diff --git a/.wolfssl_known_macro_extras b/.wolfssl_known_macro_extras index e147b902c69..037148f8edf 100644 --- a/.wolfssl_known_macro_extras +++ b/.wolfssl_known_macro_extras @@ -270,7 +270,6 @@ HAVE_COLDFIRE_SEC HAVE_CRL_UPDATE_CB HAVE_CSHARP HAVE_CURL -HAVE_CURVE22519 HAVE_DANE HAVE_ECC239 HAVE_ECC320 @@ -278,7 +277,6 @@ HAVE_ECC512 HAVE_ECC_CDH_CAST HAVE_ECC_SM2 HAVE_ESP_CLK -HAVE_FACON HAVE_FIPS_VERSION_PORT HAVE_FUZZER HAVE_INTEL_MULX @@ -690,7 +688,6 @@ WOLFSSL_ALT_NAMES_NO_REV WOLFSSL_ARMASM_NEON_NO_TABLE_LOOKUP WOLFSSL_ARM_ARCH_NEON_64BIT WOLFSSL_ASCON_UNROLL -WOLFSSL_ASNC_CRYPT WOLFSSL_ASN_EXTRA WOLFSSL_ASN_TEMPLATE_NEED_SET_INT32 WOLFSSL_ASN_TEMPLATE_TYPE_CHECK @@ -808,7 +805,6 @@ WOLFSSL_NONBLOCK_OCSP WOLFSSL_NOSHA3_384 WOLFSSL_NOT_WINDOWS_API WOLFSSL_NO_BIO_ADDR_IN -WOLFSSL_NO_CLIENT WOLFSSL_NO_CLIENT_CERT_ERROR WOLFSSL_NO_COPY_CERT WOLFSSL_NO_COPY_KEY @@ -889,13 +885,11 @@ WOLFSSL_SE050_NO_TRNG WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT WOLFSSL_SERVER_EXAMPLE WOLFSSL_SETTINGS_FILE -WOLFSSL_SH224 WOLFSSL_SHA256_ALT_CH_MAJ WOLFSSL_SHA512_HASHTYPE WOLFSSL_SHUTDOWNONCE WOLFSSL_SILABS_TRNG WOLFSSL_SLHDSA_FULL_HASH -WOLFSSL_SM4_EBC WOLFSSL_SNIFFER_NO_RECOVERY WOLFSSL_SP_ARM32_UDIV WOLFSSL_SP_FAST_NCT_EXPTMOD diff --git a/src/internal.c b/src/internal.c index 7897a294bfa..75ac1bd420a 100644 --- a/src/internal.c +++ b/src/internal.c @@ -22,72 +22,133 @@ #include /* - * WOLFSSL_SMALL_CERT_VERIFY: - * Verify the certificate signature without using DecodedCert. Doubles up - * on some code but allows smaller peak heap memory usage. - * Cannot be used with WOLFSSL_NONBLOCK_OCSP. - * WOLFSSL_ALT_CERT_CHAINS: - * Allows CA's to be presented by peer, but not part of a valid chain. - * Default wolfSSL behavior is to require validation of all presented peer - * certificates. This also allows loading intermediate CA's as trusted - * and ignoring no signer failures for CA's up the chain to root. - * WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT: - * Enable resending the previous DTLS handshake flight only on a network - * read timeout. By default we resend in two more cases, when we receive: - * - an out of order last msg of the peer's flight - * - a duplicate of the first msg from the peer's flight + * internal.c Build Options: + * + * See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3, + * ssl.c for SSL API layer, wc_port.c for platform/memory. + * + * Connection & Buffers: + * LARGE_STATIC_BUFFERS: Use large static I/O buffers default: on + * WOLFSSL_DISABLE_EARLY_SANITY_CHECKS: + * Disable early sanity checks on TLS messages default: off + * WOLFSSL_NO_DTLS_SIZE_CHECK: Disable DTLS record size validation default: off + * + * Cipher Suite Selection: + * NO_CHAPOL_AEAD: Disable ChaCha20-Poly1305 AEAD suites default: off + * WOLFSSL_OLDTLS_AEAD_CIPHERSUITES: + * Enable AEAD cipher suites for pre-TLS 1.2 default: off + * WOLFSSL_OLDTLS_SHA2_CIPHERSUITES: + * Enable SHA-2 cipher suites for pre-TLS 1.2 default: off + * WOLFSSL_NO_STRICT_CIPHER_SUITE: + * Relax strict cipher suite validation default: off + * NO_RESUME_SUITE_CHECK: Skip cipher suite check on resume default: off + * NO_FORCE_SCR_SAME_SUITE: Allow different suite in renegotiation default: off + * CIPHER_NONCE: Per-record cipher nonce for AEAD default: off + * + * Certificate Validation: + * WOLFSSL_SMALL_CERT_VERIFY: Verify cert sig without DecodedCert default: off + * WOLFSSL_ALT_CERT_CHAINS: Allow non-validated intermediate CAs default: off + * NO_CHECK_PRIVATE_KEY: Skip key/cert matching validation default: off + * WOLFSSL_VERIFY_CB_ALL_CERTS: + * Call verify callback for all chain certs default: off + * WOLFSSL_ALWAYS_VERIFY_CB: Always invoke verify callback default: off + * WOLFSSL_ALLOW_NO_CN_IN_SAN: Allow certs with SAN but no CN default: off + * WOLFSSL_TRUST_PEER_CERT: Direct trust of specific peer certs default: off + * WOLFSSL_LOCAL_X509_STORE: Per-context X509 store default: off + * WOLFSSL_APPLE_NATIVE_CERT_VALIDATION: + * Use Apple native cert validation on macOS/iOS default: off + * WOLFSSL_TEST_APPLE_NATIVE_CERT_VALIDATION: + * Testing mode for Apple cert validation default: off + * HAVE_DANE: DNS-based cert validation (DNSSEC) default: off + * HAVE_FALLBACK_SCSV: TLS Fallback SCSV anti-downgrade default: off + * WOLFSSL_ACERT: Attribute certificate support default: off + * WOLFSSL_DEBUG_CERTS: Debug logging for cert processing default: off + * WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY: + * Verify hostname using SAN only (not CN) default: off + * + * Handshake Behavior: + * OLD_HELLO_ALLOWED: Allow SSLv2-format ClientHello default: off + * WOLFSSL_ALTERNATIVE_DOWNGRADE: + * Alternative protocol downgrade detection default: off + * WOLFSSL_OLD_TIMINGPADVERIFY: + * Old timing-based CBC padding verification default: off + * WOLFSSL_ECDSA_MATCH_HASH: Match ECDSA hash to curve preference default: off + * WOLFSSL_STRONGEST_HASH_SIG: Prefer strongest hash in signatures default: off + * USE_ECDSA_KEYSZ_HASH_ALGO: Select ECDSA hash by key size default: off + * WOLFSSL_ALLOW_TLS_SHA1: Allow SHA-1 cipher suites/signatures default: off + * WOLFSSL_EXTRA_ALERTS: Send additional TLS alert messages default: off + * WOLFSSL_NO_ETM_ALERT: No alert on Encrypt-Then-MAC failure default: off + * + * Secure Renegotiation & PSK: + * WOLFSSL_SECURE_RENEGOTIATION_ON_BY_DEFAULT: + * Enable secure renegotiation by default default: off + * WOLFSSL_PSK_IDENTITY_ALERT: Alert on PSK identity lookup failure default: off + * + * Session Tickets: * WOLFSSL_NO_DEF_TICKET_ENC_CB: - * No default ticket encryption callback. - * Server only. - * Application must set its own callback to use session tickets. - * WOLFSSL_TICKET_ENC_CHACHA20_POLY1305 - * Use ChaCha20-Poly1305 to encrypt/decrypt session tickets in default - * callback. Default algorithm if none defined and algorithms compiled in. - * Server only. - * WOLFSSL_TICKET_ENC_AES128_GCM - * Use AES128-GCM to encrypt/decrypt session tickets in default callback. - * Server only. Default algorithm if ChaCha20/Poly1305 not compiled in. - * WOLFSSL_TICKET_ENC_AES256_GCM - * Use AES256-GCM to encrypt/decrypt session tickets in default callback. - * Server only. - * WOLFSSL_TICKET_DECRYPT_NO_CREATE - * Default callback will not request creation of new ticket on successful - * decryption. - * Server only. - * WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE - * Once a normal TLS 1.3 handshake is complete, a session ticket message - * may be received by a client. To support detecting this, peek will - * return WOLFSSL_ERROR_WANT_READ. - * This define turns off this behaviour. - * WOLFSSL_HOSTNAME_VERIFY_ALT_NAME_ONLY - * Verify hostname/ip address using alternate name (SAN) only and do not - * use the common name. Forces use of the alternate name, so certificates - * missing SAN will be rejected during the handshake - * WOLFSSL_CHECK_SIG_FAULTS - * Verifies the ECC signature after signing in case of faults in the - * calculation of the signature. Useful when signature fault injection is a - * possible attack. - * WOLFSSL_TLS13_IGNORE_AEAD_LIMITS - * Ignore the AEAD limits for messages specified in the RFC. After - * reaching the limit, we initiate a key update. We enforce the AEAD limits - * by default. - * https://www.rfc-editor.org/rfc/rfc8446#section-5.5 - * https://www.rfc-editor.org/rfc/rfc9147.html#name-aead-limits - * WOLFSSL_HARDEN_TLS - * Implement the recommendations specified in RFC9325. This macro needs to - * be defined to the desired number of bits of security. The currently - * implemented values are 112 and 128 bits. The following macros disable - * certain checks. - * - WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC - * - WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS - * - WOLFSSL_HARDEN_TLS_NO_SCR_CHECK - * - WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK - * - WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES - * WOLFSSL_NO_INIT_CTX_KEY - * Allows SSL objects to be created from a CTX without a loaded key/cert - * pair + * No default ticket encryption callback default: off + * WOLFSSL_TICKET_ENC_CHACHA20_POLY1305: + * ChaCha20-Poly1305 for ticket encryption default: auto + * WOLFSSL_TICKET_ENC_AES128_GCM: + * AES128-GCM for ticket encryption default: auto + * WOLFSSL_TICKET_ENC_AES256_GCM: + * AES256-GCM for ticket encryption default: off + * WOLFSSL_TICKET_DECRYPT_NO_CREATE: + * No new ticket on successful decryption default: off + * WOLFSSL_TICKET_ENC_CBC_HMAC: + * CBC+HMAC for ticket encryption (non-AEAD) default: off + * WOLFSSL_NO_TICKET_EXPIRE: Disable ticket expiration checking default: off + * + * TLS 1.3 Internals: + * WOLFSSL_TLS13_IGNORE_PT_ALERT_ON_ENC: + * Ignore plaintext alerts when encrypted expected