3a80ba6744
configure.ac: fixes for --enable-fips logic.
2021-10-26 22:51:59 -05:00
d527b25034
configure.ac: FIPS: remap "ready" to be ready flavor of 140-3 (i.e. v5-ready); add v3-ready for ready flavor of 140-2.
2021-10-26 20:24:29 -05:00
073bef579b
linuxkm: add missing #ifdef OPENSSL_EXTRA around openssl includes in module_exports.c.template, and add an assert to configure.ac disallowing linuxkm+opensslextra.
2021-10-26 20:24:29 -05:00
75df6508e6
Add a read enable for private keys when in FIPS mode.
2021-10-26 20:24:29 -05:00
490a1238a8
configure.ac: refactor AC_CHECK_FILES brought in by rebase, to fix warning.
2021-10-26 20:24:28 -05:00
61df408d70
configure.ac: fix handling of ENABLED_FIPS->REPRODUCIBLE_BUILD_DEFAULT=yes; take JNI back out of from enable-all feature set because it adds -DNO_ERROR_QUEUE to flags; fix typo in FIPS test for --with-max-rsa-bits setup.
2021-10-26 20:24:28 -05:00
1f6eb4648e
configure.ac: remove WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN from enable-all and enable-all-crypto feature sets.
2021-10-26 20:24:28 -05:00
fb49d814c5
configure.ac and autogen.sh: fix warnings in configure.ac, and enable WARNINGS=all,error in autogen.sh. also, remove --verbose to avoid obscuring warning output.
2021-10-26 20:24:28 -05:00
0231446006
configure.ac: don't warn about loading real async files if async.c is present and non-empty.
2021-10-26 20:24:27 -05:00
f9627e4b14
configure.ac: for --enable-fips, make v5 an alias for v5-RC8 (alias to be updated after newer lab-approved snapshots are tagged), and add v5-ready and a placeholder v5-REL.
2021-10-26 20:24:27 -05:00
1c27654300
configure.ac and wolfssl/wolfcrypt/types.h: don't change wc_HashType for FIPS <= v2 (reverts commit 56843fbefd as it affected that definition); add -DWOLFSSL_NOSHA512_224 -DWOLFSSL_NOSHA512_256 to FIPS v2 and v3.
2021-10-26 20:24:27 -05:00
22f947edd6
configure.ac and wolfssl/wolfcrypt/asn_public.h: add --enable-fips=v5-RC8 for use with WCv5.0-RC8 codebase; add HAVE_FIPS_VERSION_MINOR, and refactor main $ENABLED_FIPS switch to set HAVE_FIPS_VERSION and if applicable HAVE_FIPS_VERSION_MINOR for use in subsequent tests and the main FIPS setup code; in asn_public.h, use HAVE_FIPS_VERSION_MINOR to exclude declaration of wc_RsaKeyToPublicDer() when building FIPS WCv5.0-RC8.
2021-10-26 20:24:27 -05:00
8c3cbf84f9
add missing gating around WOLFSSL_NO_SHAKE256, WOLFSSL_NOSHA512_224, and WOLFSSL_NOSHA512_256.
2021-10-26 20:24:27 -05:00
7b40cd6cef
configure.ac: fips tweaks: add --enable-fips=disabled to allow non-fips build in a fips tree, for convenient testing; add ENABLED_SHAKE256=no override to fipsv5 setup; don't add an RSA_MAX_SIZE setting to AM_CFLAGS when FIPS, to avoid a conflict with old rsa.h.
2021-10-26 20:24:27 -05:00
19b33d5a76
configure.ac: don't include rc2 in enable-all or enable-all-crypto (memory leaks).
2021-10-26 20:24:27 -05:00
9e3fb73567
configure.ac: improvement for enable-all and enable-all-crypto:
...
remove haproxy from enable-all set, to avoid SECURE_RENEGOTIATION;
add enable-aescbc-length-checks to enable-all-crypto set, inadvertently omitted;
add enable-base16 to all (where it was implicit) and to all-crypto (where it was missing);
add ssh, rc2 and srp to all-crypto;
reorder the portion of the enable-all set that's common with enable-all-crypto, to have matching order.
