7760dcb43b
Fixes and cleanups for the openssl compatibility layer `RAND_` functions. For `opensslextra=x509small` don't include the RAND method code. Removed abandonded "ENABLED_SMALL" option in configure.ac.
2021-03-17 15:51:52 -07:00
38d268dbbb
fixup
2021-03-17 11:31:03 +10:00
7f1e63e7f5
SP config: allow asm to be an SP options (--enable-sp=asm.yes)
2021-03-17 11:24:55 +10:00
35659be06f
AES GCM: implement streaming
...
Updated EVP layer to use streaming API when enabled.
Assembly for x64 updated to include streaming.
2021-03-16 16:39:49 +10:00
5fd0950a3a
Merge pull request #3654 from SparkiDev/sakke_eccsi
...
ECCSI and SAKKE: add support
2021-03-15 16:15:59 -07:00
92854a5ddc
configure.ac: advance AC_PREREQ from 2.63 (2008) to 2.69 (2012) to reflect current automated testing coverage, and to avoid intractable best-practice conflicts between 2.63 and 2.70 (2020); advance AM_INIT_AUTOMAKE from 1.11 (2009) to 1.14.1 (2013) to reflect current automated testing coverage; advance LT_PREREQ from 2.2 (2008) to 2.4.2 (2011) to reflect current automated testing coverage.
2021-03-12 13:49:29 -06:00
a55e94cf6f
ECCSI and SAKKE: add support
...
Fixes for static code analysis included.
Added const to function parameters.
Zeroise some temporaries.
2021-03-12 09:31:22 +10:00
771a7418ea
fixes for compat with autoconf 2.70 and gcc-10: update m4/ax_pthread.m4 and m4/ax_tls.m4 from upstream, fix declaration syntax in tests/api.c, add AC_CANONICAL_TARGET in configure.ac, and fix two spots with bad quoting syntax in configure.ac and m4/ax_linuxkm.m4. also fix myriad whitespace flubs in api.c.
2021-03-11 17:29:12 -06:00
72eebd6e75
Merge pull request #3795 from JacobBarthelmeh/CAAM
...
Addition of QNX CAAM driver
2021-03-10 15:04:21 -08:00
cd26444e01
addressed jenkins failure part1
2021-03-05 08:19:21 +09:00
0a74fbf95f
Merge pull request #3789 from fabiankeil/configure-accept-amd64
...
configure: When enabling --enable-sp-asm, accept host_cpu amd64
2021-03-04 11:11:13 -08:00
749425e1e8
first pre alpha code for QNX + CAAM
...
manual run of RNG init and JDKEK print
job ring does initial rng
is successful on some red key blob operations
caam red key blob test pass
ecdsa sign/verify
ecdsa ecdh/sign/verify with black secure key
ecdsa ecdh/sign/verify with black secure key
initial cmac addition
initial cmac addition
black blob encap
black keys with cmac
add invalidate memory
refactoring and clean up
more code cleanup
add files for dist and remove some printf's
remove unneeded macro guard
use resource manager
2021-03-03 18:45:40 +07:00
4d8068a328
Merge pull request #3813 from douzzer/configure-autotools-boilerplate-at-the-top
...
configure.ac: put autotools boilerplate at the top
2021-03-02 09:22:09 -08:00
d805a5c681
SP int: get keygen working with SP math again
...
./configure --enable-sp --enable-sp-math --enable-keygen
2021-02-25 10:01:27 +10:00
9be1e74dc3
configure.ac: move the autotools boilerplate/initializations back to the top, before --enable-distro and --enable-reproducible-build handling.
2021-02-24 17:04:33 -06:00
c201b6801c
Merge pull request #3808 from lechner/enable-base64-with-all
...
Enable Base64 as part of --enable-all.
2021-02-24 14:39:20 -06:00
764207a9f5
Merge pull request #3806 from elms/autoconf/oot_fips_check
...
configure: fix for FIPS out-of-tree builds
2021-02-24 14:38:26 -06:00
94a23c1d48
Merge pull request #3646 from julek-wolfssl/nginx-1.19.6
...