default: off + * WOLFSSL_TLS13_NO_PEEK_HANDSHAKE_DONE: + * Disable peek returning WANT_READ for tickets default: off + * WOLFSSL_TLS13_IGNORE_AEAD_LIMITS: + * Ignore AEAD message limits from RFC 8446 default: off + * WOLFSSL_DTLS13_SEND_MOREACK_DEFAULT: + * Send more ACKs by default in DTLS 1.3 default: off + * + * DTLS: + * WOLFSSL_DTLS_RESEND_ONLY_TIMEOUT: + * Resend previous flight only on timeout default: off + * WOLFSSL_DTLS_DISALLOW_FUTURE: + * Reject DTLS records with future epoch default: off * WOLFSSL_DTLS_RECORDS_CAN_SPAN_DATAGRAMS: - * When defined, allows DTLS records to span across multiple datagrams. + * Allow DTLS records to span datagrams default: off + * WOLFSSL_DEBUG_DTLS: Debug logging for DTLS operations default: off + * + * Session Export: + * WOLFSSL_SESSION_EXPORT: Enable session export/import default: off + * WOLFSSL_SESSION_EXPORT_DEBUG: + * Debug logging for session export/import default: off + * WOLFSSL_SESSION_EXPORT_NOPEER: + * Export sessions without peer cert info default: off + * + * Compatibility Layers: + * WOLFSSL_MYSQL_COMPATIBLE: MySQL protocol compatibility default: off + * WOLFSSL_OPENVPN: OpenVPN compatibility behaviors default: off + * + * Async & Non-blocking: + * WOLFSSL_ASYNC_CRYPT_SW: Software async crypto simulation default: off + * WC_X25519_NONBLOCK: Non-blocking X25519 operations default: off + * HAVE_WOLF_EVENT: Event-driven async processing default: off + * + * Hardware/Platform TLS: + * WOLFSSL_MAXQ10XX_TLS: Maxim MAXQ10xx secure element default: off + * WOLFSSL_IOTSAFE: IoTSAFE (GSMA) applet support default: off + * WOLFSSL_QNX_CAAM: QNX CAAM crypto module support default: off + * HAVE_DH_DEFAULT_PARAMS: Include default DH parameters default: off + * HAVE_EXT_CACHE: External session cache callbacks default: off + * + * Hardening: + * WOLFSSL_HARDEN_TLS: Implement RFC 9325 recommendations default: off + * WOLFSSL_HARDEN_TLS_ALLOW_TRUNCATED_HMAC: Allow truncated HMAC + * WOLFSSL_HARDEN_TLS_ALLOW_OLD_TLS: Allow old TLS versions + * WOLFSSL_HARDEN_TLS_NO_SCR_CHECK: No SCR check + * WOLFSSL_HARDEN_TLS_NO_PKEY_CHECK: No public key check + * WOLFSSL_HARDEN_TLS_ALLOW_ALL_CIPHERSUITES: Allow all suites + * WOLFSSL_NO_INIT_CTX_KEY: Allow SSL objects without loaded keys default: off */ #ifndef WOLFCRYPT_ONLY diff --git a/src/ssl.c b/src/ssl.c index 9772b85e4ef..91025fcc896 100644 --- a/src/ssl.c +++ b/src/ssl.c @@ -153,26 +153,121 @@ #endif /* !WOLFCRYPT_ONLY || OPENSSL_EXTRA */ /* + * ssl.c Build Options: + * + * See also: tls.c for TLS extension/protocol options, tls13.c for TLS 1.3, + * internal.c for handshake internals, wc_port.c for platform/memory. + * + * OpenSSL Compatibility: + * OPENSSL_EXTRA: Enable OpenSSL compatibility API default: off + * OPENSSL_ALL: Enable all OpenSSL compat APIs default: off + * OPENSSL_EXTRA_X509_SMALL: Minimal OpenSSL X509 compat APIs default: off + * OPENSSL_EXTRA_NO_ASN1: OpenSSL extra without ASN1 objects default: off * OPENSSL_COMPATIBLE_DEFAULTS: - * Enable default behaviour that is compatible with OpenSSL. For example - * SSL_CTX by default doesn't verify the loaded certs. Enabling this - * should make porting to new projects easier. - * WOLFSSL_CHECK_ALERT_ON_ERR: - * Check for alerts during the handshake in the event of an error. - * NO_SESSION_CACHE_REF: - * wolfSSL_get_session on a client will return a reference to the internal - * ClientCache by default for backwards compatibility. This define will - * make wolfSSL_get_session return a reference to ssl->session. The returned - * pointer will be freed with the related WOLFSSL object. - * SESSION_CACHE_DYNAMIC_MEM: - * Dynamically allocate sessions for the session cache from the heap, as - * opposed to the default which allocates from the stack. Allocates - * memory only when a session is added to the cache, frees memory after the - * session is no longer being used. Recommended for memory-constrained - * systems. - * WOLFSSL_SYS_CA_CERTS - * Enables ability to load system CA certs from the OS via - * wolfSSL_CTX_load_system_CA_certs. + * Default behavior compatible with OpenSSL default: off + * NO_WOLFSSL_STUB: Disable stubs for unimplemented funcs default: off + * WOLFSSL_DEBUG_OPENSSL: Debug logging for OpenSSL compat layer default: off + * WOLFSSL_HAVE_ERROR_QUEUE: OpenSSL-compatible error queue default: off + * WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes default: off + * WOLFSSL_CIPHER_INTERNALNAME: + * Use wolfSSL internal cipher suite names default: off + * NO_CIPHER_SUITE_ALIASES: Disable cipher suite name aliases default: off + * WOLFSSL_SET_CIPHER_BYTES: Set cipher suites by raw byte values default: off + * WOLFSSL_OLD_SET_CURVES_LIST: + * Old-style curve list parsing for compat default: off + * WOLFSSL_NO_OPENSSL_RAND_CB: Disable OpenSSL RAND callback compat default: off + * NO_ERROR_STRINGS: Disable human-readable error strings default: off + * WOLFSSL_PUBLIC_ASN: Make ASN parsing functions public default: off + * + * Extra Data / BIO: + * HAVE_EX_DATA: Enable ex_data on SSL/CTX/X509 objects default: off + * HAVE_EX_DATA_CLEANUP_HOOKS: Cleanup callbacks for ex_data default: off + * HAVE_EX_DATA_CRYPTO: ex_data support for wolfCrypt objects default: off + * MAX_EX_DATA: Max ex_data entries per object default: 5 + * NO_BIO: Disable BIO abstraction layer default: off + * + * Session & Cache: + * NO_SESSION_CACHE: Disable server session cache default: off + * NO_SESSION_CACHE_REF: wolfSSL_get_session returns ssl->session + * reference instead of ClientCache ref default: off + * SESSION_CACHE_DYNAMIC_MEM: Dynamically allocate session cache default: off + * NO_CLIENT_CACHE: Disable client-side session cache default: off + * SESSION_CERTS: Store full cert chain in session default: off + * WOLFSSL_SESSION_ID_CTX: Session ID context for cache sharing default: off + * + * I/O & Transport: + * USE_WOLFSSL_IO: Use built-in I/O callbacks default: on + * WOLFSSL_USER_IO: Application provides custom I/O default: off + * WOLFSSL_NO_SOCK: Build without socket support default: off + * NO_WRITEV: Disable writev() scatter/gather I/O default: off + * WOLFSSL_DTLS_MTU: Enable DTLS MTU management APIs default: off + * WOLFSSL_DTLS_DROP_STATS: Track DTLS packet drop statistics default: off + * WOLFSSL_MULTICAST: Enable DTLS multicast support default: off + * + * Callbacks & Features: + * WOLFSSL_CHECK_ALERT_ON_ERR: Check alerts on handshake error default: off + * ATOMIC_USER: User-defined record layer callbacks default: off + * HAVE_WRITE_DUP: Separate threads for SSL read/write default: off + * WOLFSSL_CALLBACKS: Handshake monitoring callbacks default: off + * NO_HANDSHAKE_DONE_CB: Disable handshake completion callback default: off + * WOLFSSL_SHUTDOWNONCE: Send close_notify only once default: off + * WOLFSSL_COPY_CERT: Copy certificate buffer (own copy) default: off + * WOLFSSL_COPY_KEY: Copy private key buffer (own copy) default: off + * WOLF_PRIVATE_KEY_ID: Reference private keys by ID default: off + * WOLFSSL_REFCNT_ERROR_RETURN: + * Return errors on ref counting failures default: off + * WOLFSSL_ALLOW_MAX_FRAGMENT_ADJUST: + * Allow runtime max fragment size adjustment default: off + * WOLFSSL_ALLOW_NO_SUITES: Allow SSL objects with no cipher suites default: off + * + * Certificates & Keys: + * KEEP_PEER_CERT: Keep peer cert after handshake default: off + * KEEP_OUR_CERT: Keep our cert after handshake default: off + * WOLFSSL_STATIC_RSA: Enable static RSA key exchange default: off + * WOLFSSL_HAVE_CERT_SERVICE: Certificate service callbacks default: off + * WOLFSSL_SYS_CA_CERTS: Load system CA certs from OS default: off + * + * Application Compatibility: + * HAVE_CURL: APIs for libcurl compatibility default: off + * HAVE_LIGHTY: APIs for lighttpd compatibility default: off + * HAVE_MEMCACHED: APIs for memcached compatibility default: off + * WOLFSSL_APACHE_HTTPD: APIs for Apache httpd compatibility default: off + * WOLFSSL_NGINX: APIs for nginx compatibility default: off + * WOLFSSL_HAPROXY: APIs for HAProxy compatibility default: off + * WOLFSSL_ASIO: APIs for Boost.Asio compatibility default: off + * WOLFSSL_PYTHON: APIs for Python module compatibility default: off + * WOLFSSL_QT: APIs for Qt framework compatibility default: off + * WOLFSSL_JNI: APIs for Java JNI/JSSE compatibility default: off + * + * Protocol Features: + * WOLFSSL_HAVE_WOLFSCEP: Enable wolfSCEP protocol support default: off + * WOLFCRYPT_HAVE_SRP: Enable SRP protocol support default: off + * HAVE_LIBZ: Enable zlib TLS compression default: off + * WOLFSSL_EXTRA: Extra SSL session info APIs default: off + * WOLFSSL_WPAS_SMALL: Minimal wpa_supplicant/hostapd APIs default: off + * HAVE_FUZZER: Fuzzing callback support default: off + * + * Memory & Threading: + * WOLFSSL_STATIC_MEMORY_LEAN: Lean