wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2026-01-28 10:52:21 +01:00
Code Issues Packages Projects Releases Wiki Activity
15,669 Commits 12 Branches 184 Tags
WCv5.2.3-RSA-SWITCH
Commit Graph

1167 Commits

Author SHA1 Message Date
John Safranek
13871cf547 Set RC10 to be the default v5 FIPS build. 2021-11-15 10:03:50 -08:00
John Safranek
0d465cf42f Add AES-OFB to FIPSv5 build as v5-RC10 (5,2) 2021-11-15 10:03:49 -08:00
Daniel Pouzzner
97557ed29b linuxkm: add --enable-benchmark switch (default yes) and BUILD_BENCHMARK conditional to configure.ac to allow build with testwolfcrypt but without benchmark; change gate in wolfcrypt/benchmark/include.am from if !BUILD_LINUXKM to if BUILD_BENCHMARK. 2021-11-08 18:25:15 -06:00
Daniel Pouzzner
59ec9fc285 configure.ac: refactor setup for --enable-reproducible-build; remove mutex between --enable-sp-math and --enable-sp-math-all (they can now coexist); whitespace cleanup. 2021-11-08 17:35:10 -06:00
Sean Parkinson
dd833807d8 Merge pull request #4523 from dgarske/nxp_se050_fixes 
Fixes for NXP SE050 ECC create and key store id
 2021-11-09 08:56:03 +10:00
David Garske
2abb2eae7d Changed NXP SE050 to not use symmetric offloading by default. If desired use WOLFSSL_SE050_HASH and WOLFSSL_SE050_CRYPT. 2021-11-02 12:00:24 -07:00
Jacob Barthelmeh
ac5e9e5e7c bump to dev version and touch up readme 2021-11-01 15:50:03 -06:00
Jacob Barthelmeh
d869c60605 prepare for release v5.0.0 2021-11-01 11:43:25 -06:00
Juliusz Sosinowicz
a6be157628 Gate new AKID functionality on WOLFSSL_AKID_NAME 2021-10-28 14:50:53 +02:00
Daniel Pouzzner
3a80ba6744 configure.ac: fixes for --enable-fips logic. 2021-10-26 22:51:59 -05:00
Daniel Pouzzner
d527b25034 configure.ac: FIPS: remap "ready" to be ready flavor of 140-3 (i.e. v5-ready); add v3-ready for ready flavor of 140-2. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
073bef579b linuxkm: add missing #ifdef OPENSSL_EXTRA around openssl includes in module_exports.c.template, and add an assert to configure.ac disallowing linuxkm+opensslextra. 2021-10-26 20:24:29 -05:00
John Safranek
75df6508e6 Add a read enable for private keys when in FIPS mode. 2021-10-26 20:24:29 -05:00
Daniel Pouzzner
490a1238a8 configure.ac: refactor AC_CHECK_FILES brought in by rebase, to fix warning. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
61df408d70 configure.ac: fix handling of ENABLED_FIPS->REPRODUCIBLE_BUILD_DEFAULT=yes; take JNI back out of from enable-all feature set because it adds -DNO_ERROR_QUEUE to flags; fix typo in FIPS test for --with-max-rsa-bits setup. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
1f6eb4648e configure.ac: remove WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN from enable-all and enable-all-crypto feature sets. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
fb49d814c5 configure.ac and autogen.sh: fix warnings in configure.ac, and enable WARNINGS=all,error in autogen.sh. also, remove --verbose to avoid obscuring warning output. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
0231446006 configure.ac: don't warn about loading real async files if async.c is present and non-empty. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f9627e4b14 configure.ac: for --enable-fips, make v5 an alias for v5-RC8 (alias to be updated after newer lab-approved snapshots are tagged), and add v5-ready and a placeholder v5-REL. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
1c27654300 configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
22f947edd6 configure.ac and wolfssl/wolfcrypt/asn_public.h: add --enable-fips=v5-RC8 for use with WCv5.0-RC8 codebase; add HAVE_FIPS_VERSION_MINOR, and refactor main $ENABLED_FIPS switch to set HAVE_FIPS_VERSION and if applicable HAVE_FIPS_VERSION_MINOR for use in subsequent tests and the main FIPS setup code; in asn_public.h, use HAVE_FIPS_VERSION_MINOR to exclude declaration of wc_RsaKeyToPublicDer() when building FIPS WCv5.0-RC8. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8c3cbf84f9 add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
7b40cd6cef configure.ac: fips tweaks: add --enable-fips=disabled to allow non-fips build in a fips tree, for convenient testing; add ENABLED_SHAKE256=no override to fipsv5 setup; don't add an RSA_MAX_SIZE setting to AM_CFLAGS when FIPS, to avoid a conflict with old rsa.h. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
19b33d5a76 configure.ac: don't include rc2 in enable-all or enable-all-crypto (memory leaks). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9e3fb73567 configure.ac: improvement for enable-all and enable-all-crypto: 
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;