Add support for Nginx 1.19.6
2021-02-24 12:21:51 -08:00
36ba2e134b
configure: FIPS error and compatability cleanup
...
Use autotools macros for case and if. Simplify validation logic.
2021-02-24 08:53:50 -08:00
ae28550667
Enable Base64 as part of --enable-all.
...
Part of an effort to standardize build options across distributions.
When building with all options, this includes Base64, a feature that
was requested in the past.
This commit passed Debian's Salsa CI pipeline [1] as part of a larger
commit streamlining the build options for distributions. [2]
A related pull request by douzzer activated reproducible builds for
distributions by default. [3]
Thanks to David Garske for his generous contributions to this commit!
[1] https://salsa.debian.org/lechner/wolfssl/-/pipelines/233601
[2] https://salsa.debian.org/lechner/wolfssl/-/blob/debian/master/debian/patches/standardize-distro-options.patch
[3] e30b3d3554
2021-02-23 19:46:56 -08:00
9dadd02fb9
configure.ac move --enable-distro handling to top (preceding --enable-reproducible-build handling), and turn on reproducible-build by default when enable-distro; fix spelling error in reproducible-build help text.
2021-02-23 17:05:44 -06:00
47872224d8
configure: fix for FIPS out-of-tree builds
...
Check for fips files relative to source directory.
2021-02-23 14:17:35 -08:00
0dfdf92ff7
Merge pull request #3784 from elms/cmake_curve_ed
...
configure: ED448 to enable SHA3 and SHAKE256 properly
2021-02-24 03:20:38 +07:00
5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread
...
Add --enable-error-queue-per-thread
2021-02-23 12:02:16 -08:00
c4d2e7cfdb
configure: split SHA3 and SHAKE256 to work with ED448
...
Define flags and defaults early, but set CFLAGS later to allow
override.
2021-02-22 10:14:21 -08:00
1b319804ad
configure: When enabling --enable-sp-asm, accept host_cpu amd64 as alternative to x86_64
...
Allows to use --enable-sp-asm on ElectroBSD amd64.
Previouly configure failed with:
configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
2021-02-20 14:25:05 +01:00
31d3dfdd4d
configure: ED448 to enable SHA3 and SHAKE256 properly
...
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
2021-02-19 13:18:52 -08:00
5f3ee2985c
bump version for development bundles
2021-02-16 23:57:47 +07:00
b8f841599c
Add --enable-error-queue-per-thread
2021-02-16 16:08:13 +01:00
9a1e54cfd5
Nginx 1.19.6 Fixes
2021-02-16 14:25:45 +01:00
847938f4d6
prepare for release v4.7.0
2021-02-16 02:41:37 +07:00
98b5900266
Revert of changes in PR #3289 , which should not have removed the `HAVE_SECRET_CALLBACK` and `WOLFSSL_PUBLIC_ECC_ADD_DBL`. These are required for hostapd.
2021-02-12 14:11:17 -08:00
d40ea03621
Merge pull request #3703 from SparkiDev/sp_int_malloc
...
SP int: Rework allocation of temporaries
2021-02-11 13:49:45 -08:00
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
d64315a951
configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 .
2021-02-11 00:12:05 -06:00
b330196c28
SP int: Rework allocation of temporaries
...
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
2021-02-11 10:34:40 +10:00
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy
2021-02-09 07:28:40 -08:00
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
763f388471
SP int: get rsavfy and rsapub working again
2021-02-09 09:58:23 +10:00
c17597a4fb
build: arbitrary path for `make check`
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
46821196ab
Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13
...
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).
Enable keying material for OpenVPN
2021-02-02 12:06:11 +01:00
c18701ebe7
Implement RFC 5705: Keying Material Exporters for TLS
2021-02-02 12:06:11 +01:00
0f6ae330da
wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table.
2021-01-28 22:51:28 -06:00
a89087ed2d
configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source.
2021-01-25 17:56:28 -06:00
5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix
...
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
2021-01-18 13:37:34 -08:00
d4e13796c2
M1 Support
...