static memory allocation default: off + * WOLFSSL_THREADED_CRYPT: Multi-threaded crypto operations default: off + * WOLFSSL_CLEANUP_THREADSAFE_BY_ATOMIC_OPS: + * Thread-safe cleanup via atomics default: off + * WOLFSSL_ATOMIC_INITIALIZER: Static init for atomic variables default: off + * WOLFSSL_DEBUG_MEMORY: Log malloc/free with file/line info default: off + * WOLFSSL_NO_REALLOC: Disable realloc, use malloc+copy+free default: off + * WOLFSSL_HEAP_TEST: Heap-related testing utilities default: off + * + * Debugging & Build: + * SHOW_SIZES: Display struct sizes at init default: off + * WOLFSSL_DEBUG_TRACE_ERROR_CODES: + * Trace error code origins for debugging default: off + * HAVE_ATEXIT: Register wolfSSL_Cleanup via atexit default: off + * WOLFSSL_SYS_CRYPTO_POLICY: Honor system crypto policy settings default: off + * + * Hardware TLS: + * WOLFSSL_RENESAS_TSIP_TLS: Renesas TSIP hardware crypto for TLS default: off + * WOLFSSL_RENESAS_FSPSM_TLS: Renesas FSP Security Module for TLS default: off + * WOLFSSL_EGD_NBLOCK: Non-blocking EGD entropy support default: off */ #define WOLFSSL_SSL_MISC_INCLUDED @@ -8526,12 +8621,12 @@ int wolfSSL_set_compression(WOLFSSL* ssl) if (ssl == NULL) return 0; -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT) +#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT) if (ssl->options.side == WOLFSSL_CLIENT_END && ssl->options.dtls && IsAtLeastTLSv1_3(ssl->version)) { return ssl->options.serverState == SERVER_FINISHED_ACKED; } -#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT */ +#endif /* WOLFSSL_DTLS13 && !NO_WOLFSSL_CLIENT */ /* Can't use ssl->options.connectState and ssl->options.acceptState * because they differ in meaning for TLS <=1.2 and 1.3 */ diff --git a/src/tls.c b/src/tls.c index 011c22eee6f..93ac181adf6 100644 --- a/src/tls.c +++ b/src/tls.c @@ -19,6 +19,103 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * TLS Build Options: + * (See tls13.c for TLS 1.3-specific options) + * + * Protocol Control: + * NO_OLD_TLS: Disable TLS 1.0 and 1.1 default: off + * WOLFSSL_ALLOW_TLSV10: Allow TLS 1.0 connections default: off + * WOLFSSL_NO_TLS12: Disable TLS 1.2 default: off + * NO_TLS: Disable TLS entirely (SSL only) default: off + * WOLFSSL_DTLS: Enable DTLS support default: off + * WOLFSSL_DTLS13: Enable DTLS 1.3 support default: off + * WOLFSSL_DTLS_CID: Enable DTLS Connection ID default: off + * WOLFSSL_AEAD_ONLY: Only allow AEAD cipher suites default: off + * NO_WOLFSSL_CLIENT: Disable TLS client functionality default: off + * NO_WOLFSSL_SERVER: Disable TLS server functionality default: off + * WOLFSSL_EITHER_SIDE: Allow same context for client/server default: off + * HAVE_TLS_EXTENSIONS: Enable TLS extension support default: on + * HAVE_SNI: Server Name Indication extension default: off + * WOLFSSL_ALWAYS_KEEP_SNI: Keep SNI after handshake default: off + * HAVE_MAX_FRAGMENT: Max Fragment Length extension default: off + * HAVE_TRUNCATED_HMAC: Truncated HMAC extension default: off + * HAVE_SUPPORTED_CURVES: Supported Curves extension default: on + * HAVE_EXTENDED_MASTER: Extended Master Secret (RFC 7627) default: on + * HAVE_ENCRYPT_THEN_MAC: Encrypt-Then-MAC extension default: on + * HAVE_ALPN: Application-Layer Protocol Negotiation default: off + * HAVE_CERTIFICATE_STATUS_REQUEST: OCSP stapling default: off + * HAVE_CERTIFICATE_STATUS_REQUEST_V2: OCSP stapling v2 default: off + * HAVE_SECURE_RENEGOTIATION: Secure renegotiation support default: off + * HAVE_SERVER_RENEGOTIATION_INFO: Server renegotiation info default: off + * HAVE_SESSION_TICKET: Session ticket support default: off + * HAVE_TRUSTED_CA: Trusted CA Indication extension default: off + * HAVE_RPK: Raw Public Key support (RFC 7250) default: off + * HAVE_ECH: Encrypted Client Hello support default: off + * WOLFSSL_NO_SIGALG: Disable signature algorithms ext default: off + * WOLFSSL_NO_CA_NAMES: Disable CA Names in CertificateReq default: off + * WOLFSSL_NO_SERVER_GROUPS_EXT: Don't send server groups ext default: off + * NO_TLSX_PSKKEM_PLAIN_ANNOUNCE: Disable plain PSK announce default: off + * WOLFSSL_OLD_UNSUPPORTED_EXTENSION: Old unsupported ext handling default: off + * WOLFSSL_ALLOW_SERVER_SC_EXT: Allow server supported curves ext default: off + * + * Pre-Shared Keys: + * NO_PSK: Disable PSK cipher suites default: off + * + * Key Exchange: + * HAVE_FFDHE: Enable Finite Field DH ephemeral default: off + * HAVE_FFDHE_2048: Enable FFDHE 2048-bit group default: off + * HAVE_FFDHE_3072: Enable FFDHE 3072-bit group default: off + * HAVE_FFDHE_4096: Enable FFDHE 4096-bit group default: off + * HAVE_FFDHE_6144: Enable FFDHE 6144-bit group default: off + * HAVE_FFDHE_8192: Enable FFDHE 8192-bit group default: off + * HAVE_PUBLIC_FFDHE: Use public FFDHE parameters only default: off + * WOLFSSL_OLD_PRIME_CHECK: Use old DH prime checking method default: off + * WOLFSSL_STATIC_DH: Enable static DH cipher suites default: off + * WOLFSSL_STATIC_EPHEMERAL: Enable static ephemeral key loading default: off + * + * Post-Quantum: + * WOLFSSL_HAVE_MLKEM: Enable ML-KEM (Kyber) support default: off + * WOLFSSL_WC_MLKEM: Use wolfCrypt ML-KEM implementation default: off + * WOLFSSL_MLKEM_KYBER: Use Kyber round 3 parameters default: off + * WOLFSSL_KYBER512: Enable Kyber/ML-KEM-512 default: off + * WOLFSSL_KYBER768: Enable Kyber/ML-KEM-768 default: off + * WOLFSSL_KYBER1024: Enable Kyber/ML-KEM-1024 default: off + * WOLFSSL_NO_ML_KEM: Disable all ML-KEM support default: off + * WOLFSSL_NO_ML_KEM_512: Disable ML-KEM-512 default: off + * WOLFSSL_NO_ML_KEM_768: Disable ML-KEM-768 default: off + * WOLFSSL_NO_ML_KEM_1024: Disable ML-KEM-1024 default: off + * WOLFSSL_ML_KEM_USE_OLD_IDS: Use old IANA IDs for ML-KEM default: off + * WOLFSSL_TLSX_PQC_MLKEM_STORE_OBJ: Store ML-KEM object in ext default: off + * WOLFSSL_TLSX_PQC_MLKEM_STORE_PRIV_KEY: Store ML-KEM priv key default: off + * WOLFSSL_MLKEM_CACHE_A: Cache ML-KEM A matrix default: off + * WOLFSSL_MLKEM_NO_MAKE_KEY: Disable ML-KEM key generation default: off + * WOLFSSL_MLKEM_NO_ENCAPSULATE: Disable ML-KEM encapsulation default: off + * WOLFSSL_MLKEM_NO_DECAPSULATE: Disable ML-KEM decapsulation default: off + * HAVE_LIBOQS: Use liboqs for PQ algorithms default: off + * + * Curves: + * HAVE_SECRET_CALLBACK: Enable TLS secret callback default: off + * HAVE_PK_CALLBACKS: Enable public key callbacks default: off + * HAVE_FUZZER: Enable fuzzing callback support default: off + * + * Features: + * WOLFSSL_SNIFFER: Enable TLS packet sniffing support default: off + * WOLFSSL_SNIFFER_KEYLOGFILE: Sniffer keylog file support default: off + * WOLFSSL_SSLKEYLOGFILE: Enable SSL key log file output default: off + * WOLFSSL_SRTP: Enable SRTP extension support default: off + * WOLFSSL_DUAL_ALG_CERTS: Enable dual algorithm certificates default: off + * WOLFSSL_HAVE_PRF: Enable TLS PRF function access default: off + * WOLFSSL_DEBUG_TLS: Debug TLS protocol messages default: off + * WOLFSSL_32BIT_MILLI_TIME: 32-bit millisecond time function default: off + * WOLFSSL_REQUIRE_TCA: Require Trusted CA extension default: off + * WOLFSSL_DH_EXTRA: Extra DH key info in SSL object default: off + * WOLFSSL_CURVE25519_BLINDING: Curve25519 blinding in TLS default: off + * HAVE_NULL_CIPHER: Allow NULL cipher suites default: off + * HAVE_WEBSERVER: Enable web server features default: off + * NO_CERTS: Disable certificate processing default: off + */ + #include #ifndef WOLFCRYPT_ONLY diff --git a/src/tls13.c b/src/tls13.c index 27d1ec0c3fa..ed0dd1d9c46 100644 --- a/src/tls13.c +++ b/src/tls13.c @@ -22,71 +22,61 @@ #include /* - * BUILD_GCM - * Enables AES-GCM ciphersuites. - * HAVE_AESCCM - * Enables AES-CCM ciphersuites. - * HAVE_SESSION_TICKET - * Enables session tickets - required for TLS 1.3 resumption. - * NO_PSK - * Do not enable Pre-Shared Keys. - * HAVE_KEYING_MATERIAL - * Enables exporting keying material based on section 7.5 of RFC 8446. - * WOLFSSL_ASYNC_CRYPT - * Enables the use of asynchronous cryptographic operations. - * This is available for ciphers and certificates. - * HAVE_CHACHA && HAVE_POLY1305 - * Enables use of CHACHA20-POLY1305 ciphersuites. - * WOLFSSL_DEBUG_TLS - * Writes out details of TLS 1.3 protocol including handshake message buffers - * and key generation input and output. - * WOLFSSL_EARLY_DATA - * Allow 0-RTT Handshake using Early Data extensions and handshake message - * WOLFSSL_EARLY_DATA_GROUP - * Group EarlyData message with ClientHello when sending - * WOLFSSL_NO_SERVER_GROUPS_EXT - * Do not send the server's groups in an extension when the server's top - * preference is not in client's list. - * WOLFSSL_POST_HANDSHAKE_AUTH - * Allow TLS v1.3 code to perform post-handshake authentication of the - * client. - * WOLFSSL_SEND_HRR_COOKIE - * Send a cookie in