mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
15,654 Commits 5 Branches 162 Tags
Commit Graph

15654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Daniel Pouzzner
342e319870 dsa.c: fix up comment spelling/typography in wc_MakeDsaKey(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
a5c03f65e3 tests/api.c: fix test_CryptoCb_Func() to not attempt signing op on ephemeral ECC keys. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
1f6eb4648e configure.ac: remove WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN from enable-all and enable-all-crypto feature sets. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
7a4ec22953 pkcs7.c: further smallstack refactor of PKCS7_EncodeSigned(). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
fb49d814c5 configure.ac and autogen.sh: fix warnings in configure.ac, and enable WARNINGS=all,error in autogen.sh. also, remove --verbose to avoid obscuring warning output. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
f60cb94b82 wolfcrypt/src/include.am and src/include.am: don't disrupt modtimes of fips/async source files if they already exist. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
ab4c96292b autogen.sh: disable WARNINGS=all until autotools config is fixed. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e894340a64 tls13.c: mac2hash(): accommodate scenario where all hashes are gated out of the build (peer review). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
972c6c032e ssl.c: clean up MD5->SHA refactor of wolfSSL_LH_strhash() (peer review). 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
e9332c1ce4 autogen.sh: refactor to not disrupt modtimes of fips/async source files if they already exist. also, assert success on any file ops, and properly export WARNINGS to autoreconf. 2021-10-26 20:24:28 -05:00
Daniel Pouzzner
255d2d650f rsa.c: add missing WOLFSSL_ASYNC_CRYPT clauses to _ifc_pairwise_consistency_test(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87b965c964 include.am: in FIPS clauses, include wolfcrypt/src/aes_gcm_asm.S in src_libwolfssl_la_SOURCES when BUILD_AESNI, regardless of BUILD_INTELASM, as in the corresponding non-FIPS clause. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0f407b4bfc test.c: fix indirection flubs in _ASYNC_CRYPT parts of ecc_test_sign_vectors(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f264741aa0 benchmark.c: fix -Wstringop-truncation in _ASYNC_CRYPT bench_stats_add(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0231446006 configure.ac: don't warn about loading real async files if async.c is present and non-empty. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
3745b1c9db linuxkm: fix clean rules/definitions to not pick up top level Makefile, and to clean up empty object directories. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8e131620ae .gitignore: add linuxkm/libwolfssl.lds 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
14f39f07a2 fips-check.sh: add linuxv5-ready (--enable-fips=v5-ready). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f9627e4b14 configure.ac: for --enable-fips, make v5 an alias for v5-RC8 (alias to be updated after newer lab-approved snapshots are tagged), and add v5-ready and a placeholder v5-REL. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
5ef97acbab types.h: add back missing WC_HASH_TYPE_MAX to enum wc_HashType when HAVE_FIPS_VERSION <= 2 (now WC_HASH_TYPE_BLAKE2S, since SHAKE is now excluded from the enum). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
40c32081bb types.h: rename STRINGIFY() macro to WC_STRINGIFY(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
e3989edd39 wolfcrypt/benchmark/benchmark.c: fix typo. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
4a451caf7b src/sniffer.c: fix rebase errors. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
834efe4ff6 fips-check.sh: update to test 140-3 using --enable-fips=v5-RC8 and the WCv5.0-RC8 version tags. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
db26e0a40a Makefile.am: .build_params belongs in DISTCLEANFILES, not CLEANFILES. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9f36df44a4 wolfssl/wolfcrypt/types.h: define WOLFSSL_NOSHA512_224, WOLFSSL_NOSHA512_256, and WOLFSSL_NO_SHAKE256 in SELFTEST/FIPS<=v2 version of enum wc_HashType definition, to assure synchrony. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
1c27654300 configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
aa6ca43e91 api.c: skip test_wolfSSL_EVP_PBE_scrypt() when FIPS 140-3 (test uses impermissibly short HMAC key). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
22f947edd6 configure.ac and wolfssl/wolfcrypt/asn_public.h: add --enable-fips=v5-RC8 for use with WCv5.0-RC8 codebase; add HAVE_FIPS_VERSION_MINOR, and refactor main $ENABLED_FIPS switch to set HAVE_FIPS_VERSION and if applicable HAVE_FIPS_VERSION_MINOR for use in subsequent tests and the main FIPS setup code; in asn_public.h, use HAVE_FIPS_VERSION_MINOR to exclude declaration of wc_RsaKeyToPublicDer() when building FIPS WCv5.0-RC8. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
8c3cbf84f9 add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
7b40cd6cef configure.ac: fips tweaks: add --enable-fips=disabled to allow non-fips build in a fips tree, for convenient testing; add ENABLED_SHAKE256=no override to fipsv5 setup; don't add an RSA_MAX_SIZE setting to AM_CFLAGS when FIPS, to avoid a conflict with old rsa.h. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
083b97c5a3 tls.c: fix rebase error in TLSX_KeyShare_FreeAll(). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
19b33d5a76 configure.ac: don't include rc2 in enable-all or enable-all-crypto (memory leaks). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b77000bcfb add smallstack codepath to ecc_test_sign_vectors(), and add missing rc2.h include to linuxkm/module_exports.c.template. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
9e3fb73567 configure.ac: improvement for enable-all and enable-all-crypto: 
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;

