WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
15,504 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

15504 Commits (6bb7e3900e2e90df17f3d1a2aaef7f3609b64c9c)

Author SHA1 Message Date
Daniel Pouzzner ddda108de6 sp_int.c:sp_set(): use PRAGMA_GCC_* macros, not ad hoc gated __Pragmas, to mask spurious -Warray-bounds. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner cdcb8fb9da configure.ac: revert change (AC_MSG_NOTICE reverted to AC_MSG_ERROR) for "FIPS source tree used for non-FIPS build"; in enable_all set, move enable_stunnel and enable_tcpdump to the !ENABLED_LINUXKM_DEFAULTS section. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 220a255281 use WOLFSSL_BIO_ERROR, not SOCKET_INVALID (both macros have value -1), as the default/unset value of WOLFSSL_BIO.num, to avoid unnecessary dependency on HAVE_SOCKADDR. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 1e3d47af57 remove frivolous semicolons at end of several macro definitions. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 64bfe81ff5 configure.ac: test for cryptonly && opensslextra, if so error "mutually incompatible". 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 2bf711341b wolfcrypt/test/test.c: use HAVE_FIPS_VERSION, not FIPS_VERSION. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 4cf1826c8f PRAGMA_GCC_*: refactor macros to properly push a context, and refactor their use in src/tls13.c:DeriveKey() to deal with gcc context quirks that otherwise disabled the warning mask when defined(HAVE_FIPS); add a missing #ifndef NO_MD5 in ssl.c:wolfSSL_LH_strhash(). 2021-10-26 20:24:26 -05:00
Daniel Pouzzner cff7c5b3c0 wolfcrypt/benchmark/benchmark.c: in bench_dh(), add a missing #ifdef HAVE_PUBLIC_FFDHE around a DhParams use. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 8de8af8b43 wolfcrypt/test/test.c: disable hmac_md5_test() for FIPS 140-3, and rename hkdf_test to wc_hkdf_test to eliminate namespace collision. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 89797db946 configure.ac: enable_stunnel for enable-all only if !FIPS; add enable_tcpdump if !FIPS; add -DWOLFSSL_ECDSA_SET_K to FIPS 140-3 CFLAGS; use DEFAULT_MAX_CLASSIC_ASYM_KEY_BITS to set FP_MAX_BITS indirectly for FIPS 140-3; use AC_MSG_NOTICE() for informational notices previously echoed; gate informational output appropriately on $verbose and $silent. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 5293180566 linuxkm/module_exports.c.template: tweaks for FIPS compatibility. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner ed33315f25 wolfcrypt/src/sp_int.c: add pragma to sp_set() to suppress false positive -Warray-bounds on gcc-11. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 54b3f1b252 src/tls.c:TLSX_KeyShare_GenDhKey(): don't generate a key if one is already set. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner 34e88b0605 linuxkm: properly pass {AM_,}CPPFLAGS to Kbuild, and include kdf.h in module_exports.c.template. 2021-10-26 20:24:26 -05:00
Daniel Pouzzner b673622322 FIPS 140-3 misc fixes including fixes for rebase errors. 2021-10-26 20:24:26 -05:00
John Safranek b615309a7b update FFDHE4096 test with the updated usage 2021-10-26 20:24:26 -05:00
John Safranek c31ed64eb5 Add guard around the public key check for DH to skip it when we have 
the condition to perform the small key test. The small key is
mathematically valid, but does not necessarily pass the SP 800-56Ar3
test for DH keys. The most recent FIPS build will add the tested file.
This change is only used in the older FIPS releases and in some rare
configurations that include the small key test.