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
2021-01-06 09:21:07 -08:00
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
3d88676ff1
test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene.
2020-12-30 16:12:08 -06:00
4280861af0
Merge pull request #3591 from dgarske/wolftpm
...
Added helper configure option '--enable-wolftpm`
2020-12-23 12:22:44 -08:00
d5dd35c739
add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options.
2020-12-23 12:03:06 -06:00
daa6833f37
Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb).
2020-12-23 08:09:24 -08:00
f06361ddf6
add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory).
2020-12-22 17:12:57 -06:00
47c186df34
prepare for release 4.6.0
2020-12-22 02:33:58 +07:00
4de1c1b037
add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509
2020-12-21 17:24:35 +07:00
fe92d29eb5
Merge pull request #3574 from cconlon/releasefixes
...
Release fixes for Jenkins tests, example client
2020-12-18 14:06:27 -08:00
3231cfe9e0
Refactor extension stack generation
2020-12-17 14:27:46 +01:00
c405c3477f
Protect against invalid write in RsaPad_PSS
2020-12-17 14:26:49 +01:00
78a20ec3ae
Extension manipulation
2020-12-17 14:26:49 +01:00
2689d499b9
Tests starting to pass
2020-12-17 14:26:49 +01:00
ff2574b3cb
OpenSSL Compat layer
...
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
2020-12-17 14:26:49 +01:00
1a50d8e028
WIP
...
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
2020-12-17 14:26:49 +01:00
85b1196b08
Implement/stub:
...
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
2020-12-17 14:26:49 +01:00
728f4ce892
Implement/stub:
...
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
2020-12-17 14:26:49 +01:00
b52e11d3d4
Implement/stub the following:
...
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
2020-12-17 14:26:30 +01:00
3721d80e84
Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT
...
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
2020-12-17 14:26:30 +01:00
777bdb28bc
Implement/stub the following:
...
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
2020-12-17 14:26:30 +01:00
a9d502ef85
Add `--enable-libest` option to configure.ac
...
Refactoring and adding defines for functions
2020-12-17 14:26:30 +01:00
502e471cde
fix spelling of Nitrox in configure option summary
2020-12-16 13:08:32 -07:00
f375cff685
enable AES-CTR for libsignal build
2020-12-16 12:44:01 -07:00
18984abc9e
configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes.
2020-12-11 14:16:44 -06:00
e9a79b2e0d
configure.ac: fix rebase error, re enable-sp-asm on ARM.
2020-12-10 14:46:22 -06:00
0fa4bde5b5
configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met.
2020-12-10 14:21:08 -06:00
27a6de2c2f
configure.ac, wolfssl/wolfcrypt/settings.h, wolfssl/wolfcrypt/wc_port.h: update linuxkm defaults and settings for compatibility with sp-math-all, and change linuxkm default math from sp-math to sp-math-all; refactor enable-all and enable-all-crypto logic to allow piecemeal exclusion of options from the command line.
2020-12-10 14:16:21 -06:00
cfc08cc13f
configure.ac: remove smallstackcache from linuxkm default options; add several feature exclusions to enable-all and enable-all-crypto to make them compatible with fips=ready; render the FIPS option in the feature summary at end.
2020-12-10 14:16:20 -06:00
cd3b91a8fe
Merge pull request #3536 from SparkiDev/arm64_rev
...
ByteReverseWord32 AARCH64: Use proper instruction - REV32
2020-12-10 11:59:00 -08:00
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
...
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
d34b0072a2
ARM: identify ARM CPU for Thumb and Cortex
...
Better detailed check of CPU architecture for 32-bit byte reversal asm
2020-12-09 08:54:18 +10:00
84a9e16805
Merge pull request #3388 from SparkiDev/aesgcm_4bit_table
...
AES-GCM: GMULT using 4-bit table
2020-11-25 15:45:28 -08:00
a0cd75081d
Merge pull request #3514 from SparkiDev/aesni_sse4
...
AESNI compile flags: clang doesn't need -msse4
2020-11-25 08:55:35 -08:00
ca5ffc0743
AESNI compile flags: clang can't have -msse4
...