hello_retry_request message to enable stateless tracking - * of ClientHello replies. - * WOLFSSL_TLS13 - * Enable TLS 1.3 protocol implementation. - * WOLFSSL_TLS13_MIDDLEBOX_COMPAT - * Enable middlebox compatibility in the TLS 1.3 handshake. - * This includes sending ChangeCipherSpec before encrypted messages and - * including a session id. - * WOLFSSL_TLS13_SHA512 - * Allow generation of SHA-512 digests in handshake - no ciphersuite - * requires SHA-512 at this time. - * WOLFSSL_TLS13_TICKET_BEFORE_FINISHED - * Allow a NewSessionTicket message to be sent by server before Client's - * Finished message. - * See TLS v1.3 specification, Section 4.6.1, Paragraph 4 (Note). - * WOLFSSL_PSK_ONE_ID - * When only one PSK ID is used and only one call to the PSK callback can - * be made per connect. - * You cannot use wc_psk_client_cs_callback type callback on client. - * WOLFSSL_PRIORITIZE_PSK - * During a handshake, prioritize PSK order instead of ciphersuite order. - * WOLFSSL_CHECK_ALERT_ON_ERR - * Check for alerts during the handshake in the event of an error. - * WOLFSSL_NO_CLIENT_CERT_ERROR - * Requires client to set a client certificate - * WOLFSSL_PSK_MULTI_ID_PER_CS - * When multiple PSK identities are available for the same cipher suite. - * Sets the first byte of the client identity to the count of identities - * that have been seen so far for the cipher suite. - * WOLFSSL_CHECK_SIG_FAULTS - * Verifies the ECC signature after signing in case of faults in the - * calculation of the signature. Useful when signature fault injection is a - * possible attack. - * WOLFSSL_32BIT_MILLI_TIME - * Function TimeNowInMilliseconds() returns an unsigned 32-bit value. - * Default behavior is to return a signed 64-bit value. + * TLS 1.3-Specific Build Options: + * (See tls.c for generic TLS options: extensions, curves, callbacks, etc.) + * + * Protocol: + * WOLFSSL_TLS13: Enable TLS 1.3 protocol default: on + * WOLFSSL_TLS13_DRAFT: Enable TLS 1.3 draft version support default: off + * WOLFSSL_QUIC: Enable QUIC protocol support (TLS 1.3) default: off + * WOLFSSL_DTLS13_NO_HRR_ON_RESUME: Skip HRR on DTLS 1.3 resume default: off + * WOLFSSL_DTLS_CH_FRAG: Enable DTLS 1.3 ClientHello frag default: off + * + * Handshake: + * WOLFSSL_TLS13_MIDDLEBOX_COMPAT: Enable middlebox compatibility default: on + * Sends ChangeCipherSpec and includes session id + * WOLFSSL_SEND_HRR_COOKIE: Send cookie in HelloRetryRequest default: off + * for stateless ClientHello tracking + * WOLFSSL_EARLY_DATA: Allow 0-RTT early data default: off + * WOLFSSL_EARLY_DATA_GROUP: Group early data with ClientHello default: off + * WOLFSSL_POST_HANDSHAKE_AUTH: Post-handshake client auth default: off + * WOLFSSL_TLS13_TICKET_BEFORE_FINISHED: Send NewSessionTicket default: off + * before client Finished message + * WOLFSSL_NO_CLIENT_AUTH: Disable TLS 1.3 client authentication default: off + * WOLFSSL_NO_CLIENT_CERT_ERROR: Require client certificate default: off + * WOLFSSL_CERT_SETUP_CB: Certificate setup callback default: off + * WOLFSSL_ALLOW_BAD_TLS_LEGACY_VERSION: Allow bad legacy version default: off + * + * Security: + * WOLFSSL_BLIND_PRIVATE_KEY: Blind private key during signing default: off + * WOLFSSL_CHECK_SIG_FAULTS: Verify signature after ECC signing default: off + * to detect fault injection attacks + * WOLFSSL_CIPHER_TEXT_CHECK: Verify ciphertext integrity default: off + * + * TLS 1.3 PSK: + * WOLFSSL_PSK_ONE_ID: Single PSK identity per connect default: off + * WOLFSSL_PSK_MULTI_ID_PER_CS: Multiple PSK IDs per cipher suite default: off + * WOLFSSL_PRIORITIZE_PSK: Prioritize PSK over ciphersuite order default: off + * WOLFSSL_PSK_ID_PROTECTION: Enable PSK identity protection default: off + * + * TLS 1.3 Session Tickets: + * WOLFSSL_TICKET_HAVE_ID: Session tickets include ID default: off + * WOLFSSL_TICKET_NONCE_MALLOC: Dynamically allocate ticket nonce default: off + * + * TLS 1.3 Key Exchange: + * HAVE_KEYING_MATERIAL: Export keying material (RFC 8446 7.5) default: off + * WOLFSSL_HAVE_TLS_UNIQUE: Enable tls-unique channel binding default: off + * + * TLS 1.3 Hash/Signature: + * WOLFSSL_TLS13_SHA512: Allow SHA-512 in TLS 1.3 handshake default: off + * (no ciphersuite requires it currently) + * WOLFSSL_ERROR_CODE_OPENSSL: Use OpenSSL-compatible error codes default: off + * WOLFSSL_SSLKEYLOGFILE_OUTPUT: Set key log output file path default: off + * WOLFSSL_RW_THREADED: Enable read/write threading support default: off + * WOLFSSL_ASYNC_IO: Enable async I/O operations default: off + * WOLFSSL_NONBLOCK_OCSP: Non-blocking OCSP processing default: off + * WOLFSSL_TLS_OCSP_MULTI: Multiple OCSP responses default: off + * WOLFSSL_WOLFSENTRY_HOOKS: wolfSentry integration hooks default: off */ #if !defined(NO_TLS) && defined(WOLFSSL_TLS13) @@ -5037,7 +5027,7 @@ int SendTls13ClientHello(WOLFSSL* ssl) return ret; } -#if defined(WOLFSSL_DTLS13) && !defined(WOLFSSL_NO_CLIENT) +#if defined(WOLFSSL_DTLS13) && !defined(NO_WOLFSSL_CLIENT) static int Dtls13ClientDoDowngrade(WOLFSSL* ssl) { int ret; @@ -5061,7 +5051,7 @@ static int Dtls13ClientDoDowngrade(WOLFSSL* ssl) w64GetLow32(ssl->dtls13EncryptEpoch->nextSeqNumber); return ret; } -#endif /* WOLFSSL_DTLS13 && !WOLFSSL_NO_CLIENT*/ +#endif /* WOLFSSL_DTLS13 && !NO_WOLFSSL_CLIENT*/ #if defined(HAVE_ECH) /* Calculate ECH acceptance and verify the server accepted ECH. diff --git a/sslSniffer/sslSnifferTest/snifftest.c b/sslSniffer/sslSnifferTest/snifftest.c index 7743311d548..e305d0bfe2f 100644 --- a/sslSniffer/sslSnifferTest/snifftest.c +++ b/sslSniffer/sslSnifferTest/snifftest.c @@ -466,7 +466,7 @@ static void show_appinfo(void) #ifdef HAVE_CURVE448 "x448 " #endif - #ifdef HAVE_CURVE22519 + #ifdef HAVE_CURVE25519 "x22519 " #endif #ifdef WOLFSSL_STATIC_RSA diff --git a/tests/api.c b/tests/api.c index f256c068141..3cfe0442c10 100644 --- a/tests/api.c +++ b/tests/api.c @@ -37,7 +37,7 @@ #if defined(WOLFSSL_STATIC_MEMORY) #include #endif -#ifdef WOLFSSL_ASNC_CRYPT +#ifdef WOLFSSL_ASYNC_CRYPT #include #endif #ifdef HAVE_ECC diff --git a/wolfcrypt/src/aes.c b/wolfcrypt/src/aes.c index 6da66d601fe..2fbfd842635 100644 --- a/wolfcrypt/src/aes.c +++ b/wolfcrypt/src/aes.c @@ -29,6 +29,87 @@ block cipher mechanism that uses n-bit binary string parameter key with 128-bits */ +/* + * AES Build Options: + * + * Core: + * NO_AES: Disable AES support entirely default: off + * WOLFSSL_AES_128: Enable AES-128 key size default: on + * WOLFSSL_AES_192: Enable AES-192 key size default: on + * WOLFSSL_AES_256: Enable AES-256 key size default: on + * AES_MAX_KEY_SIZE: Maximum AES key size in bits default: 256 + * + * Cipher Modes: + * HAVE_AES_CBC: Enable AES-CBC mode default: on + * HAVE_AES_ECB: Enable AES-ECB mode default: off + * HAVE_AES_DECRYPT: Enable AES decryption default: on + * WOLFSSL_AES_COUNTER: Enable AES-CTR mode default: off + * WOLFSSL_AES_CFB: Enable AES-CFB mode default: off + * WOLFSSL_NO_AES_CFB_1_8: Disable AES-CFB-1 and AES-CFB-8 default: off + * WOLFSSL_AES_OFB: Enable AES-OFB mode default: off + * WOLFSSL_AES_DIRECT: Enable direct AES encrypt/decrypt API default: off + * WOLFSSL_AES_XTS: Enable AES-XTS mode default: off + * WOLFSSL_AES_CTS: Enable AES-CTS (ciphertext stealing) default: off + * WOLFSSL_AES_SIV: Enable AES-SIV (synthetic IV) mode default: off + * WOLFSSL_AES_EAX: Enable AES-EAX AEAD mode default: off + * WOLFSSL_CMAC: Enable AES-CMAC (RFC 4493) default: off + * HAVE_AESCCM: Enable AES-CCM mode default: off + * HAVE_AES_KEYWRAP: Enable AES key wrap (RFC 3394) default: off + * WOLFSSL_AES_CBC_LENGTH_CHECKS: Validate CBC input length default: off + * + * AES-GCM: + * HAVE_AESGCM: Enable AES-GCM mode default: off + * HAVE_AESGCM_DECRYPT: Enable AES-GCM decryption default: on + * (when HAVE_AESGCM is enabled) + * WOLFSSL_AESGCM_STREAM: Enable streaming AES-GCM API default: off + * WC_AES_GCM_DEC_AUTH_EARLY: Authenticate tag before decryption default: off + * GCM_SMALL: Small GCM table, saves memory default: off + * GCM_TABLE: Full 4-bit GCM lookup table, faster default: off + * GCM_TABLE_4BIT: Explicit 4-bit GCM table mode default: off + * GCM_WORD32: Use 32-bit word GCM implementation default: off + * GCM_GMULT_LEN: GCM GMULT length optimization default: off + * + * AES-XTS Stream: + * WOLFSSL_AESXTS_STREAM: Enable streaming AES-XTS API default: off + * WC_AESXTS_STREAM_NO_REQUEST_ACCOUNTING: + * Disable XTS stream request accounting default: off + * WC_AES_XTS_SUPPORT_SIMULTANEOUS_ENC_AND_DEC_KEYS: + * Support both encrypt and decrypt keys default: off + * simultaneously in XTS context + * + * Performance / Side-Channel: + * WOLFSSL_AESNI: Enable Intel AES-NI instructions default: off + * WOLFSSL_AESNI_BY4: AES-NI 4-block parallel processing default: off + * WOLFSSL_AESNI_BY6: AES-NI 6-block parallel