14b7d70ae4
Merge pull request #3846 from kabuobeid/builtinEngsRandMethod
...
Add wolfSSL_RAND_set_rand_method() and document ENGINE_load_builtin_engines()
2021-03-19 14:23:03 -07:00
a363077b1e
Merge pull request #3841 from SparkiDev/aes_gcm_stream
...
AES GCM: implement streaming
2021-03-18 14:36:55 -07:00
7760dcb43b
Fixes and cleanups for the openssl compatibility layer `RAND_` functions. For `opensslextra=x509small` don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac.
2021-03-17 15:51:52 -07:00
38d268dbbb
fixup
2021-03-17 11:31:03 +10:00
7f1e63e7f5
SP config: allow asm to be an SP options (--enable-sp=asm.yes)
2021-03-17 11:24:55 +10:00
35659be06f
AES GCM: implement streaming
...
Updated EVP layer to use streaming API when enabled.
Assembly for x64 updated to include streaming.
2021-03-16 16:39:49 +10:00
5fd0950a3a
Merge pull request #3654 from SparkiDev/sakke_eccsi
...
ECCSI and SAKKE: add support
2021-03-15 16:15:59 -07:00
92854a5ddc
configure.ac: advance AC_PREREQ from 2.63 (2008) to 2.69 (2012) to reflect current automated testing coverage, and to avoid intractable best-practice conflicts between 2.63 and 2.70 (2020); advance AM_INIT_AUTOMAKE from 1.11 (2009) to 1.14.1 (2013) to reflect current automated testing coverage; advance LT_PREREQ from 2.2 (2008) to 2.4.2 (2011) to reflect current automated testing coverage.
2021-03-12 13:49:29 -06:00
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
771a7418ea
fixes for compat with autoconf 2.70 and gcc-10: update m4/ax_pthread.m4 and m4/ax_tls.m4 from upstream, fix declaration syntax in tests/api.c, add AC_CANONICAL_TARGET in configure.ac, and fix two spots with bad quoting syntax in configure.ac and m4/ax_linuxkm.m4. also fix myriad whitespace flubs in api.c.
2021-03-11 17:29:12 -06:00
72eebd6e75
Merge pull request #3795 from JacobBarthelmeh/CAAM
...
Addition of QNX CAAM driver
2021-03-10 15:04:21 -08:00
cd26444e01
addressed jenkins failure part1
2021-03-05 08:19:21 +09:00
0a74fbf95f
Merge pull request #3789 from fabiankeil/configure-accept-amd64
...
configure: When enabling --enable-sp-asm, accept host_cpu amd64
2021-03-04 11:11:13 -08:00
749425e1e8
first pre alpha code for QNX + CAAM
...
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
2021-03-03 18:45:40 +07:00
4d8068a328
Merge pull request #3813 from douzzer/configure-autotools-boilerplate-at-the-top
...
configure.ac: put autotools boilerplate at the top
2021-03-02 09:22:09 -08:00
d805a5c681
SP int: get keygen working with SP math again
...
./configure --enable-sp --enable-sp-math --enable-keygen
2021-02-25 10:01:27 +10:00
9be1e74dc3
configure.ac: move the autotools boilerplate/initializations back to the top, before --enable-distro and --enable-reproducible-build handling.
2021-02-24 17:04:33 -06:00
c201b6801c
Merge pull request #3808 from lechner/enable-base64-with-all
...
Enable Base64 as part of --enable-all.
2021-02-24 14:39:20 -06:00
764207a9f5
Merge pull request #3806 from elms/autoconf/oot_fips_check
...
configure: fix for FIPS out-of-tree builds
2021-02-24 14:38:26 -06:00
94a23c1d48
Merge pull request #3646 from julek-wolfssl/nginx-1.19.6
...
Add support for Nginx 1.19.6
2021-02-24 12:21:51 -08:00
36ba2e134b
configure: FIPS error and compatability cleanup
...
Use autotools macros for case and if. Simplify validation logic.
2021-02-24 08:53:50 -08:00
ae28550667
Enable Base64 as part of --enable-all.