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
2020-11-25 10:32:42 +10:00
d0703f8931
AES-GCM: GMULT using 4-bit table
...
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
2020-11-25 08:47:50 +10:00
91d23d3f5a
Implement all relevant mp functions in sp_int
2020-11-19 11:58:14 +10:00
d8b58286d1
TLS 1.3: PSK only
...
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
1d531fe13b
Peer review fixes.
2020-11-10 09:47:37 -08:00
5de80d8e41
Further refactor the minimum ECC key size. Adds `--with-eccminsz=BITS` option. Fix for FIPSv2 which includes 192-bit support. If `WOLFSSL_MIN_ECC_BITS` is defined that will be used.
2020-11-10 09:47:37 -08:00
c697520826
Disable ECC key sizes < 224 bits by default. Added `--enable-eccweakcurves` or `ECC_WEAK_CURVES` to enable smaller key sizes. Currently this option is automatically enabled if `WOLFSSL_MIN_ECC_BITS` is less than 224-bits.
2020-11-10 09:47:36 -08:00
7e3efa3792
Merge pull request #3474 from douzzer/lighttpd-update-1.4.56
...
lighttpd support update for v1.4.56
2020-11-09 09:24:58 -08:00
f9e48ee361
build updates for lighttpd: recommend -DNO_BIO
...
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
2020-11-05 20:40:43 -06:00
030eb9347c
lighttpd: allow ssl3, tls1.0 if explicitly enabled
2020-11-05 20:40:43 -06:00
7cee131e37
restore `--enable-lighty` with `--enable-all`
...
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
2020-11-05 20:40:43 -06:00
a9a495270c
Fix to disable CRL monitor for single threaded or lighttpd. Do not set `--enable-lighty` with `--enable-all`.
2020-11-05 20:40:43 -06:00
bcf1f0375b
build updates for lighttpd: recommended flags
2020-11-05 20:40:43 -06:00
e5ed227a87
build updates for lighttpd: -DOPENSSL_ALL
...
avoid potential for WolfSSL to silently omit expected functionality
2020-11-05 20:40:43 -06:00
503de43cbd
build updates for lighttpd
...
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.
Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
2020-11-05 20:40:43 -06:00
2588fe366e
cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
...
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
2020-11-05 11:16:27 +10:00
7d177e78d7
don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c).
2020-10-28 17:28:05 -05:00
a5d96721ac
wolfcrypt/src: remove wc_debug.c and move its contents to logging.c.
2020-10-28 17:28:05 -05:00
1ba0883f4c
introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags().
2020-10-28 17:28:05 -05:00
8be2d7690a
add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime.
2020-10-28 17:28:01 -05:00
931eea30f5
Merge pull request #3397 from cconlon/rc2
...
RC2 ECB/CBC and PKCS#12 Integration
2020-10-28 15:06:47 -07:00
ff092c02d2
Merge pull request #3396 from SparkiDev/fips_armasm
...
FIPS ARMASM: get build working
2020-10-22 15:26:24 -07:00
6142c22948
add wc_XChaCha_init(), wc_XChaCha20Poly1305_Init(), wc_XChaCha20Poly1305_encrypt_oneshot(), wc_XChaCha20Poly1305_decrypt_oneshot(), and wc_Poly1305_EncodeSizes64(). also, remove redundant arg check (typo) in wc_Poly1305Update().
2020-10-21 14:08:41 -05:00
b58ea5842a
wolfSSL RC2 template.
2020-10-16 11:46:40 -06:00
ab88ab160c
Merge pull request #3395 from douzzer/misc-fixes-20201015
...
misc fixes for coverage and buildability
2020-10-16 07:28:48 -07:00
aeb44c5352
FIPS ARMASM: get build working
2020-10-16 16:41:18 +10:00
eb7a79aa5e
misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073).
2020-10-15 15:05:29 -05:00
69ac13c2e9
wolfSSH Update
...
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
2020-10-15 11:37:31 -07:00
9de5eea1d9
configure.ac: supplement AC_CHECK_FUNCS() (function link test) with AC_CHECK_DECLS() (function declaration test) to avoid false positives. fixes various build failure modes.