2021-10-26 20:24:27 -05:00
67db7b7f32
fixes for issues identified by Jenkins run:
...
Makefile.am: clean .build_params file;
ecc.c: fix misplaced gat #endif in wc_ecc_shared_secret_gen_sync();
move AM_CFLAGS+=-include /.build_params to before AC_SUBST([]AM_CFLAGS);
fix new unused-label defect in wc_ecc_shared_secret_gen_sync();
fix integer.[ch] mp_exch() to return int not void (sp_exch() and TFM mp_exch() can both fail on allocations);
fix NO_INLINE ForceZero() prototype;
ecc.c: add missing if (err == MP_OKAY) in build_lut();
wolfcrypt/test/test.c: revert "rename hkdf_test to wc_hkdf_test to eliminate namespace collision", restoring unconditional static qualifier, to fix crash at return from main() on Xilinx Zynq ARM test;
ecc.c: refactor build_lut() flow control to fix uninited variable scenario found by scan-build;
WOLFCRYPT_ONLY and OPENSSL_EXTRA: fix gating to allow successful build with --enable-all-crypto, and add configure error if crypt-only and opensslall are combined.
2021-10-26 20:24:27 -05:00
947a0d6a2f
autotools/Makefiles: enable reproducible build by default for FIPS, and add -DHAVE_REPRODUCIBLE_BUILD to AM_CFLAGS;
...
refactor the HAVE_WC_INTROSPECTION mechanism to pass build params via $output_objdir/.build_params rather than abusing autotools config.h to pass them;
add support for EXTRA_CFLAGS on the make command line;
in FIPS builds, exclude pkcallbacks from --enable-all;
linuxkm: move test.o out of PIE container (uses function pointers as operands).
2021-10-26 20:24:27 -05:00
cdcb8fb9da
configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section.
2021-10-26 20:24:26 -05:00
64bfe81ff5
configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible".
2021-10-26 20:24:26 -05:00
89797db946
configure.ac: enable_stunnel for enable-all only if !FIPS; add enable_tcpdump if !FIPS; add -DWOLFSSL_ECDSA_SET_K to FIPS 140-3 CFLAGS; use DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS to set FP_MAX_BITS indirectly for FIPS 140-3; use AC_MSG_NOTICE() for informational notices previously echoed; gate informational output appropriately on $verbose and $silent.
2021-10-26 20:24:26 -05:00
b673622322
FIPS 140-3 misc fixes including fixes for rebase errors.
2021-10-26 20:24:26 -05:00
b00b95ef6c
Cofactor flag in wolfcrypt test needed a guard.
2021-10-26 20:24:26 -05:00
f53a4db4e7
Unwind a few changes adding guards so it'll build with old FIPS.
2021-10-26 20:24:26 -05:00
04ffd2ab45
Fixes:
...
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
2021-10-26 20:24:26 -05:00
c5d575c8ae
Remove RDSEED from the intel asm build.
2021-10-26 20:24:25 -05:00
f69b6ac5eb
Add missing verify curves into configure. Copy the kdf files when building for FIPSv5.
2021-10-26 20:24:25 -05:00
6cf186696e
Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS.
2021-10-26 20:24:25 -05:00
a967cbcb7b
56Ar3 Testing Updates
...
1. Add PCTs for ECC and FFC.
2. Update the public key checks for ECC and FFC.
2021-10-26 20:24:25 -05:00
a562db82ef
1. Rename and relabel the FIPS 140-3 option as wolfCrypt v5.
...
2. Make sure the correct SHA assembly files are copied over for the latest FIPS build.
2021-10-26 20:24:25 -05:00
c47e354eed
Add callback option for RNG seeding.
