LMS: SHA-256/192 parameters
2024-10-15 17:24:46 -05:00
Sean Parkinson ae46f52a66 LMS: SHA-256/192 parameters
Add support for parameter sets with SHA-256/192.
2024-10-16 07:15:18 +10:00
Daniel Pouzzner f8da04d8b0 Merge pull request #7766 from miyazakh/zd18141_tls13_ocsp
Add OCSP response for intermediate cert into Certificate extension on TLS1.3
2024-10-11 15:49:19 -05:00
Daniel Pouzzner 12ba4355d2 configure.ac and wolfssl/wolfcrypt/settings.h: define WOLFSSL_FIPS_READY for fips=ready, WOLFSSL_FIPS_DEV for fips=dev, and add predefined override FIPS version values when defined(WOLFSSL_FIPS_READY) || defined(WOLFSSL_FIPS_DEV). 2024-10-09 17:58:31 -05:00
Hideki Miyazaki 69e390f8b9 works OCSP Stapling with TLS1.3 like OCSPv2Multi 2024-10-05 15:25:03 +09:00
Daniel Pouzzner a04871f153 examples/pem/pem.c: fix double-free introduced in 65853a41b9;
configure.ac and src/include.am: add ENABLED_ARM_THUMB, BUILD_ARM_THUMB, BUILD_ARM_NONTHUMB, ENABLED_ARM_64, BUILD_ARM_64, ENABLED_ARM_32. and BUILD_ARM_32, and use them to gate building of ARM asm files, to fix "ISO C forbids an empty translation unit" warnings (the warning only affects inline asm files, but the gating is deployed more widely).
2024-10-01 16:03:37 -05:00
JacobBarthelmeh 984dd9146f Merge pull request #8005 from ColtonWilley/copy_key_option
New option to always copy over key to SSL object
2024-09-30 14:20:07 -06:00
David Garske 2285c02f1c Merge pull request #7998 from SparkiDev/kyber_aarch64_asm
Kyber Aarch64: assembly implementations of functions
2024-09-26 11:59:06 -07:00
Sean Parkinson de657787cf Kyber Aarch64: assembly implementations of functions
Aarch64 assembly implementation of Kyber functions.
SHA-3 assembly implementations when not hardware crypto.
2024-09-26 09:10:05 +10:00
Colton Willey 1a4b821c64 Add pthread link for liboqs testing 2024-09-23 11:46:19 -07:00
Daniel Pouzzner 55cd8a800f FIPS v5 gating fixes:
configure.ac:
* fix logic in "Forcing off" test expressions, first flubbed in 19106a9510;
* fix auto-enable of compkey to exclude v5 even if v5-dev.

src/tls13.c: fix gating for HKDF _ex() variants (>=6.0, not >=5.3).

wolfcrypt/src/error.c: snip out stray spaces at start of several ECC error message strings.

wolfcrypt/test/test.c:
* in render_error_message(), use wolfSSL_ERR_reason_error_string() if available rather than wc_GetErrorString(), to render non-wolfcrypt error strings;
* in ecc_test_deterministic_k(), ecc384_test_deterministic_k(), ecc521_test_deterministic_k(), on FIPS <6.0, gate out SHA384 and SHA512 tests (FIPS v5 only supports SHA256 in wc_ecc_gen_deterministic_k());
* in cmac_test(), gate use of wc_AesCmacGenerate_ex() and wc_AesCmacVerify_ex() on >=6.0, not >=5.3.
2024-09-20 13:53:36 -05:00
Andras Fekete bd77ee4f37 FIPS defines RSA_MIN_SIZE and users may want to override 2024-09-18 10:28:10 -04:00
Andras Fekete 41b3a729d2 Engine needs to have a RSA_MIN_SIZE=1024 2024-09-17 17:36:37 -04:00
Daniel Pouzzner 80f3b0d3d8 Merge pull request #7926 from philljj/x509_acert_support
x509 attribute cert support
2024-09-14 00:30:29 -05:00
Daniel Pouzzner 84f0800b96 configure.ac:
* set DEFAULT_ENABLED_ALL_ASM=no if enable_afalg or ENABLED_32BIT;
* omit enable_srtp_kdf from enable-all-crypto if enable_afalg.

linuxkm: add GetCAByAKID to wolfssl_linuxkm_pie_redirect_table.

src/x509.c: in GenerateDNSEntryIPString(), use XMEMSET() to initialize tmpName, not = {0}, to avoid unmaskable compiler emission of memset() call.

wolfssl/openssl/ssl.h: add OPENSSL_EXTRA to an existing OPENSSL_ALL-gated section, consistent with gating of correspinding section in wolfssl/ssl.h.