2020-10-09 22:18:51 -05:00
570f55a0e3
wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac.
2020-10-08 23:26:28 -05:00
c18f7010cf
configure.ac: remove enable_apachehttpd and enable_secure_renegotiation from new --enable-all (valgrind woes).
2020-10-02 18:54:45 -05:00
d900e57ae4
improve --enable-linuxkm-defaults fidelity.
2020-10-01 18:07:48 -05:00
c37ba164bf
configure.ac: don't include enable_certgencache=yes in --enable-all[-crypto] feature sets, to avoid memory leak false alarms.
2020-10-01 14:38:26 -05:00
24b20352f8
configure.ac: refactor-for-clarity enable-all[-crypto] feature selection logic conditionalized on sp-math and linuxkm.
2020-10-01 14:38:26 -05:00
fd3815c708
configure.ac: include enable_xchacha in --enable-all-crypto.
2020-10-01 14:38:26 -05:00
a4bd213099
configure.ac: improve --enable-all coverage and make it compatible with --enable-sp-math, add --enable-all-crypto (crypto-only subset of --enable-all), and add --enable-linuxkm-defaults ("Enable feature defaults for Linux Kernel Module").
2020-10-01 14:38:26 -05:00
66ed9b1522
ARM asm: fixes for compiling on Mac and ChaCha20 streaming
...
Don't set the CPU to generic on Mac.
Implement streaming for ChaCha20.
2020-09-29 13:38:02 +10:00
09b9ac8b86
add AM_CONDITIONAL([BUILD_DEBUG],...) to configure.ac, and use it to gate inclusion of wolfcrypt/src/debug.c in src/include.am; remove superfluous includes from wolfcrypt/src/debug.c.
2020-09-23 18:32:17 -05:00
4742a17006
configure.ac: move AC_ARG_ENABLE([linuxkm] before AC_ARG_ENABLE([filesystem], and add ENABLED_FILESYSTEM_DEFAULT=no when ENABLED_LINUXKM.
2020-09-23 18:32:17 -05:00
291febb270
configure.ac: clean up AC_ARG_ENABLE() for linuxkm, and make AC_ARG_WITH for linux-source and linux-arch unconditional.
2020-09-23 18:32:16 -05:00
331fe47eb6
linuxkm: add ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE to facilitate erroring for unexpected fp/simd instructions in Kbuild, while allowing expected ones.
2020-09-23 18:32:16 -05:00
c8cd042bdd
configure.ac: for linuxkm, make --enable-sp-math the default, and add additional exclusions --enable-fastrsa and --with-libz.
2020-09-23 18:32:16 -05:00
af6bd1d163
configure.ac: tidying linuxkm reqs/exclusions tests at end.
2020-09-23 18:32:16 -05:00
16267a1889
configure.ac: error when ENABLED_LINUXKM but $KERNEL_ARCH is empty (no default, no user value).
2020-09-23 18:32:16 -05:00
8331079c36
configure.ac: --enable-compkey gates in the recursive do_mp_jacobi(). mutex with --enable-linuxkm.
2020-09-23 18:32:16 -05:00
170322956b
wolfssl/test.h: polish implementation of HAVE_STACK_SIZE_VERBOSE, now enabled with --enable-stacksize-verbose; internal symbol renamed from original DEBUG_STACK_SIZE_VERBOSE, helper functions and macros refactored to be formally threadsafe and to track the overall high water mark (reports same "stack used" value as --enable-stacksize after final return); add "setting stack relative offset reference mark in funcname() to x" message at entry; add configure mutexing of --enable-stacksize[-verbose] relative to --enable-linuxkm.
2020-09-23 18:32:16 -05:00
b99908ae66
configure.ac: refactor test -z "${KERNEL_ROOT}" into "${KERNEL_ROOT}" = "", and remove new AM_CFLAGS="$AM_CFLAGS -msse4" (bringing back identical to logic in master) now that $CFLAGS_SIMD_ENABLE et al take care of it.
