wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 23:09:54 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,487 Commits 12 Branches 184 Tags
WCv5.0-RC9
Commit Graph

15487 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Garske
f14bd41733 Merge pull request #4359 from douzzer/fipsv3-rebased 
fips 140-3 linuxkm edition
WCv5.0-RC9 		2021-10-27 15:06:48 -07:00
Daniel Pouzzner
f413ff8b3a tls.c: TLSX_SupportedFFDHE_Set(): add handling for malloc failures. 2021-10-27 15:11:04 -05:00
Daniel Pouzzner
3a80ba6744 configure.ac: fixes for --enable-fips logic. 2021-10-26 22:51:59 -05:00
Daniel Pouzzner
d105256330 fips-check.sh: remap fips-ready target to be ready flavor of 140-3, temporarily with FIPS_VERSION="master"; add fips-v3-ready target with FIPS_VERSION="v4.1.1"; add linuxv5|linuxv5-RC9 target to be updated after merge with tags. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
d527b25034 configure.ac: FIPS: remap "ready" to be ready flavor of 140-3 (i.e. v5-ready); add v3-ready for ready flavor of 140-2. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
8ee49cd50c linuxkm: in module_hooks.c:wolfssl_init(), add support for WC_RNG_SEED_CB. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
071be3171e linuxkm: in module_hooks.c, fix logic+gating around CONFIG_MODULE_SIG and WOLFCRYPT_FIPS_CORE_DYNAMIC_HASH_VALUE. 2021-10-26 20:24:29 -05:00
John Safranek
9b5f8c84b0 Change the WIN10 project files to build for FIPS v5. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
073bef579b linuxkm: add missing #ifdef OPENSSL_EXTRA around openssl includes in module_exports.c.template, and add an assert to configure.ac disallowing linuxkm+opensslextra. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
ac8fbe3fbd ssl.c: fix a couple trivial rebase errors. 2021-10-26 20:24:29 -05:00
John Safranek
6e9f9c8fe8 Update the Windows user_settings for recent updates. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
7915f6acb0 linuxkm: add the remainder of known needed SAVE_VECTOR_REGISTERS() wrappers to PK algs, add DEBUG_VECTOR_REGISTERS_{EXIT,ABORT}_ON_FAIL options; add a slew of ASSERT_SAVED_VECTOR_REGISTERS() to sp_x86_64.c (autogenerated, separate scripts commit to follow). 2021-10-26 20:24:29 -05:00
John Safranek
75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
1d07034fb9 linuxkm: fix line length in types.h, and add #ifdef _MSC_VER #pragma warning(disable: 4127) to work around MSC bug re "conditional expression is constant"; fix flub in ecc.c. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
62c1bcae8a linuxkm: {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around RSA, DH, and ECC routines that might use sp-asm. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0eb76bcfd8 linuxkm: add missing RESTORE_VECTOR_REGISTERS() in wolfcrypt/src/poly1305.c:wc_Poly1305Update(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
85a8c06062 linuxkm: add DEBUG_VECTOR_REGISTER_ACCESS (debug feature switch), ASSERT_SAVED_VECTOR_REGISTERS, and ASSERT_RESTORED_VECTOR_REGISTERS macros, and move the fallback no-op definitions of the SAVE_VECTOR_REGISTERS and RESTORE_VECTOR_REGISTERS to types.h. also fixed several ASCII TAB characters in types.h. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e0395c6441 linuxkm: in wolfcrypt/src/sha{256,512}.c, remove {SAVE,RESTORE}_VECTOR_REGISTERS() wrappers around AVX implementations, as this needs to be refactored for efficiency and the underlying assembly is not yet kernel-compatible. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
ad4c200cd2 linuxkm: wolfcrypt/src/memory.c: in {save,restore}_vector_registers_x86(), allow for recursive calls (some crypto calls are recursive). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
fc73c6dbea linuxkm: fix Makefile to properly pivot module signature on CONFIG_MODULE_SIG==y; remove not-yet-kernel-compatible asm files from the ASFLAGS_FPU_DISABLE_SIMD_ENABLE list, matching the OBJECT_FILES_NON_STANDARD list, for clarity. 2021-10-26 20:24:28 -05:00
John Safranek
40e3cac695 Use correct value for pSz when setting the dhKeySize in the session. 2021-10-26 20:24:28 -05:00
John Safranek
f2c4567164 Like the public key, zero pad the front of the private key. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
bc91187063 tls.c:TLSX_KeyShare_GenDhKey(): fix typo. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