processing default: off + * USE_INTEL_SPEEDUP: Intel AVX/AVX2 for AES acceleration default: off + * WOLFSSL_AES_SMALL_TABLES: Use smaller AES S-box tables default: off + * WOLFSSL_AES_NO_UNROLL: Disable AES round loop unrolling default: off + * WOLFSSL_AES_TOUCH_LINES: Touch all cache lines for default: off + * side-channel resistance + * WC_AES_BITSLICED: Use bitsliced AES implementation default: off + * AES_GCM_GMULT_NCT: GCM GMULT non-constant-time default: off + * NO_WOLFSSL_ALLOC_ALIGN: Disable aligned memory allocation default: off + * + * Hardware Acceleration (AES-specific): + * WC_ASYNC_ENABLE_AES: Enable async AES operations default: off + * WOLFSSL_CRYPTOCELL_AES: CryptoCell AES acceleration default: off + * WOLFSSL_DEVCRYPTO_AES: /dev/crypto AES acceleration default: off + * WOLFSSL_DEVCRYPTO_CBC: /dev/crypto AES-CBC acceleration default: off + * WOLFSSL_KCAPI_AES: Linux kernel crypto API for AES default: off + * WOLFSSL_NO_KCAPI_AES_CBC: Disable KCAPI AES-CBC default: off + * WOLFSSL_NRF51_AES: nRF51 hardware AES default: off + * WOLFSSL_PSA_NO_AES: Disable PSA AES default: off + * WOLFSSL_SCE_NO_AES: Disable Renesas SCE AES default: off + * NO_IMX6_CAAM_AES: Disable i.MX6 CAAM AES default: off + * WOLFSSL_AFALG_XILINX_AES: AF_ALG Xilinx AES acceleration default: off + * NO_WOLFSSL_ESP32_CRYPT_AES: Disable ESP32 AES acceleration default: off + * STM32_CRYPTO_AES_ONLY: STM32 AES-only crypto mode default: off + * + * Debug: + * WC_DEBUG_CIPHER_LIFECYCLE: Debug cipher init/free lifecycle default: off + * WOLFSSL_HW_METRICS: Track hardware acceleration usage default: off + */ + #include #if !defined(NO_AES) diff --git a/wolfcrypt/src/asn.c b/wolfcrypt/src/asn.c index 67086e3c5b7..dda908c7982 100644 --- a/wolfcrypt/src/asn.c +++ b/wolfcrypt/src/asn.c @@ -107,6 +107,106 @@ ASN Options: * WOLFSSL_ALLOW_AKID_SKID_MATCH: By default cert issuer is found using hash * of cert subject hash with signers subject hash. This option allows fallback * to using AKID and SKID matching. + * + * Certificate Generation/Parsing: + * WOLFSSL_CERT_REQ: Enable certificate request (CSR) support + * WOLFSSL_CERT_EXT: Enable certificate extension support + * WOLFSSL_CERT_PIV: Enable PIV certificate support + * WOLFSSL_CERT_GEN_CACHE: Cache DER for cert generation + * WOLFSSL_CERT_SIGN_CB: Enable certificate signing callback + * WOLFSSL_CERT_NAME_ALL: Store all certificate name components + * WOLFSSL_MULTI_ATTRIB: Enable multi-valued RDN attributes + * WOLFSSL_DER_TO_PEM: Enable DER to PEM conversion + * WOLFSSL_PEM_TO_DER: Enable PEM to DER conversion + * WOLFSSL_PUB_PEM_TO_DER: Enable public key PEM to DER conversion + * WOLFSSL_KEY_TO_DER: Enable key to DER encoding + * WOLFSSL_ENCRYPTED_KEYS: Enable encrypted private key support (PKCS#8) + * ASN_BER_TO_DER: Enable BER to DER conversion + * WOLFSSL_DUP_CERTPOL: Allow duplicate certificate policies + * WOLFSSL_NAMES_STATIC: Use static allocation for name strings + * WOLFSSL_SIGNER_DER_CERT: Store signer DER cert in cert manager + * + * Certificate Validation: + * NO_VERIFY_OID: Skip OID verification + * NO_CHECK_PRIVATE_KEY: Skip private key pair check + * NO_SKID: Disable Subject Key Identifier + * NO_STRICT_ECDSA_LEN: Allow non-strict ECDSA signature length + * NO_WOLFSSL_CM_VERIFY: Disable cert manager verify callback + * NO_WOLFSSL_SKIP_TRAILING_PAD: Don't skip trailing padding + * ALLOW_SELFSIGNED_INVALID_CERTSIGN: Allow self-signed certs + * without keyCertSign in keyUsage + * ALLOW_V1_EXTENSIONS: Allow extensions in v1 certificates + * USE_WOLF_VALIDDATE: Use wolfSSL date validation + * WC_ASN_RUNTIME_DATE_CHECK_CONTROL: Runtime control of date checking + * WOLFSSL_AFTER_DATE_CLOCK_SKEW: Clock skew tolerance for after-date + * WOLFSSL_BEFORE_DATE_CLOCK_SKEW: Clock skew tolerance for before-date + * WOLFSSL_TRUST_PEER_CERT: Enable trusted peer certificate support + * + * Extensions: + * WOLFSSL_ALT_NAMES: Enable Subject Alternative Names + * WOLFSSL_ALT_NAMES_NO_REV: Alt names without reverse order + * WOLFSSL_IP_ALT_NAME: Enable IP address in SAN + * WOLFSSL_RID_ALT_NAME: Enable Registered ID in SAN + * WOLFSSL_SEP: Enable SubjectEntryPoint extension + * WOLFSSL_EKU_OID: Enable Extended Key Usage OID support + * WOLFSSL_ACERT: Enable attribute certificate support + * IGNORE_KEY_EXTENSIONS: Ignore key usage extensions + * IGNORE_NETSCAPE_CERT_TYPE: Ignore Netscape cert type extension + * WOLFSSL_ALLOW_CRIT_AIA: Allow critical Authority Info Access + * WOLFSSL_ALLOW_CRIT_AKID: Allow critical Auth Key Identifier + * WOLFSSL_ALLOW_CRIT_SKID: Allow critical Subject Key Identifier + * WC_ASN_UNKNOWN_EXT_CB: Callback for unknown extensions + * + * ASN.1 Parsing: + * WOLFSSL_ASN_ALL: Enable all ASN.1 features + * WOLFSSL_ASN_CA_ISSUER: Enable CA Issuer in AIA parsing + * WOLFSSL_ASN_PRINT: Enable ASN.1 structure printing + * WOLFSSL_ASN_INT_LEAD_0_ANY: Allow any leading zero in ASN integers + * WOLFSSL_ASN_PARSE_KEYUSAGE: Parse key usage extension + * WOLFSSL_ASN_TIME_STRING: Enable ASN time to string conversion + * ASN_TEMPLATE_SKIP_ISCA_CHECK: Skip isCA check in ASN template + * + * OID: + * HAVE_OID_ENCODING: Enable OID encoding support + * HAVE_OID_DECODING: Enable OID decoding support + * WOLFSSL_OLD_OID_SUM: Use old OID sum calculation + * + * CRL: + * HAVE_CRL: Enable Certificate Revocation Lists + * CRL_STATIC_REVOKED_LIST: Use static list for revoked certs + * + * OCSP: + * HAVE_OCSP: Enable OCSP support + * HAVE_OCSP_RESPONDER: Enable OCSP responder support + * WOLFSSL_OCSP_PARSE_STATUS: Parse OCSP response status + * + * PKCS: + * HAVE_PKCS8: Enable PKCS#8 support + * HAVE_PKCS12: Enable PKCS#12 support + * + * Algorithms (ASN encoding/decoding): + * HAVE_DILITHIUM: Enable Dilithium ASN support + * WOLFSSL_DILITHIUM_NO_ASN1: Disable Dilithium ASN.1 encoding + * WOLFSSL_DILITHIUM_FIPS204_DRAFT: FIPS 204 draft Dilithium + * WOLFSSL_DILITHIUM_NO_SIGN: Disable Dilithium signing + * WOLFSSL_DILITHIUM_NO_VERIFY: Disable Dilithium verify + * HAVE_FALCON: Enable Falcon ASN support + * HAVE_SPHINCS: Enable SPHINCS+ ASN support + * + * Key Import/Export: + * WC_ENABLE_ASYM_KEY_IMPORT: Enable asymmetric key import + * WC_ENABLE_ASYM_KEY_EXPORT: Enable asymmetric key export + * + * Compatibility: + * WOLFSSL_APACHE_HTTPD: Apache HTTPD compatibility + * WOLFSSL_X509_NAME_AVAILABLE: Enable X509_NAME API + * WOLFSSL_HAVE_ISSUER_NAMES: Store issuer name components + * WOLFSSL_ASN_KEY_SIZE_ENUM: Use enum for AES key size in ASN + * WOLFSSL_SM3: Enable SM3 hash ASN support + * HAVE_SMIME: Enable S/MIME support + * HAVE_LIBZ: Enable zlib compression for certs + * WC_RC2: Enable RC2 for PKCS#12 + * WOLFSSL_MD2: Enable MD2 hash (legacy) */ #ifndef NO_RSA @@ -4389,7 +4489,7 @@ static word32 SetBitString16Bit(word16 val, byte* output) /* Falcon Level 5: 1 3 9999 3 9 */ static const byte sigFalcon_Level5Oid[] = {43, 206, 15, 3, 9}; -#endif /* HAVE_FACON */ +#endif /* HAVE_FALCON */ #ifdef HAVE_DILITHIUM #ifdef WOLFSSL_DILITHIUM_FIPS204_DRAFT /* Dilithium Level 2: 1.3.6.1.4.1.2.267.12.4.4 */ @@ -17954,7 +18054,7 @@ static WC_INLINE int IsSigAlgoECC(word32 algoOID) #ifdef HAVE_CURVE448 || (algoOID == X448k) #endif - #ifdef HAVE_FACON + #ifdef HAVE_FALCON || (algoOID == FALCON_LEVEL1k) || (algoOID == FALCON_LEVEL5k) #endif diff --git a/wolfcrypt/src/cryptocb.c b/wolfcrypt/src/cryptocb.c index 5972f2b4441..069dd4e0c6f 100644 --- a/wolfcrypt/src/cryptocb.c +++ b/wolfcrypt/src/cryptocb.c @@ -22,18 +22,36 @@ /* This framework provides a central place for crypto hardware integration using the devId scheme. If not supported return `CRYPTOCB_UNAVAILABLE`. */ -/* Some common, optional build settings: - * these can also be set in wolfssl/options.h or user_settings.h - * ------------------------------------------------------------- - * enable the find device callback functions - * WOLF_CRYPTO_CB_FIND +/* +Crypto Callback Build Options: + * WOLF_CRYPTO_CB: Master enable for crypto callback default: off + * framework. Required for all options below. + * WOLF_CRYPTO_CB_FIND: Enable find device callback functions default: off + * Allows lookup of registered crypto devices. + * WOLF_CRYPTO_CB_CMD: Enable command callbacks invoked during default: off + * register and unregister of crypto devices. + * WOLF_CRYPTO_CB_COPY: Enable copy callback for algorithm default: off + * structures (hash, cipher state copying). + * WOLF_CRYPTO_CB_FREE: Enable free callback for algorithm default: off + * structures (cleanup of crypto objects). + * WOLF_CRYPTO_CB_AES_SETKEY: Enable callback for AES key setup default: off + * WOLF_CRYPTO_CB_RSA_PAD: Enable callback for RSA padding default: off + * operations (custom padding handling). + * DEBUG_CRYPTOCB: Enable debug InfoString functions default: off * - * enable the