2020-09-23 18:32:16 -05:00
5589565051
linuxkm: add autotools detection of usable compiler flags for enabling and disabling SIMD and fp registers and auto-vectorization, and integrate into linuxkm makefiles.
2020-09-23 18:32:16 -05:00
cd14cfb092
linuxkm: override-disable SIMD instructions for all .c.o's, with exceptions enumerated in Kbuild (currently only aes.c), and couple -msse with -fno-builtin-functions; export ENABLED_ASM for use as a pivot in Kbuild; use asm/i387.h, not asm/simd.h, for kernel_fpu_{begin,end}() protos.
2020-09-23 18:32:16 -05:00
05bca8b0ee
when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x.
2020-09-23 18:32:16 -05:00
34fd53b4fc
linuxkm: WIP support for wolfcrypt_test() at module load time.
2020-09-23 18:32:15 -05:00
0cfe9ca5d6
configure.ac: --enable-linuxkm: improved defaults and consistency checking.
2020-09-23 18:32:15 -05:00
836915d05f
linuxkm: configure.ac more incompatible options: --enable-fastmath, --enable-iopool, and --enable-fips; linuxkm/Makefile: reduce -Wframe-larger-than from 65536 to kernel-compatible 5000; wolfssl/wolfcrypt/settings.h: unset HAVE_THREAD_LS when WOLFSSL_LINUXKM; wolfssl/wolfcrypt/types.h: when NO_INLINE and __GNUC__, #define WC_INLINE __attribute__((unused)) rather than to nothing to avoid -Wunused-function warnings; wolfssl/wolfcrypt/wc_port.h: #undef noinline after Linux kernel header includes (another macro conflict).
2020-09-23 18:32:15 -05:00
911b23d2b4
configure.ac: check for incompatible combinations, and restore check for non-empty $KROOT when --enable-linuxkm.
2020-09-23 18:32:15 -05:00
dff5344d82
configure.ac: when --enable-asm (default on), for gcc amd64 target always include -msse4 even if not --enable-intelasm (it's needed for TFM_X86_64 inline asm).
2020-09-23 18:32:15 -05:00
1aa15632ce
initial buildability of full libwolfssl.ko loadable kernel module for Linux via ./configure --enable-linuxkm && make.
2020-09-23 18:32:15 -05:00
bc1c85842d
WIP: autotools support for LKM
2020-09-23 18:32:15 -05:00
6425ebb60e
Linux Kernel Module support using "--enable-linuxkm".
2020-09-23 18:32:15 -05:00
9deb85ceb1
Fixes to reduce code size.
2020-09-18 09:14:41 -07:00
d61be6f030
Restore the normal `--enable-wpas` macro.
2020-09-18 09:14:41 -07:00
780e8a4619
Fixes for building `--enable-wpas=small` with WPA Supplicant v2.7.
2020-09-18 09:14:41 -07:00
cc1d016d1e
configure.ac: define BUILD_TESTS as ENABLED_EXAMPLES, rather than ENABLED_EXAMPLES && !ENABLED_LEANTLS; add missing preprocessor gating in tests/api.c test_wolfSSL_EVP_Digest() and test_wolfSSL_i2d_PrivateKey().
2020-09-17 12:03:44 -05:00
7d45e85b03
Add ED448 to the "all" options.
2020-08-21 15:47:02 -07:00
362e328180
NTRU fixes
...
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
3f6861ee82
FIPS Ready Fix with ECC Timing Resistance
...
Commit 6467de5
2020-08-14 10:54:55 -07:00
95337e666c
Release Update
...
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
2020-08-12 14:43:47 -07:00
fa146870bd
Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked
...
Additional OpenSSL compat stuff for OpenSSH
2020-08-11 16:32:31 -07:00
1681ed1b85
Merge pull request #3211 from cconlon/jniconfig
...
Update "enable-jni" option for current JSSE requirements
2020-08-11 12:39:54 -07:00
8b7f588aaf
Merge pull request #3108 from SparkiDev/openssl_interop
...