aca43cfe52 linuxkm/Kbuild: include -fno-omit-frame-pointer in HOST_EXTRACFLAGS, in case the target kernel has profiling enabled; remove the "always := $(hostprogs)" rule, as it doesn't work and causes warnings on kernel 5.10. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
8bdae98a93 fips-check.sh: temporarily arrange for "linuxv5" to be an alias of "linuxv5-ready", to arrange for Jenkins testing of wolfcrypt code in the PR in FIPS mode. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a3435ca062 fips-check.sh: exit (fatal error) if git fails. 2021-10-26 20:24:28 -05:00
John Safranek
f1d43f6891 Add error code for the private key read lockout. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
31f13a7f41 wolfcrypt/test/test.c: when HAVE_FIPS, wrap wc_MakeRsaKey() calls in infinite iteration while ret == PRIME_GEN_E, to inhibit nondeterministic failure mode from FIPS-limited _CheckProbablePrime() iteration. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
490a1238a8 configure.ac: refactor AC_CHECK_FILES brought in by rebase, to fix warning. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
b577984574 rsa.c: fix whitespace. 2021-10-26 20:24:28 -05:00
David Garske
3fcdcbc1f9 Fix for RSA _ifc_pairwise_consistency_test to make the async blocking. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e61d88657d WOLFSSL_ASYNC_CRYPT: in EccSharedSecret(), don't try to wolfSSL_AsyncInit() if there's no priv_key to supply an asyncDev; in RSA _ifc_pairwise_consistency_test(), disable async to force blocking crypto. 2021-10-26 20:24:28 -05:00
David Garske
303aa312a8 Fix the TLS v1.3 async key share support. Added WOLFSSL_NO_PUBLIC_FFDHE option to test without public FFDHE API's. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
75e4c0869e DH: move declaration of wc_DhPublicKeyDecode() from dh.h to asn.h (it is defined in asn.c). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
10304c9143 linuxkm: portability fix in aes.c for SAVE_VECTOR_REGISTERS() call ("embedding a directive within macro arguments is not portable"). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
c0778e5ad9 gate access to wc_Sha512.devId on !NO_SHA2_CRYPTO_CB. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
5d796ba06c settings.h: add WOLFSSL_MAKE_FIPS_VERSION(), WOLFSSL_FIPS_VERSION_CODE, and FIPS_VERSION_{LT,LE,EQ,GE,GT} macros; define NO_SHA2_CRYPTO_CB macro if HAVE_FIPS && FIPS_VERSION_LT(5,1); refactor other FIPS version dependencies in settings.h to use new macros. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0f05a71bfb linuxkm: refactor SAVE_VECTOR_REGISTERS() macro to take a fail clause as an argument, to allow the preprocessor to completely eliminate it in non-kernel builds, and for backward compat with WCv5.0-RC8. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
6160da243d linuxkm: use EXPORT_SYMBOL_NS_GPL() for exports. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
c2c2e5b4f5 tests/api.c: post_auth_version_cb(): add missing gating on !NO_ERROR_QUEUE for wolfSSL_ERR_get_error() test. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e4d075de20 src/internal.c: FreeX509(): remove redundant free of x509->CRLInfo. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
61df408d70 configure.ac: fix handling of ENABLED_FIPS->REPRODUCIBLE_BUILD_DEFAULT=yes; take JNI back out of from enable-all feature set because it adds -DNO_ERROR_QUEUE to flags; fix typo in FIPS test for --with-max-rsa-bits setup. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
32349749a6 internal.c: SendServerKeyExchange(): check retval from wc_DhGetNamedKeyParamSize(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
361559ca30 settings.h: set HAVE_PUBLIC_FFDHE as in configure.ac (FIPS v2 and SELFTEST) if it isn't already set. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
342e319870 dsa.c: fix up comment spelling/typography in wc_MakeDsaKey(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a5c03f65e3 tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
1f6eb4648e configure.ac: remove WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN from enable-all and enable-all-crypto feature sets. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
7a4ec22953 pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
fb49d814c5 configure.ac and autogen.sh: fix warnings in configure.ac, and enable WARNINGS=all,error in autogen.sh. also, remove --verbose to avoid obscuring warning output. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
f60cb94b82 wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist. 2021-10-26 20:24:28 -05:00