add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;

add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);

add ssh, rc2 and srp to all-crypto;

reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32 fixes for issues identified by Jenkins run: 
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
947a0d6a2f autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS; 
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;

add support for EXTRA_CFLAGS on the make command line;

in FIPS builds, exclude pkcallbacks from --enable-all;

linuxkm: move test.o out of PIE container (uses function pointers as operands).
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
cdcb8fb9da configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
64bfe81ff5 configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible". 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
89797db946 configure.ac: enable_stunnel for enable-all only if !FIPS; add enable_tcpdump if !FIPS; add -DWOLFSSL_ECDSA_SET_K to FIPS 140-3 CFLAGS; use DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS to set FP_MAX_BITS indirectly for FIPS 140-3; use AC_MSG_NOTICE() for informational notices previously echoed; gate informational output appropriately on $verbose and $silent. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek
b00b95ef6c Cofactor flag in wolfcrypt test needed a guard. 2021-10-26 20:24:26 -05:00
John Safranek
f53a4db4e7 Unwind a few changes adding guards so it'll build with old FIPS. 2021-10-26 20:24:26 -05:00
John Safranek
04ffd2ab45 Fixes: 
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
 2021-10-26 20:24:26 -05:00
John Safranek
c5d575c8ae Remove RDSEED from the intel asm build. 2021-10-26 20:24:25 -05:00
John Safranek
f69b6ac5eb Add missing verify curves into configure. Copy the kdf files when building for FIPSv5. 2021-10-26 20:24:25 -05:00
John Safranek
6cf186696e Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS. 2021-10-26 20:24:25 -05:00
John Safranek
a967cbcb7b 56Ar3 Testing Updates 
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
 2021-10-26 20:24:25 -05:00
John Safranek
a562db82ef 1. Rename and relabel the FIPS 140-3 option as wolfCrypt v5. 
2. Make sure the correct SHA assembly files are copied over for the latest FIPS build.
 2021-10-26 20:24:25 -05:00
John Safranek
c47e354eed Add callback option for RNG seeding. 2021-10-26 20:24:25 -05:00
John Safranek
e03b29966c Remove MD5 and old TLS from the newest FIPS build. 2021-10-26 20:24:25 -05:00
John Safranek
1fcf33b898 Fix another configure error due to rebase. 2021-10-26 20:24:25 -05:00
John Safranek
9656b83a03 Add ECDSA-KAT CAST. 2021-10-26 20:24:25 -05:00
John Safranek
3994a6b5e7 FIPSv3 
1. Remove the CAST IDs for the redundant RSA tests.
2. Remove the flags in configure.ac that enable the keys for the redundant RSA tests.
 2021-10-26 20:24:25 -05:00
John Safranek
90752e89fb Restore a configure check lost in a rebase. 2021-10-26 20:24:25 -05:00
John Safranek
e67bbf7526 1. Add flag to DH keys when using safe parameters. 
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
 2021-10-26 20:24:25 -05:00
John Safranek
de4af35f89 KDF Update 
1. Move wolfSSH's KDF into wolfCrypt.
 2021-10-26 20:24:24 -05:00
John Safranek
11fb1abe74 Fix a bad assignment in the configure script. 2021-10-26 20:24:24 -05:00
John Safranek
e855654fff FIPS CAST Update 
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
 2021-10-26 20:24:24 -05:00
John Safranek
df859d30f3 FIPS 140-3 
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
   testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
   EccMakeKey().
 2021-10-26 20:24:24 -05:00