command callback functions to invoke the callback during - * register and unregister - * WOLF_CRYPTO_CB_CMD + * Device ID options: + * WC_USE_DEVID: Specify a default device ID to use default: off + * when no hardware device is detected. + * WC_NO_DEFAULT_DEVID: Disable automatic default device ID default: off + * selection. Requires explicit devId passing. + * WOLFSSL_CAAM_DEVID: Device ID constant (value 7) for NXP default: off + * CAAM hardware crypto. * - * enable debug InfoString functions - * DEBUG_CRYPTOCB + * Algorithm-specific callback options: + * NO_SHA2_CRYPTO_CB: Disable crypto callbacks for SHA-384 default: off + * and SHA-512 operations. + * WOLF_CRYPTO_CB_ONLY_ECC: Use only callbacks for ECC default: off + * WOLF_CRYPTO_CB_ONLY_RSA: Use only callbacks for RSA default: off */ #include diff --git a/wolfcrypt/src/curve448.c b/wolfcrypt/src/curve448.c index eea1371e134..cbf34863646 100644 --- a/wolfcrypt/src/curve448.c +++ b/wolfcrypt/src/curve448.c @@ -25,6 +25,17 @@ * Reworked for curve448 by Sean Parkinson. */ +/* + * Curve448 Build Options: + * + * HAVE_CURVE448: Enable Curve448 support default: off + * HAVE_CURVE448_SHARED_SECRET: Enable Curve448 shared secret default: on + * (when HAVE_CURVE448 is enabled) + * HAVE_CURVE448_KEY_EXPORT: Enable Curve448 key export default: on + * HAVE_CURVE448_KEY_IMPORT: Enable Curve448 key import default: on + * WOLFSSL_ECDHX_SHARED_NOT_ZERO: Check ECDH shared secret != 0 default: off + */ + #include #ifdef HAVE_CURVE448 diff --git a/wolfcrypt/src/des3.c b/wolfcrypt/src/des3.c index 397986f817a..c3dcdf5efa0 100644 --- a/wolfcrypt/src/des3.c +++ b/wolfcrypt/src/des3.c @@ -19,6 +19,17 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * DES3 Build Options: + * + * NO_DES3: Disable 3DES support entirely default: off + * WOLFSSL_DES_ECB: Enable DES-ECB mode default: off + * + * Hardware Acceleration (DES3-specific): + * WC_ASYNC_ENABLE_3DES: Enable async 3DES operations default: off + * FREESCALE_LTC_DES: Freescale LTC DES acceleration default: off + */ + #include #ifndef NO_DES3 diff --git a/wolfcrypt/src/ecc.c b/wolfcrypt/src/ecc.c index 1376cff2a03..373b114f85b 100644 --- a/wolfcrypt/src/ecc.c +++ b/wolfcrypt/src/ecc.c @@ -100,6 +100,65 @@ Possible ECC enable options: * WOLFSSL_CHECK_VER_FAULTS * Sanity check on verification steps in case of faults. * default: off + * ECC_TIMING_RESISTANT: Enables constant-time ECC operations default: on + * to prevent timing side-channel attacks. + * Auto-enabled for FIPS and some embedded builds. + * WC_NO_CACHE_RESISTANT: Disables cache-resistant operations default: off + * (conditional swaps) in ECC scalar multiply to + * reduce overhead. Not recommended for secure use. + * ALT_ECC_SIZE: Uses alternate smaller fixed-size arrays default: off + * for ECC points instead of full mp_int arrays, + * reducing memory. Requires USE_FAST_MATH. + * WOLFSSL_ECC_NO_SMALL_STACK: Disables WOLFSSL_SMALL_STACK default: off + * optimizations for ECC, using stack instead of heap. + * HAVE_ECC_CHECK_PUBKEY_ORDER: Validates ECC public key order default: on + * during import. Auto-enabled unless + * NO_ECC_CHECK_PUBKEY_ORDER is defined. + * NO_ECC_CHECK_PUBKEY_ORDER: Disables public key order check default: off + * during ECC key import. Not recommended. + * HAVE_ECC_MAKE_PUB: Enables computing public key from default: on + * private key via wc_ecc_make_pub. + * HAVE_ECC_VERIFY_HELPER: Enables ECC verify helper functions default: on + * Auto-enabled unless using hardware accelerators. + * WOLFSSL_PUBLIC_ECC_ADD_DBL: Makes ecc_projective_add_point default: off + * and ecc_projective_dbl_point public APIs. + * SQRTMOD_USE_MOD_EXP: Computes square root mod prime using default: off + * modular exponentiation instead of Jacobi method + * for compressed key decompression. + * + * ECIES options: + * WOLFSSL_ECIES_OLD: Uses original wolfSSL ECIES format default: off + * (public key not in shared secret material). + * WOLFSSL_ECIES_ISO18033: Uses ISO 18033 ECIES standard default: off + * (includes public key in shared secret). + * WOLFSSL_ECIES_GEN_IV: Generates random IV for ECIES default: off + * encryption instead of deriving from KDF. + * + * Fixed Point Cache options (requires FP_ECC): + * FP_ENTRIES: Number of FP cache entries default: 15 + * FP_LUT: FP lookup table bit size (2-12). Larger default: 8 + * values use more memory but faster verify. + * FP_ECC_CONTROL: Auto-selects cached FP ECC verify with default: on + * SP when WOLFSSL_HAVE_SP_ECC is available. + * + * SP Math ECC options: + * WOLFSSL_HAVE_SP_ECC: Enables SP math optimizations for ECC default: on + * Provides significant performance improvement. + * WOLFSSL_SP_NO_256: Disables SP P-256 support default: off + * WOLFSSL_SP_384: Enables SP P-384 support default: off + * WOLFSSL_SP_521: Enables SP P-521 support default: off + * WOLFSSL_SP_1024: Enables SP 1024-bit support for SAKKE default: off + * WOLFSSL_SP_SM2: Enables SP SM2 curve support default: off + * Auto-enabled with WOLFSSL_SM2. + * + * Hardware/Offload options: + * WOLFSSL_KCAPI_ECC: Offload ECC to Linux Kernel Crypto API default: off + * WC_ASYNC_ENABLE_ECC: Enables async ECC with crypto callbacks default: off + * Requires WOLFSSL_ASYNC_CRYPT. + * WC_ASYNC_ENABLE_ECC_KEYGEN: Enables async ECC key gen default: off + * PLUTON_CRYPTO_ECC: Uses ARM Pluton TEE for ECC operations default: off + * WOLFSSL_CAAM_BLACK_KEY_SM: Uses NXP CAAM secure memory for default: off + * encrypted black key storage. */ /* diff --git a/wolfcrypt/src/evp.c b/wolfcrypt/src/evp.c index 9aaefbef2b0..2524acf8e4f 100644 --- a/wolfcrypt/src/evp.c +++ b/wolfcrypt/src/evp.c @@ -5483,7 +5483,7 @@ const WOLFSSL_EVP_CIPHER *wolfSSL_EVP_get_cipherbyname(const char *name) {EVP_ARIA_256_GCM, "aria-256-gcm"}, {EVP_ARIA_256_GCM, "id-aria256-GCM"}, #endif -#ifdef WOLFSSL_SM4_EBC +#ifdef WOLFSSL_SM4_ECB {EVP_SM4_ECB, "sm4-ecb"}, #endif #ifdef WOLFSSL_SM4_CBC diff --git a/wolfcrypt/src/hmac.c b/wolfcrypt/src/hmac.c index fa9b9aaecf6..4b3cfd15890 100644 --- a/wolfcrypt/src/hmac.c +++ b/wolfcrypt/src/hmac.c @@ -20,6 +20,21 @@ */ +/* + * HMAC Build Options: + * + * NO_HMAC: Disable HMAC support entirely default: off + * HAVE_HKDF: Enable HKDF (RFC 5869) key derivation default: off + * WOLFSSL_HMAC_COPY_HASH: Copy hash state instead of re-init default: off + * for HMAC operations (performance) + * STM32_HMAC: STM32 hardware HMAC acceleration default: off + * + * Hardware Acceleration (HMAC-specific): + * WC_ASYNC_ENABLE_HMAC: Enable async HMAC operations default: off + * WOLFSSL_DEVCRYPTO_HMAC: /dev/crypto HMAC acceleration default: off + * WOLFSSL_KCAPI_HMAC: Linux kernel crypto API for HMAC default: off + */ + #include #ifndef NO_HMAC diff --git a/wolfcrypt/src/md5.c b/wolfcrypt/src/md5.c index 5ee180bb607..9e6c22cbd35 100644 --- a/wolfcrypt/src/md5.c +++ b/wolfcrypt/src/md5.c @@ -19,6 +19,17 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * MD5 Build Options: + * + * NO_MD5: Disable MD5 support entirely default: off + * HAVE_MD5_CUST_API: Enable custom MD5 API default: off + * STM32_NOMD5: Disable STM32 hardware MD5 default: off + * + * Hardware Acceleration (MD5-specific): + * WC_ASYNC_ENABLE_MD5: Enable async MD5 operations default: off + */ + #include #if !defined(NO_MD5) diff --git a/wolfcrypt/src/pkcs7.c b/wolfcrypt/src/pkcs7.c index 0a6b85e5124..5a02c97d219 100644 --- a/wolfcrypt/src/pkcs7.c +++ b/wolfcrypt/src/pkcs7.c @@ -19,6 +19,25 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * PKCS#7 Build Options: + * + * Core: + * HAVE_PKCS7: Enable PKCS#7 support default: off + * NO_PKCS7_STREAM: Disable PKCS#7 streaming mode default: off + * NO_PKCS7_ENCRYPTED_DATA: Disable PKCS#7 EncryptedData type default: off + * NO_PKCS7_COMPRESSED_DATA: Disable PKCS#7 CompressedData type default: off + * WC_PKCS7_STREAM_DEBUG: Enable PKCS#7 stream debug output default: off + * WOLFSSL_PKCS7_MAX_DECOMPRESSION: Max decompression size default: off + * + * Callbacks: + * HAVE_PKCS7_RSA_RAW_SIGN_CALLBACK: Custom RSA raw sign callback default: off + * HAVE_PKCS7_ECC_RAW_SIGN_CALLBACK: Custom ECC raw sign callback default: off + * + * Key Derivation: + * HAVE_X963_KDF: Enable ANSI X9.63 KDF default: off + */ + #include #ifdef HAVE_PKCS7 diff --git a/wolfcrypt/src/poly1305.c b/wolfcrypt/src/poly1305.c index 405a4dbb857..e9db4d61a54 100644 --- a/wolfcrypt/src/poly1305.c +++ b/wolfcrypt/src/poly1305.c @@ -38,6 +38,14 @@ and Daniel J. Bernstein #include +/* + * Poly1305 Build Options: + * + * HAVE_POLY1305: Enable Poly1305 authenticator default: off + * POLY130564: Use 64-bit Poly1305 implementation default: auto + * USE_INTEL_POLY1305_SPEEDUP: Intel AVX/AVX2 Poly1305 accel default: off + */ + #ifdef HAVE_POLY1305 #include #include diff --git a/wolfcrypt/src/random.c