...
Part of an effort to standardize build options across distributions.
When building with all options, this includes Base64, a feature that
was requested in the past.
This commit passed Debian's Salsa CI pipeline [1] as part of a larger
commit streamlining the build options for distributions. [2]
A related pull request by douzzer activated reproducible builds for
distributions by default. [3]
Thanks to David Garske for his generous contributions to this commit!
[1] https://salsa.debian.org/lechner/wolfssl/-/pipelines/233601
[2] https://salsa.debian.org/lechner/wolfssl/-/blob/debian/master/debian/patches/standardize-distro-options.patch
[3] e30b3d3554
2021-02-23 19:46:56 -08:00
9dadd02fb9
configure.ac move --enable-distro handling to top (preceding --enable-reproducible-build handling), and turn on reproducible-build by default when enable-distro; fix spelling error in reproducible-build help text.
2021-02-23 17:05:44 -06:00
47872224d8
configure: fix for FIPS out-of-tree builds
...
Check for fips files relative to source directory.
2021-02-23 14:17:35 -08:00
0dfdf92ff7
Merge pull request #3784 from elms/cmake_curve_ed
...
configure: ED448 to enable SHA3 and SHAKE256 properly
2021-02-24 03:20:38 +07:00
5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread
...
Add --enable-error-queue-per-thread
2021-02-23 12:02:16 -08:00
c4d2e7cfdb
configure: split SHA3 and SHAKE256 to work with ED448
...
Define flags and defaults early, but set CFLAGS later to allow
override.
2021-02-22 10:14:21 -08:00
1b319804ad
configure: When enabling --enable-sp-asm, accept host_cpu amd64 as alternative to x86_64
...
Allows to use --enable-sp-asm on ElectroBSD amd64.
Previouly configure failed with:
configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
2021-02-20 14:25:05 +01:00
31d3dfdd4d
configure: ED448 to enable SHA3 and SHAKE256 properly
...
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
2021-02-19 13:18:52 -08:00
5f3ee2985c
bump version for development bundles
2021-02-16 23:57:47 +07:00
b8f841599c
Add --enable-error-queue-per-thread
2021-02-16 16:08:13 +01:00
9a1e54cfd5
Nginx 1.19.6 Fixes
2021-02-16 14:25:45 +01:00
847938f4d6
prepare for release v4.7.0
2021-02-16 02:41:37 +07:00
98b5900266
Revert of changes in PR #3289 , which should not have removed the `HAVE_SECRET_CALLBACK` and `WOLFSSL_PUBLIC_ECC_ADD_DBL`. These are required for hostapd.
2021-02-12 14:11:17 -08:00
d40ea03621
Merge pull request #3703 from SparkiDev/sp_int_malloc
...
SP int: Rework allocation of temporaries
2021-02-11 13:49:45 -08:00
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
d64315a951
configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 .
2021-02-11 00:12:05 -06:00
b330196c28
SP int: Rework allocation of temporaries
...
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
2021-02-11 10:34:40 +10:00
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy
2021-02-09 07:28:40 -08:00
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
763f388471
SP int: get rsavfy and rsapub working again
2021-02-09 09:58:23 +10:00
c17597a4fb
build: arbitrary path for `make check`
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
46821196ab
Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13
...
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).
Enable keying material for OpenVPN
2021-02-02 12:06:11 +01:00
c18701ebe7
Implement RFC 5705: Keying Material Exporters for TLS
2021-02-02 12:06:11 +01:00
0f6ae330da
wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table.
2021-01-28 22:51:28 -06:00
a89087ed2d
configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source.
2021-01-25 17:56:28 -06:00
5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix
...
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
2021-01-18 13:37:34 -08:00
d4e13796c2
M1 Support
...
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
2021-01-06 09:21:07 -08:00
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
toddouska
David Garske
Sean Parkinson
Daniel Pouzzner
Hideki Miyazaki
Jacob Barthelmeh
Elms
Felix Lechner
Fabian Keil
Juliusz Sosinowicz
Kareem Abuobeid
John Safranek