2021-10-26 20:24:25 -05:00
e03b29966c
Remove MD5 and old TLS from the newest FIPS build.
2021-10-26 20:24:25 -05:00
1fcf33b898
Fix another configure error due to rebase.
2021-10-26 20:24:25 -05:00
9656b83a03
Add ECDSA-KAT CAST.
2021-10-26 20:24:25 -05:00
3994a6b5e7
FIPSv3
...
1. Remove the CAST IDs for the redundant RSA tests.
2. Remove the flags in configure.ac that enable the keys for the redundant RSA tests.
2021-10-26 20:24:25 -05:00
90752e89fb
Restore a configure check lost in a rebase.
2021-10-26 20:24:25 -05:00
e67bbf7526
1. Add flag to DH keys when using safe parameters.
...
2. The LN check is skipped when using safe parameters.
3. Enable all FFDHE parameter sets when building for FIPS 140-3.
2021-10-26 20:24:25 -05:00
de4af35f89
KDF Update
...
1. Move wolfSSH's KDF into wolfCrypt.
2021-10-26 20:24:24 -05:00
11fb1abe74
Fix a bad assignment in the configure script.
2021-10-26 20:24:24 -05:00
e855654fff
FIPS CAST Update
...
1. Added a public API to run a CAST.
2. Added the other test certs for the RSA tests.
3. Added IDs for the new RSA tests and the SHA3-pairwise test.
2021-10-26 20:24:24 -05:00
df859d30f3
FIPS 140-3
...
1. Change the internal version number for the FIPS 140-3 changes as v4.
2. Insert v3 as an alias for FIPS Ready.
3. Use the correct directory for the FIPS old files sources. (For local
testing of 140-3 builds.)
4. Change back the check for the FIPS version in internal.c for
EccMakeKey().
2021-10-26 20:24:24 -05:00
1683644e77
FIPS 140-3
...
1. Fix issue with FIPS Ready and FIPS 140-3. FR acts at the latest
version in the code, but that leaves DES3 out of the build. The code
was still including the header. Force DES3 disabled in FIPS Ready
builds.
2021-10-26 20:24:24 -05:00
f1bd79ac50
FIPS 140-3
...
1. Added enable option for FIPS 140-3 in configure script.
2. Modify DES3 source to disallow DES3 for the new option.
3. Added the new constants to fips_test.h.
4. Added some new test functions.
5. Added API for doing the POST.
6. Added a processing state for the CASTs.
7. Delete some unused prototypes from FIPS test API.
2021-10-26 20:24:24 -05:00
a50d1f4870
Merge pull request #4301 from julek-wolfssl/issue-4298
...
`mem_buf` only used with memory BIO
2021-10-18 10:29:55 -07:00
185d48938d
Fixes for building NXP SE050. Add support for automatic initialization of the SE050 if `WOLFSSL_SE050_INIT` is defined. Optionally can override the `portName` using `SE050_DEFAULT_PORT`.
2021-10-11 11:53:21 -07:00
29f051e585
Fixes and cleanups for NXP SE050 support.
2021-10-11 11:53:19 -07:00
3f76a76c46
SE050 port with support for RNG, SHA, AES, ECC (sign/verify/shared secret) and ED25519
2021-10-11 11:52:12 -07:00
854512105f
Merge pull request #4314 from SparkiDev/libkcapi
...
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
2021-10-07 21:23:05 -07:00
e0abcca040
KCAPI: add support for using libkcapi for crypto (Linux Kernel)
...
RSA, DH and ECC not testable as no Linux Kernel driver to use.
ECC implementation is customer specific.
2021-10-08 09:07:22 +10:00
dd6e4093b3
Merge pull request #4448 from JacobBarthelmeh/Compatibility-Layer
...
remove error queue from JNI build and set a default upper bound on it
2021-10-08 08:35:03 +10:00
Daniel Pouzzner
John Safranek
David Garske
Ethan
Sean Parkinson