b/wolfcrypt/src/random.c index 5340a0b271f..9fa318c7608 100644 --- a/wolfcrypt/src/random.c +++ b/wolfcrypt/src/random.c @@ -26,22 +26,80 @@ This library contains implementation for the random number generator. */ -/* Possible defines: - * ENTROPY_NUM_UPDATE default: 18 - * Number of updates to perform. A hash is created and memory accessed - * based on the hash values in each update of a sample. - * More updates will result in better entropy quality but longer sample - * times. - * ENTROPY_NUM_UPDATES_BITS default: 5 - * Number of bits needed to represent ENTROPY_NUM_UPDATE. - * = upper(log2(ENTROPY_NUM_UPDATE)) - * ENTROPY_NUM_WORDS_BITS default: 14 - * State has 2^ENTROPY_NUMN_WORDS_BITS entries. Range: 8-30 - * The value should be based on the cache sizes. - * Use a value that is at least as large as the L1 cache if possible. - * The higher the value, the more likely there will be cache misses and - * better the entropy quality. - * A larger value will use more static memory. +/* + * Random Number Generator Build Options: + * + * Core RNG: + * WC_NO_RNG: Disable RNG support entirely default: off + * HAVE_HASHDRBG: Enable Hash-based DRBG (SP 800-90A) default: on + * WC_RNG_BLOCKING: Make RNG operations blocking default: off + * WC_VERBOSE_RNG: Enable verbose RNG debug output default: off + * WC_RNG_SEED_CB: Use custom seed callback function default: off + * WC_RNG_BANK_SUPPORT: Enable RNG bank (pre-generated) default: off + * random data support + * WOLFSSL_RNG_USE_FULL_SEED: Use full-length seed for DRBG default: off + * WOLFSSL_GENSEED_FORTEST: Use deterministic seed for testing default: off + * WARNING: not for production use + * WOLFSSL_KEEP_RNG_SEED_FD_OPEN: Keep /dev/random fd open default: off + * between seed operations + * + * Custom RNG Sources: + * CUSTOM_RAND_GENERATE: Custom random word generator func default: off + * CUSTOM_RAND_GENERATE_BLOCK: Custom block random generator default: off + * CUSTOM_RAND_GENERATE_SEED: Custom seed generator function default: off + * CUSTOM_RAND_GENERATE_SEED_OS: Custom OS-level seed generator default: off + * + * Entropy Sources: + * HAVE_ENTROPY_MEMUSE: Enable memory-use based entropy default: off + * source for DRBG seeding + * ENTROPY_MEMUSE_FORCE_FAILURE: Force entropy failure (testing) default: off + * HAVE_GETRANDOM: Use Linux getrandom() syscall default: auto + * WOLFSSL_GETRANDOM: Use getrandom() for seed source default: auto + * FORCE_FAILURE_GETRANDOM: Force getrandom failure (testing) default: off + * NO_DEV_RANDOM: Don't use /dev/random for seeding default: off + * NO_DEV_URANDOM: Don't use /dev/urandom for seeding default: off + * HAVE_INTEL_RDRAND: Use Intel RDRAND instruction default: off + * HAVE_INTEL_RDSEED: Use Intel RDSEED instruction default: off + * HAVE_AMD_RDSEED: Use AMD RDSEED instruction default: off + * IDIRECT_DEV_RANDOM: iDirect custom /dev/random path default: off + * WIN_REUSE_CRYPT_HANDLE: Reuse Windows CryptContext handle default: off + * + * Entropy Tuning (for HAVE_ENTROPY_MEMUSE): + * ENTROPY_NUM_UPDATE: Number of updates per sample default: 18 + * More updates = better entropy but slower + * ENTROPY_NUM_UPDATES_BITS: Bits to represent ENTROPY_NUM_UPDATE default: 5 + * = upper(log2(ENTROPY_NUM_UPDATE)) + * ENTROPY_NUM_WORDS_BITS: State size as 2^N entries default: 14 + * Range: 8-30. Base on cache sizes. + * Larger = more cache misses = better entropy + * but more static memory usage. + * + * DRBG Health Tests: + * WC_RNG_SEED_APT_CUTOFF: Adaptive proportion test cutoff default: auto + * WC_RNG_SEED_APT_WINDOW: Adaptive proportion test window size default: auto + * WC_RNG_SEED_RCT_CUTOFF: Repetition count test cutoff default: auto + * + * Hardware RNG: + * STM32_RNG: STM32 hardware RNG default: off + * STM32_NUTTX_RNG: STM32 RNG via NuttX default: off + * WOLFSSL_STM32F427_RNG: STM32F427 hardware RNG default: off + * WOLFSSL_STM32_RNG_NOLIB: STM32 RNG without HAL library default: off + * WOLFSSL_PIC32MZ_RNG: PIC32MZ hardware RNG default: off + * FREESCALE_RNGA: Freescale RNGA default: off + * FREESCALE_K70_RNGA: Freescale K70 RNGA default: off + * FREESCALE_RNGB: Freescale RNGB default: off + * FREESCALE_KSDK_2_0_RNGA: Freescale KSDK 2.0 RNGA default: off + * FREESCALE_KSDK_2_0_TRNG: Freescale KSDK 2.0 TRNG default: off + * MAX3266X_RNG: MAX3266X hardware RNG default: off + * QAT_ENABLE_RNG: Intel QAT hardware RNG default: off + * WOLFSSL_ATECC_RNG: ATECC508/608 hardware RNG default: off + * WOLFSSL_SILABS_TRNG: Silicon Labs TRNG default: off + * WOLFSSL_SCE_NO_TRNG: Disable Renesas SCE TRNG default: off + * WOLFSSL_SCE_TRNG_HANDLE: Renesas SCE TRNG handle default: off + * WOLFSSL_SE050_NO_TRNG: Disable SE050 TRNG default: off + * WOLFSSL_PSA_NO_RNG: Disable PSA RNG default: off + * HAVE_IOTSAFE_HWRNG: IoT-Safe hardware RNG default: off + * WOLFSSL_XILINX_CRYPT_VERSAL: Xilinx Versal crypto RNG default: off */ #include diff --git a/wolfcrypt/src/rsa.c b/wolfcrypt/src/rsa.c index 3a32f915b72..941b71b8cff 100644 --- a/wolfcrypt/src/rsa.c +++ b/wolfcrypt/src/rsa.c @@ -66,29 +66,62 @@ RSA keys can be used to encrypt, decrypt, sign and verify data. #endif /* -Possible RSA enable options: - * NO_RSA: Overall control of RSA default: on - * (not defined) - * WC_RSA_BLINDING: Uses Blinding w/ Private Ops default: on - Note: slower by ~20% - * WOLFSSL_KEY_GEN: Allows Private Key Generation default: off - * RSA_LOW_MEM: NON CRT Private Operations, less memory default: off - * WC_NO_RSA_OAEP: Disables RSA OAEP padding default: on - * (not defined) - * WC_RSA_NONBLOCK: Enables support for RSA non-blocking default: off - * WC_RSA_NONBLOCK_TIME: Enables support for time based blocking default: off - * time calculation. - * WC_RSA_NO_FERMAT_CHECK:Don't check for small difference in default: off - * p and q (Fermat's factorization is (not defined) - * possible when small difference). -*/ - -/* -RSA Key Size Configuration: - * FP_MAX_BITS: With USE_FAST_MATH only default: 4096 - If USE_FAST_MATH then use this to override default. - Value is key size * 2. Example: RSA 3072 = 6144 -*/ + * RSA Build Options: + * + * Core: + * NO_RSA: Disable RSA support entirely default: off + * WOLFSSL_RSA_PUBLIC_ONLY: Only include RSA public key operations default: off + * WOLFSSL_RSA_VERIFY_ONLY: Only include RSA verify operation default: off + * WOLFSSL_RSA_VERIFY_INLINE: RSA verify inline (no output copy) default: off + * WC_RSA_DIRECT: Enable direct RSA encrypt/decrypt API default: off + * WC_RSA_NO_PADDING: Enable no-padding RSA mode default: off + * WOLFSSL_RSA_KEY_CHECK: Enable RSA key pair consistency check default: off + * WOLFSSL_RSA_CHECK_D_ON_DECRYPT: Validate private exponent d default: off + * before each decrypt operation + * WOLFSSL_RSA_DECRYPT_TO_0_LEN: Allow RSA decrypt result of 0 default: off + * length (empty plaintext) + * NO_RSA_BOUNDS_CHECK: Disable RSA bounds checking on input default: off + * SHOW_GEN: Show key generation progress dots default: off + * + * Padding: + * WC_RSA_PSS: Enable RSA-PSS signature support default: off + * WC_NO_RSA_OAEP: Disable RSA OAEP padding default: off + * WOLFSSL_PSS_LONG_SALT: Allow PSS salt longer than hash length default: off + * WOLFSSL_PSS_SALT_LEN_DISCOVER: Auto-discover PSS salt length default: off + * during verification + * + * Performance: + * WC_RSA_BLINDING: Use blinding with private key ops default: on + * Note: ~20% slower, protects against + * timing side-channels + * RSA_LOW_MEM: Non-CRT private ops, less memory default: off + * WC_RSA_NONBLOCK: Non-blocking RSA operations default: off + * WC_RSA_NONBLOCK_TIME: Time-based non-blocking RSA default: off + * WOLFSSL_MP_INVMOD_CONSTANT_TIME: Constant-time modular inverse default: off + * WC_RSA_NO_FERMAT_CHECK: Skip Fermat factorization check on default: off + * key generation (p and q closeness) + * + * Key Generation: + * WOLFSSL_KEY_GEN: Enable RSA private key generation default: off + * FP_MAX_BITS: Max key bits with USE_FAST_MATH default: 4096 + * Value is key size * 2 (e.g. RSA 3072 = 6144) + * + * SP Math: + * WOLFSSL_HAVE_SP_RSA: Use SP math for RSA operations default: off + * WOLFSSL_SP_MATH: Use SP math only (no multi-precision) default: off + * WOLFSSL_SP_MATH_ALL: SP math for all key sizes default: off + * WOLFSSL_SP_NO_2048: Disable SP RSA 2048-bit support default: off + * WOLFSSL_SP_NO_3072: Disable SP RSA 3072-bit support default: off + * WOLFSSL_SP_4096: Enable SP RSA 4096-bit support default: off + * WOLFSSL_SP_ASM: Use SP assembly optimizations default: off + * + * Hardware Acceleration (RSA-specific): + * WC_ASYNC_ENABLE_RSA: Enable async RSA operations default: off + * WOLFSSL_KCAPI_RSA: Linux kernel crypto API for RSA default: off + * WOLFSSL_AFALG_XILINX_RSA: AF_ALG Xilinx RSA acceleration default: off + * WOLFSSL_SE050_NO_RSA: Disable SE050 RSA default: off + * WOLFSSL_XILINX_CRYPT: Xilinx crypto RSA acceleration default: off + */ #include diff --git a/wolfcrypt/src/sha.c b/wolfcrypt/src/sha.c index 8b5fb5e1a87..e03f1aa2791 100644 --- a/wolfcrypt/src/sha.c +++ b/wolfcrypt/src/sha.c @@ -19,6 +19,26 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * SHA-1 Build Options: + * + * Core: + * NO_SHA: Disable SHA-1 support entirely default: off + * USE_SLOW_SHA: Disable SHA-1 loop unrolling default: off + * WC_HASH_DATA_ALIGNMENT: Required data alignment for hashing default: off + * + * Hardware Acceleration (SHA-1-specific): + * WC_ASYNC_ENABLE_SHA: Enable async SHA-1 operations default: off + * WOLFSSL_PIC32MZ_HASH: PIC32MZ hardware SHA default: off + * WOLFSSL_PSA_NO_HASH: Disable PSA hash default: off + * WOLFSSL_TI_HASH: TI hardware hash default: off + * WOLFSSL_RENESAS_RX64_HASH: Renesas RX64 hardware hash default: off + * FREESCALE_LTC_SHA: Freescale LTC SHA acceleration default: off + * FREESCALE_MMCAU_SHA: Freescale MMCAU SHA acceleration default: off + * STM32_HASH: STM32 hardware hash default: off + * PSOC6_HASH_SHA1: PSoC6 hardware SHA-1 default: off + */ + #include #ifdef DEBUG_WOLFSSL_VERBOSE diff --git a/wolfcrypt/src/sha3.c b/wolfcrypt/src/sha3.c index de77e971db2..7c4558313f0 100644 --- a/wolfcrypt/src/sha3.c +++ b/wolfcrypt/src/sha3.c @@ -19,6 +19,25 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * SHA-3 Build Options: + * + * Core: + * WOLFSSL_SHA3: Enable SHA-3 support default: off + * WOLFSSL_SHA3_SMALL: Use smaller SHA-3 implementation default: off + * WOLFSSL_SHAKE128: Enable SHAKE128 XOF default: off + * WOLFSSL_SHAKE256: Enable SHAKE256 XOF default: off + * SHA3_BY_SPEC: Use specification Keccak-f order default: off + * WC_SHA3_NO_ASM: Disable SHA-3 assembly optimizations default: off + * WC_SHA3_FAULT_HARDEN: Harden SHA-3 against fault attacks default: off + * + * Hardware Acceleration (SHA-3-specific): + * WC_ASYNC_ENABLE_SHA3: Enable async SHA-3 operations default: off + * WOLFSSL_ARMASM_CRYPTO_SHA3: ARM crypto SHA-3 instructions default: off + * STM32_HASH_SHA3: STM32 hardware SHA-3 default: off + * PSOC6_HASH_SHA3: PSoC6 hardware SHA-3 default: off + */ + #include #ifdef WC_SHA3_NO_ASM diff --git a/wolfcrypt/src/sha512.c b/wolfcrypt/src/sha512.c index fc2a07a18ea..cc219db77f7 100644 --- a/wolfcrypt/src/sha512.c +++ b/wolfcrypt/src/sha512.c @@ -19,6 +19,41 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* + * SHA-512/384 Build Options: + * + * Core: + * WOLFSSL_SHA512: Enable SHA-512 support default: off + * WOLFSSL_SHA384: Enable SHA-384 support default: off + * WOLFSSL_NOSHA512_224: Disable SHA-512/224 variant default: off + * WOLFSSL_NOSHA512_256: Disable SHA-512/256 variant default: off + * + * Performance: + * USE_SLOW_SHA512: Disable SHA-512 loop unrolling default: off + * USE_SLOW_SHA2: Disable SHA-2 loop unrolling default: off + * WOLFSSL_HASH_FLAGS: Enable hash flags for state tracking default: off + * WOLFSSL_HASH_KEEP: Keep hash input data for reuse default: off + * WOLFSSL_SMALL_STACK_CACHE: Cache hash state on small stack default: off + * WC_NO_INTERNAL_FUNCTION_POINTERS: Disable internal func ptrs default: off + * + * Hardware Acceleration (SHA-512-specific): + * WC_ASYNC_ENABLE_SHA512: Enable async SHA-512 operations default: off + * WC_ASYNC_ENABLE_SHA384: Enable async SHA-384 operations default: off + * WOLFSSL_KCAPI_HASH: Linux kernel crypto API for hashing default: off + * WOLFSSL_SE050_HASH: SE050 hardware hashing default: off + * WOLFSSL_SILABS_SHA384: Silicon Labs SHA-384 acceleration default: off + * WOLFSSL_SILABS_SHA512: Silicon Labs SHA-512 acceleration default: off + * NO_IMX6_CAAM_HASH: Disable i.MX6 CAAM hash default: off + * NO_WOLFSSL_ESP32_CRYPT_HASH: Disable ESP32 hash acceleration default: off + * WOLFSSL_ARMASM_CRYPTO_SHA512: ARM crypto SHA-512 instructions default: off + * STM32_HASH_SHA384: STM32 hardware SHA-384 default: off + * STM32_HASH_SHA512: STM32 hardware SHA-512 default: off + * WOLFSSL_SHA512_HASHTYPE: SHA-512 hash type for hw dispatch default: off + * MAX3266X_SHA: MAX3266X hardware SHA default: off + * PSOC6_HASH_SHA2: PSoC6 hardware SHA-2 default: off + * WOLFSSL_RENESAS_RSIP: Renesas RSIP SHA acceleration default: off + */ + #include #if (defined(WOLFSSL_SHA512) || defined(WOLFSSL_SHA384)) && \ diff --git a/wolfcrypt/src/wc_port.c b/wolfcrypt/src/wc_port.c index b0f8c07aadf..1dd38c02fc6 100644 --- a/wolfcrypt/src/wc_port.c +++ b/wolfcrypt/src/wc_port.c @@ -19,6 +19,77 @@ * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1335, USA */ +/* +wolfCrypt Porting Build Options: + +Threading/Mutex options: + * SINGLE_THREADED: No-op mutex/threading implementations default: off + * WOLFSSL_PTHREADS: Use pthread-based mutex/threading default: off + * (auto-detected on most POSIX systems) + * WOLFSSL_MUTEX_INITIALIZER: Use static mutex initialization default: off + * WC_MUTEX_OPS_INLINE: Use inlined mutex operations default: off + * WOLFSSL_USER_MUTEX: User-provided mutex implementation default: off + * WOLFSSL_COND: Enable condition variable support default: off + * WOLFSSL_USE_RWLOCK: Enable reader-writer lock support default: off + * WOLFSSL_THREAD_NO_JOIN: Create threads without join default: off + * WOLFSSL_ALGO_HW_MUTEX: Per-algorithm hardware mutex locks default: off + * Controls AES, hash, PK, and RNG mutexes. + * WOLFSSL_CRYPT_HW_MUTEX: Cryptography hardware mutex default: off + * Master control for all HW mutex init. + * NO_AES_MUTEX: Disable AES hardware mutex default: off + * NO_HASH_MUTEX: Disable hash hardware mutex default: off + * NO_PK_MUTEX: Disable public-key hardware mutex default: off + * NO_RNG_MUTEX: Disable RNG hardware mutex default: off + * + * Memory options: + * USE_WOLFSSL_MEMORY: Enable custom memory allocation hooks default: on + * WOLFSSL_STATIC_MEMORY: Use static memory pools instead of default: off + * dynamic allocation. + * WOLFSSL_TRACK_MEMORY: Enable memory allocation tracking default: off + * WOLFSSL_TRACK_MEMORY_VERBOSE: Verbose memory tracking output default: off + * WOLFSSL_FORCE_MALLOC_FAIL_TEST: Force malloc failures for default: off + * testing error handling paths. + * WOLFSSL_MEM_FAIL_COUNT: Count malloc failures for testing default: off + * WOLFSSL_CHECK_MEM_ZERO: Verify sensitive memory is zeroed default: off + * on free. Debug tool for key material. + * + * Filesystem options: + * NO_FILESYSTEM: Disable all filesystem operations default: off + * NO_WOLFSSL_DIR: Disable directory listing/iteration default: off + * + * Time options: + * WOLFSSL_GMTIME: Provide custom gmtime implementation default: off + * HAVE_TIME_T_TYPE: Platform provides time_t default: auto + * TIME_OVERRIDES: Application provides custom time funcs default: off + * USER_TICKS: Application provides tick counter default: off + * USE_WOLF_TM: Use wolfSSL struct tm definition default: off + * + * String function options: + * STRING_USER: User provides all string functions default: off + * USE_WOLF_STRTOK: Use wolfSSL strtok implementation default: off + * USE_WOLF_STRSEP: Use wolfSSL strsep implementation default: off + * USE_WOLF_STRLCPY: Use wolfSSL strlcpy implementation default: off + * USE_WOLF_STRLCAT: Use wolfSSL strlcat implementation default: off + * USE_WOLF_STRCASECMP: Use wolfSSL strcasecmp implementation default: off + * USE_WOLF_STRNCASECMP:Use wolfSSL strncasecmp implementation default: off + * USE_WOLF_STRDUP: Use wolfSSL strdup implementation default: off + * + * Atomic operation options: + * WOLFSSL_ATOMIC_OPS: Enable atomic operations for thread default: off + * safety without full mutexes. + * WOLFSSL_USER_DEFINED_ATOMICS: User-provided atomic impl default: off + * WOLFSSL_HAVE_ATOMIC_H: Has C11 atomic.h header default: off + * + * General options: + * WOLFCRYPT_ONLY: Exclude TLS/SSL, wolfCrypt only build default: off + * WOLFSSL_LEANPSK: Lean PSK build, minimal features default: off + * WOLF_C89: C89 compatibility mode default: off + * WOLFSSL_SMALL_STACK: Reduce stack usage by allocating from default: off + * heap instead. Slower but needed for + * constrained environments. + * DEBUG_WOLFSSL_VERBOSE: Enable verbose debug logging default: off + */ + #include #ifdef __APPLE__ diff --git a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h index fc21ea7fd1b..19e4c311686 100644 --- a/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h +++ b/wolfssl/wolfcrypt/port/Renesas/renesas_fspsm_internal.h @@ -91,7 +91,7 @@ typedef struct FSPSM_RSA_CTX { } FSPSM_RSA_CTX; -#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SH224) || \ +#if (!defined(NO_SHA) || !defined(NO_SHA256) || defined(WOLFSSL_SHA224) || \ defined(WOLFSSL_SHA384) || defined(WOLFSSL_SHA512)) && \ !defined(NO_WOLFSSL_RENESAS_FSPSM_HASH)