add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;

add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);

add ssh, rc2 and srp to all-crypto;

reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
fae342940c .gitignore: add .build_params. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
d39d389c6e aes.c: in CheckAesGcmIvSize(), don't disallow GCM_NONCE_MIN_SZ for FIPS 140-3, i.e. always allow it. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
b93a18b34e src/internal.c: in SendServerKeyExchange() case diffie_hellman_kea, #ifdef HAVE_SECURE_RENEGOTIATION, enlarge buffers.serverDH_Pub.buffer to accomodate larger new key replacing smaller old key, whether or not ssl->namedGroup is set (copy-paste of existing in !ssl->namedGroup path). 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
67db7b7f32 fixes for issues identified by Jenkins run: 
Makefile.am: clean .build_params file;

ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();

move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);

fix new unused-label defect in wc_ecc_shared_secret_gen_sync();

fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);

fix NO_INLINE ForceZero() prototype;

ecc.c: add missing if (err == MP_OKAY) in build_lut();

wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;

ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;

WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
87578262aa wolfcrypt smallstack refactors: 
rsa.c: wc_CompareDiffPQ()

dh.c: wc_DhGenerateParams()

dsa.c: wc_MakeDsaKey() wc_MakeDsaParameters()

srp.c: wc_SrpGetVerifier() wc_SrpSetPrivate() wc_SrpGetPublic()

ecc.c: build_lut() wc_ecc_mulmod_ex() wc_ecc_mulmod_ex2() wc_ecc_shared_secret_gen_sync()

test.c: GenerateNextP() dh_generate_test() GenerateP()
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
0f201a7394 wolfcrypt/types.h: revert change to WOLFSSL_LINUXKM XFREE() macro added in commit "remove frivolous semicolons at end of several macro definitions." 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
947a0d6a2f autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS; 
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;

add support for EXTRA_CFLAGS on the make command line;

in FIPS builds, exclude pkcallbacks from --enable-all;

linuxkm: move test.o out of PIE container (uses function pointers as operands).
 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
f1c1f76851 ssl.c: refactor wolfSSL_LH_strhash() to use SHA1 instead of MD5, to eliminate dependency on deprecated alg. 2021-10-26 20:24:27 -05:00
Daniel Pouzzner
ddda108de6 sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
cdcb8fb9da configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
220a255281 use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
1e3d47af57 remove frivolous semicolons at end of several macro definitions. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
64bfe81ff5 configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible". 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
2bf711341b wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner
4cf1826c8f PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash(). 2021-10-26 20:24:26 -05:00