add support for EXTRA_CPPFLAGS, EXTRA_CCASFLAGS, and EXTRA_LDFLAGS;
fix typo in setup for CFLAG_VISIBILITY;
lightly refactor handling of CPPFLAGS/AM_CPPFLAGS in handlers for --with-liboqs, --with-wnr, and --with-cavium;
refactor+enhance options.h generation to handle -U directives.
* Fixed `PEM_BUFSIZE` macro redefined when building with coexist.
* Updated the `user_settings_all.h` and `user_settings_wolfboot_keytools.h` to include latest options.
* Improved API unit test error case checking where `TEST_RES_CHECK` is not used.
* Changed `TEST_SKIPPED` to unique value.
* Added CI tests for enable-all, small stack, and user setting templates.
Fix random prime generation for big endian to set low bits after
shifting top word.
Allow SP_MATH to be built without RSA, DH and ECC - needed for PKCS#12.
Add DH 2048 bit parameters to cert_test.c for test.c when NO_ASN and
WOLFSSL_SP_MATH.
Configuration
- thread-local storaoge is selected when available
- '--enable-error-queue-per-thread' and '--disable-error-queue-per-thread' can
be used as before to explicitly en-/disable the feature.
Implementation:
- with thread-local-storage, error queue is realized in one struct without
allocations. Queue size is restricted to 16 entries (per thread), which
is the same limit in OpenSSL 1.1.x.
- without thread-local-storage, all error queue operations are mutex locked
- wc_PeekErrorNodeLineData() and wc_GetErrorNodeErr() added for use by SSL
functions to allow locked queue iterations/manipulations.
Enabling SP with ASM didn't enable SP or error out when SP wasn't
configured. Now enables SP when '' and errors when 'no'.
SAKKE modinv used large amounts of stack. Change to have more temporary
memory allocated increased to cover the usage.
ECC, SAKKE: sp_<bits>_ecc_mulmod_<cpu><words>() used large amounts of
stack. Allocate when WOLFSSL_SMALL_STACK.
wc_DhCheckKeyPair() not available when HAVE_SELFTEST.
Wasn't compiled in before as WOLFSSL_HAVE_SP_DH wasn't defined.
--enable-entropy-memuse enables the software base entropy gatherer.
The entropy source uses difference in timing to read/write cache lines.
Random indeces into a buffer are updated with the high resolution timer
value which is fed into a hash to produce further random indeces.
The current time is added to the entropy samples at time of
conditioning.
In configure.ac and CMakeLists.txt, check for the header
Security/SecTrustSettings.h. If this header is found, enable the feature. If
it isn't, disable it. For non-configure/non-CMake builds, require the user to
explicitly define HAVE_SECURITY_SECTRUSTSETTINGS_H if they want to use system
CA certs (handled in settings.h).
Ed25519 and Ed448 need to enable certs.
If no system CA certs can't be parsed,
wolfSSL_CTX_load_system_CA_certs() will fail. Don't try test if RSA and
ECC are not enabled.
Fix benchmark.c so that e is defined when WOLFSSL_BENCHMARK_ALL defined.
MAX_LENGTH_SZ is 4 and supports lengths up to 2^24 - one byte for length
and 3 bytes of length.
(new gcc compiler fix)
- Pass in the build configuration to the output rpm package
- Compiler test fails in %configure step in %prep due to missing linker script (injected by rpmbuild). Moving to %build section.
- .la files not wanted in rpm package and delete .la file after install step
- Compiler test fails due to missing linker script (injected by rpmbuild)
https://fedoraproject.org/wiki/Changes/RemoveLaFiles#Upgrade.2Fcompatibility_impact
- Conditional include sp_int.h
- FIPS header and hash update
For the CMake and autotools flows, enabling user_settings.h will define the
macro WOLFSSL_USER_SETTINGS_ASM. This will cause the generated
user_settings_asm.h to be included in the .S assembly files. If the user is
building without autotools or CMake, these files will include user_settings.h
directly, unless WOLFSSL_USER_SETTINGS_ASM is defined.
Daniel Pouzzner
David Garske
jordan
John Safranek
Chris Conlon
Jacob Barthelmeh
Juliusz Sosinowicz
Anthony Hu
Sean Parkinson
Stefan Eissing
Hideki Miyazaki
Uriah Pollock
Kaleb Himes
Hayden Roche