Update OpenSSL interopability testing
2020-08-11 09:42:43 -06:00
93cdfd7132
Update OpenSSL interopability testing
...
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
2020-08-11 16:44:45 +10:00
72d1352bd6
Fix ARM builds
...
Need to include options.h in assembly now.
bufPt declared in block but not outside.
poly1305_block and poly1305_blocks need prototype - declaration in
wolfcrypt/src/port/arm/armv8-poly1305.c (__arch64__ only).
2020-08-10 11:59:10 +10:00
b25eccb07e
Merge pull request #3203 from tmael/libwebsockets
...
Enable HAVE_EX_DATA for libwebsockets
2020-08-08 14:34:18 -07:00
1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization
...
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
6379ca8e10
libwebsockets requires *CRYPTO_EX_DATA* APIs
2020-08-06 16:29:39 -07:00
462f4f9e45
Merge pull request #3196 from cconlon/cavpmarvell
...
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
2020-08-06 10:45:03 -07:00
139a192185
Implement wolfSSL_d2i_X509_NAME
2020-08-06 15:52:11 +02:00
e5e87db6aa
add HAVE_EX_DATA, OPENSSL_ALL, HAVE_ALPN to enable-jni configure option
2020-08-05 15:43:26 -06:00
8d00b015c1
Merge pull request #3182 from dgarske/configall_noold
...
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
2020-08-04 12:25:59 -07:00
776b1a2d17
Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools.
2020-07-31 15:17:53 -07:00
197c21a508
Fix for `--enable-all` (also used by `--enable-distro`) to NOT enable SSLV3 and TLS v1.0.
2020-07-31 13:54:08 -07:00
c6b4fa3be3
add selftest version for newer 4.1.0 validation
2020-07-29 15:10:47 -06:00
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13
...
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
1b051d9c5b
TLS v1.3 sniffer support:
...
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
90ee12f51a
Added test case for ECC non-blocking. `./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make`.
2020-07-17 15:13:50 -07:00
547144bc9c
Adds ECC non-blocking sign/verify support when used with SP math. New `--enable-sp=nonblock` and `--enable-ecc=nonblock` options. Example `./configure --enable-ecc=nonblock --enable-sp=yes,nonblock`.
2020-07-17 15:13:50 -07:00
b57cf802eb
Expose session serialization outside of `OPENSSL_EXTRA`
...
Use `./configure CFLAGS='-DHAVE_EXT_CACHE'` to enable session serialization without `OPENSSL_EXTRA`.
2020-06-30 20:17:21 +02:00
308562e853
configure.ac change == to = when not C code
2020-06-24 13:41:03 -06:00
48cd6f36ff
Merge pull request #2967 from dgarske/ecc_null
...
Fixes for ECC key import
2020-06-18 10:10:49 -07:00
3b8455fcd0
Fix for building without ECC and DH (TLS v1.3 cannot be enabled).
2020-06-05 10:26:32 -07:00
7879e83ae0
Fixes for building with `./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk`. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3).
2020-06-04 16:31:19 -07:00
66fdc2c536
Disable TLS v1.3 if none of these are available "ECC, CURVE25519, CURVE448 or DH".
2020-06-04 15:31:19 -07:00
ab2afbd37b
Allow the TLS 13 draft 18 build option and just use the final version. This allows the automated test scripts to pass.
2020-06-04 15:31:18 -07:00
4d8cf5b571
Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF).
2020-06-04 15:31:18 -07:00
093d9981fb
Disable `fast-rsa` if RSA PSS is enabled (not supported).
2020-06-04 15:31:18 -07:00
cd1c2d5fae
Enable TLS v1.3 by default. Remove old TLS v1.3 draft build support.
2020-06-04 15:31:18 -07:00
ca9dc7d509
Fix for `wc_ecc_import_unsigned` failing if first private key byte is zero ( Fixes #2950 ). Fix `wc_ecc_is_point` to return better code `IS_POINT_E` on failure (was returning -1). Improved ECC import API unit tests. Added `WOLFSSL_VALIDATE_ECC_IMPORT` and `WOLFSSL_VALIDATE_ECC_KEYGEN` to `--enable-all`.
