* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
For user_settings.h builds, .S assembly files need to include user_settings.h
in order to get the defines used by the build. However, a user_settings.h may
contain code only understood by a C compiler and not the assembler (e.g. a
typedef). This commit makes it so our autotools and CMake builds produce a file
user_settings_asm.h when doing a user_settings.h build. This generated header
contains only the preprocessor directives from the user_settings.h. As a result,
it can be safely included by our assembly code files.
* add Versal specific glue
The same structure of an "XSecure client" is used throughout the API's,
therefor define it once and re-use in all clients.
* integrate Versal AES-GCM engine
* integrate Versal SHA3-384 engine
* add versal support to tests
- There's no intermediate-hash API for Versal.
* add specific test with large AAD
Test only with `n*16 byte` wide chunks of AAD, so it gets processed in the
hardware engine.
* add specific test with misaligned AES-GCM arguments
* integrate Versal RSA engine
* disable failing RSA test-case when Xilinx Crypto is enabled
* introduce define `WOLFSSL_XILINX_CRYPT_VERSAL`
* integrate Versal TRNG engine
* allow using Versal TRNG w/o wolfcrypt DRBG
Versal TRNG already provides a HRNG mode which does the same as the
wolfcrypt DRBG implementation.
* add support for user-supplied nonce to Versal TRNG
* add `wc_XsecureErrorToString()` to map PLM error codes to messages.
* integrate Versal EcDSA engine
* update tests to work with Versal EcDSA
If deterministic K is enabled, the tests failed here since the Versal
EcDSA engine doesn't support the SECP256R1 curve yet.
* Xilinx crypto engines like aligned memory very much
Make this a default choice, not via the user configuration.
* add Xilinx-specific `WOLFSSL_MSG()` equivalent
`WOLFSSL_XIL_MSG()` does the same as `WOLFSSL_MSG()` besides waiting for
1 second before printing to stdout, since the PLM maybe prints to same and
outputs would be mixed up.
This waiting can be disabled by defining `WOLFSSL_XIL_MSG_NO_SLEEP`.
* add option to enable DPA CounterMeasures in AES-GCM crypto engine
* add "command mode" to Xilinx bare-metal example
* update Xilinx default user settings
* add script to execute benchmarks
* add scripts to create graphics
* add Vitis 2022.1 example projects
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
src/internal.c: use XMEMCMP(), not ==, to compare array elements (fixes conflict of 74408e3ee3 vs 617eda9d44);
fix spelling of NAMEDGROUP_LEN (was NAMEDGREOUP_LEN);
src/ssl.c: in CheckcipherList() and wolfSSL_parse_cipher_list(), use XMEMCPY(), not XSTRNCPY(), to avoid (benign) -Wstringop-truncation;
scripts/sniffer-tls13-gen.sh: fix for shellcheck SC2242 (exit 1, not -1).
* Adds stateful handling of DH shared secret computation in `SetupKeys`.
* Improved the decrypt handling to use internal functions and avoid generating alerts on failures.
* Fix for sniffer resume due to missing `sessionIDSz` broken in #4807.
* Fix sniffer test cases to split resume (session_ticket) tests.
* Add `snifftest` list of build features so test script can gate running resume test.
in scripts/tls13.test, use fips-compatible server-side cipher suite for "TLS v1.3 cipher suite mismatch" test, and modernize some syntax;
in configure.ac, omit earlydata from enable-all when asynccrypt, pending fix;
also in configure.ac, fix AC_CHECK_DECLS()-overriding-AC_CHECK_FUNCS() kludge, to fix CPPFLAGS=-std=c99 builds.
in scripts/ocsp.test, don't call ping.test when $AM_BWRAPPED = yes (ping is setuid, so fails under bwrap);
in scripts/unit.test.in, don't bwrap if $AM_BWRAPPED = yes (double-bwrapping always fails);
in testsuite/testsuite.c testsuite_test(), build tempName using tempDir, and try to assign tempDir from XGETENV("TMPDIR"), fallback to hardcoded "/tmp".
When compiling for QEMU, the gethostbyname call doesn't have access to
the OS DNS.
Implemented a lookup of hostname that uses the system command host.
Fix for QEMU Aarch64 where 'char' is unsigned and the -1 return is being
converted to 255 in wolfSSL_OPENSSL_hexchar2int().
Test TLSv1.3 with www.google.com if wolfSSL supports it.
CMAC: cannot cast size_t* to word32* when big-endian.
SP math all: Random prime - munge bits before moving them around for
big-endian.
BIO, no filesystem: Allow BIO_prinf to be used with mem BIO.
* Fixes for building with Ed/Curve25519 only. Fix for IoT safe demo to exit after running once. Added `WOLFSSL_DH_EXTRA` to `--enable-all` and `--enable-sniffer`. Cleanup uses of `==` in configure.ac. Various spelling fixes.
* Fix for sniffer with TLS v1.3 session tickets.
* Fix for ASN Template Ed25519 key export (missing version / not setting OID correctly).
* Add key import/export support for Curve25519/Curve448. Refactor of the 25519/448 ASN code to combine duplicate code.
* Refactor of Curve25519 code. Improved public key export to handle generation when only private is set. Improved private scalar buffer sizing.
* Fix for static ephemeral loading of file buffer.
* Added sniffer Curve25519 support and test case.
* Fix for sniffer to not use ECC for X25519 if both are set.
* Fix Curve448 public export when only private is set.
* Fix for `dh_generate_test` for small stack size.
* Reduce stack size use on new asymmetric DER import/export functions. Cleanup pub length calc.
* Fix invalid comment.
SHAKE-256 is off by default now. Make sure WOLFSSL_SHAKE256 doesn't make
it into options.h.
Fix openssl.test usage of ed25519 certificates.
Add scripts that regenerate certificates
Need to check if `unit.test` was run from make process and set
different path to run unit test executable.
Writing files in the dist is not allowed during distcheck so write
files to subdirectory used build during distmake
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
- I observed that client TX throughput < client RX throughput, but server TX
throughput > server RX throughput. Turns out this is just a typo in the
printing of the stats. The RX stat was being printed as the TX stat and vice-
versa.
- I added a note to scripts/benchmark.test about a 2 second sleep we do waiting
for the server to come up. If you were to time this script with the time
command, you'll see that 2 seconds in the result, which might be confusing
if you didn't realize the sleep was there.
Andras Fekete
David Garske
Daniel Pouzzner
Juliusz Sosinowicz
Hayden Roche
Steffen Jaeckel
kaleb-himes
Marco Oliverio
Lealem Amedie
Sean Parkinson
Hideki Miyazaki
Anthony Hu
Elms
JacobBarthelmeh
Tesfa Mael
John Safranek
toddouska