wolfssl/wolfcrypt/settings.h: adopt setup for WOLFSSL_SP_NO_UMAAL from wolfssl/wolfcrypt/sp_int.h now that it's used by wolfcrypt/src/port/arm/thumb2-poly1305-asm.S.
2024-09-13 18:01:11 -05:00
jordan 7faed6cded X509 attribute cert (acert) support. 2024-09-13 08:03:55 -05:00
Daniel Pouzzner 3fac3b71ca configure.ac:
* move leanpsk and asn option processing early to make their results available to existing math back end selector logic;
* add -DWOLFSSL_ASN_ALL to enable-all-crypto;
* tweak asn option processing to preserve "original" value in case later configure logic wants to pivot on that.
2024-09-12 13:29:02 -05:00
Daniel Pouzzner 98a51029f8 configure.ac: in --enable-all-asm handler, support only x86_64 and aarch64, and enable sp-asm only for them, to avoid "ASM not available for CPU" error from sp-asm handler. 2024-09-12 13:29:01 -05:00
Daniel Pouzzner 428e15816f configure.ac:
* in handling for enable-all-asm, add check for full Gnu C and don't auto-enable all-asm unless full Gnu C and enable-all-crypto, among other sanity checks.
* in enable-all and enable-all-crypto, correctly conditionalize several FIPS-v6-only features/algorithms.
* in FIPS v5 setup, force off SRTP and SRTP-KDF (with warnings).
2024-09-12 13:29:01 -05:00
Daniel Pouzzner 1b0ef048ba configure.ac: move handling for enable-all-asm to precede handling for enable-all-crypto, and compute DEFAULT_ENABLED_ALL_ASM appropriately. 2024-09-12 13:29:01 -05:00
Daniel Pouzzner 430d104430 configure.ac: render warnings when FIPS setup forces off options supplied to configure. 2024-09-12 13:29:01 -05:00
Daniel Pouzzner 723d8efd1c configure.ac: consolidate enable-all-crypto settings in one place. 2024-09-12 13:29:01 -05:00
Daniel Pouzzner cf8f9a80fc configure.ac: add --enable-all-asm, and add it to --enable-all and --enable-all-crypto. 2024-09-12 13:29:01 -05:00
Daniel Pouzzner 3cb66ad18a configure.ac: update help and error messages re fastmath. 2024-09-12 13:29:01 -05:00
Sean Parkinson 652158fcac Dilithium: Support FIPS 204 Draft
Compile with WOLFSSL_DILITHIUM_FIPS204_DRAFT to get code that implements
the FIPS-204 August 2023 DRAFT.
Alternatively, --enable-dilithium=draft or
--enable-dilithium=fips204-draft
2024-08-28 11:02:01 +10:00
Sean Parkinson 60f438f0c3 Dilithum, Kyber: Update to final specification
FIPS 203 and FIPS 204 final specification changes.
2024-08-26 17:42:27 +10:00
David Garske 4f4fb4bd0a Merge pull request #7888 from douzzer/20240820-configure-silent
20240820-configure-silent
2024-08-20 05:35:23 -07:00
Daniel Pouzzner 0becc347b1 configure.ac: inhibit options.h reminder message when --quiet. 2024-08-20 00:25:15 -05:00
suzuki toshiya e417091f61 [configure.ac] spell out RFC 5322 "date" format for POSIX-conforming "date" with no extension.
Following to the advice by Daniel Pouzzner (see the discussion in the issue #7874),
no need to invoke "env" command to set LC_TIME.

* IEEE Std 1003.1-2024 does not request the "-R" option:
	https://pubs.opengroup.org/onlinepubs/9799919799/

* Default "date" in Solaris 11.4 does not support "-R":
	https://docs.oracle.com/cd/E88353_01/html/E37839/date-1.html
* Default "date" in HP-UX 11.22 does not support "-R":
	https://man.freebsd.org/cgi/man.cgi?query=date&apropos=0&sektion=0&manpath=HP-UX+11.22&arch=default&format=html
* Default "date" in AIX 7 does not support "-R":
	https://www.ibm.com/docs/en/aix/7.3?topic=d-date-command
2024-08-18 15:50:54 +09:00
Daniel Pouzzner b412e5f24e Merge pull request #7879 from dgarske/options_h
Improve wolfssl/options.h issues
2024-08-16 23:54:54 -05:00
Daniel Pouzzner 9a693f5e65 Merge pull request #7876 from mpsuzuki/fix-config-stray-redirect
Using ">>" with no command in configure can be ambigious for some ancient /bin/sh.
2024-08-16 15:38:39 -05:00
David Garske a9be38eaf0 Improve wolfssl/options.h issues. Fixes #7853. 2024-08-15 15:49:43 -07:00
David Garske 1190d1bafe Merge pull request #7873 from SparkiDev/riscv-poly1305-asm
RISC-V 64 ASM: Add Poly1305 implementation
2024-08-15 09:40:06 -07:00
suzuki toshiya bbdf7fc1b0 [configure.ac] ">>" without preceding command does not work in traditional Bourne shell. 2024-08-15 13:59:16 +09:00
Sean Parkinson 3ade7a875e RISC-V 64 ASM: Add Poly1305 implementation
Implementation using standard and vector instructions.
2024-08-15 09:01:34 +10:00
Brett Nicholas 8df5d61179 add optional cryptocb test disable macro to wolfCrypt tests 2024-08-12 15:16:33 -06:00