2020-06-04 15:25:56 -07:00
23d1550439
Merge pull request #2989 from julek-wolfssl/openvpn
...
Additional OpenSSL compat layer stuff
2020-06-04 11:57:55 -07:00
cafcaa4181
enable SNI by default for JNI/JSSE build
2020-06-03 14:24:10 -06:00
19fba3648c
Bump Patch Version
...
1. Increase the patch level of the version number in configure.ac.
2. Added a template for the next version in ChangeLog.md.
3. Bumped version.h.
2020-05-27 10:11:58 -07:00
4a85bf8108
Additional OpenSSL compat layer stuff
...
- Add X509_get0_notBefore and X509_get0_notAfter
- Implement EVP_PKEY_get0_DSA and DSA_bits
- OpenSSL_version now prints "wolfSSL $VERSION"
- Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol
2020-05-20 16:55:16 +02:00
6c9a0e440e
Merge pull request #2959 from dgarske/wpas_tiny
...
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
10aa8a4ffc
Added support `--enable-wpas=small` for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use `OPENSSL_EXTRA`, which helps reduce code size.
2020-05-08 13:38:26 -07:00
b5886e0e37
Add option `--enable-ip-alt-name`
...
This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
2020-05-08 13:20:24 +02:00
01a6dded72
Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
...
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
2020-04-27 15:52:01 +02:00
27011ff7ff
Release Rollup
...
1. Update configure with the new version.
2. Update the ChangeLog.
3. Update the readme.
2020-04-21 10:21:53 -07:00
89f7a51838
Add option to enable DPP support in wpa_supplicant (note DPP not yet supported as of this commit)
2020-04-14 11:48:14 +02:00
18093a6b0b
Code review changes
...
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
73b4d78d5b
Added partial support for wpa_supplicant, hostapd, and cjose:
...
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
416f0775d3
Merge pull request #2900 from dgarske/sp_no_malloc
...
Added option to build SP small without malloc
2020-04-14 09:40:11 +10:00
ee0289bea6
Merge pull request #2825 from julek-wolfssl/self-include-options
...
OpenVPN changes
2020-04-13 13:11:18 -07:00
d412ccb6f8
Added new option `WOLFSSL_SP_NO_MALLOC` for building small SP without malloc. Added SP documentation. Added `./configure --enable-sp=yes,nomalloc` supprt. https://github.com/wolfSSL/scripts/pull/79
2020-04-10 11:13:55 -07:00
7a6de91296
Omit -fomit-frame-pointer from CFLAGS.
2020-04-08 14:06:11 -07:00
48e40fac2b
OpenVPN changes
...
Include <wolfssl/options.h> in settings.h for OpenVPN
Additional API fixes
2020-04-02 20:23:13 +02:00
e17e064ce2
Allow setting of MTU in DTLS
2020-03-18 12:36:11 +10:00
2c6eb7cb39
Add Curve448, X448, Ed448 implementations
2020-02-28 09:30:45 +10:00
1288c6b249
Merge pull request #2809 from dgarske/conf_usersettings
...
Fix to enable inclusion of all .c files when using `--enable-usersettings`
2020-02-27 12:10:07 -08:00
eddf4abf8e
Merge pull request #2775 from embhorn/api_port
...
openSSL compatibility API for EVP, BIO, and SSL_SESSION
2020-02-27 11:51:21 -08:00
0f188be892
Merge pull request #2805 from ejohnstown/update-config
...
configure
2020-02-21 09:35:52 -08:00
e837894578
add AES-OFB mode
2020-02-20 17:28:32 -06:00
baace2c0e3
Fix to enable inclusion of all .c files when using the `--enable-usersettings` option.
2020-02-19 11:58:33 -08:00
David Garske
Sean Parkinson
toddouska
Daniel Pouzzner
Hideki Miyazaki
Jacob Barthelmeh
Elms
Felix Lechner
Fabian Keil
Juliusz Sosinowicz
Kareem Abuobeid
John Safranek
Chris Conlon
Glenn Strauss
Tesfa Mael
kaleb-himes