 2021-10-26 20:24:26 -05:00
John Safranek aeb8f5bb51 For the WIN10 user_settings, remove the forced set of FIPS version to 5. 2021-10-26 20:24:26 -05:00
John Safranek b00b95ef6c Cofactor flag in wolfcrypt test needed a guard. 2021-10-26 20:24:26 -05:00
John Safranek f53a4db4e7 Unwind a few changes adding guards so it'll build with old FIPS. 2021-10-26 20:24:26 -05:00
John Safranek b54459ace3 When the ECC PCT verify result is 0, the PCT fails. 2021-10-26 20:24:26 -05:00
John Safranek 175bab9a6f Add missed step in DH key pair generation. 2021-10-26 20:24:26 -05:00
John Safranek b815939c53 Add missing settings for the Windows 10 FIPS build. 2021-10-26 20:24:26 -05:00
John Safranek f42106201a In the RSA PCT, initialize the plain output pointer. 2021-10-26 20:24:26 -05:00
John Safranek aa3fb6f0d0 Update visibility on a SP math function for DH. 2021-10-26 20:24:26 -05:00
John Safranek 04ffd2ab45 Fixes: 
1. When enabling FIPSv5 in configure, enable WOLFSSL_WOLFSSH.
2. Appropriate size selection of DH private keys.
 2021-10-26 20:24:26 -05:00
John Safranek 3eaeaf3a57 Add sign/verify PCT to ECC. 2021-10-26 20:24:25 -05:00
John Safranek 9bf36f329a Add sign/verify PCT to RSA key gen. 2021-10-26 20:24:25 -05:00
John Safranek 5d7c6dda72 Restore the PCTs to ECC and DH. 2021-10-26 20:24:25 -05:00
John Safranek 1065d2accf Fix some Windows build warnings. 2021-10-26 20:24:25 -05:00
John Safranek 9022762e5a Check to see if a pointer is nonnull that is expected to be. 2021-10-26 20:24:25 -05:00
John Safranek 908ec9b14a Modify ffdhe to not return addresses. 2021-10-26 20:24:25 -05:00
John Safranek ebdadefb9a Update WIN10 user_settings.h for new FIPS build. 2021-10-26 20:24:25 -05:00
John Safranek f49a09749e When building for FIPS, the unit test will run all the CASTs up front. 2021-10-26 20:24:25 -05:00
John Safranek 52432382a2 Add kdf.c to the Windows builds. 2021-10-26 20:24:25 -05:00
John Safranek 82e63cee1e Remove the unused ECDSA PCT tests in the CAST list. 2021-10-26 20:24:25 -05:00
John Safranek ae7a2e5a48 Remove the unused RSA PCT test in the CAST list. 2021-10-26 20:24:25 -05:00
John Safranek 7af87e5b32 Restore the HKDF code to hmac.c. For compatibility between FIPS builds. 2021-10-26 20:24:25 -05:00
John Safranek 54a1b4c881 Remove redundant pairwise test from DH and ECC. 2021-10-26 20:24:25 -05:00
John Safranek c5d575c8ae Remove RDSEED from the intel asm build. 2021-10-26 20:24:25 -05:00
John Safranek f69b6ac5eb Add missing verify curves into configure. Copy the kdf files when building for FIPSv5. 2021-10-26 20:24:25 -05:00
John Safranek c0e6a55aaa Skip the small key DH test for SP and FFDHE builds. 2021-10-26 20:24:25 -05:00
John Safranek 3b5c8231c2 Move the PCT down to where it used to be located as CheckKeyPair. 2021-10-26 20:24:25 -05:00
John Safranek 6cf186696e Update the BUILD_FIPS_V4 flag to V5. Consolidate the Makefile include for the flavors of FIPS. 2021-10-26 20:24:25 -05:00
John Safranek 2de6b3b2bd Move the KDF functions into their own source file. 2021-10-26 20:24:25 -05:00
John Safranek f78887d2ab Add 'static' to the test vector arrays for the SSH KDF test. 2021-10-26 20:24:25 -05:00
John Safranek dee2a67720 Change visibility of wc_GenerateSeed() to API. 2021-10-26 20:24:25 -05:00
John Safranek 86c040a3ae Rename the PCT error codes to remove 'FIPS' since they can be enabled without FIPS. 2021-10-26 20:24:25 -05:00
John Safranek 9c5607a677 Add guard around ECC PCT for builds without validate keygen. 2021-10-26 20:24:25 -05:00
John Safranek 7a2b661c0c Add types for the RNG seed callback and the OS_Seed. 2021-10-26 20:24:25 -05:00