WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
17,056 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

1297 Commits (ec619e3f352f3b50470de19b03af41588dc9bb7f)

Author SHA1 Message Date
Hideki Miyazaki 5d93a48ddf veify ok if alternate cert chain mode for verifyCallback 2022-05-12 06:15:18 +09:00
David Garske 36877d78b4
Merge pull request #5078 from julek-wolfssl/wpas-tls13 
Clean up wolfSSL_clear() and add some more logging
 2022-05-06 11:45:43 -07:00
Sean Parkinson a4eaa31b5e
Merge pull request #5101 from dgarske/sniffer_async_test 
Improve the sniffer asynchronous test case to support multiple concurrent streams
 2022-05-06 08:14:32 +10:00
Anthony Hu fff3402ed4 WOLFSSL ---> WOLFSSH 2022-05-04 09:28:08 -04:00
David Garske 5f539b3921 Improve the sniffer asynchronous test case to support multiple concurrent streams. 2022-05-03 16:43:15 -07:00
Anthony Hu cb929e1247 For consistency, add a --enable-wolfssl; keep --enable-ssl for backwards compat. 2022-05-03 12:08:13 -04:00
Jacob Barthelmeh 29401334d3 prepare for release 5.3.0 2022-05-02 17:08:38 -06:00
David Garske 70ad19467c
Merge pull request #5068 from cconlon/jniPKCallbacks 
Don't enable PK Callbacks with JNI FIPS builds
 2022-04-22 16:08:29 -07:00
Juliusz Sosinowicz 8c4887c166 Free session in `wolfSSL_clear` 
- Define `NO_SESSION_CACHE_REF` in wpa build
 2022-04-22 15:54:04 +02:00
Chris Conlon cfa338314d do not enable PK Callbacks with JNI in FIPS mode 2022-04-21 11:06:54 -06:00
David Garske 659d33fdaf Fixes for minor sniffer and async issues: 
* Sniffer: Remove old restrictions for max strength, encrypt-then-mac and forcing openssl-extra.
* Fix bound warning with strncpy in sniffer.c.
* Fix for async DH issue.
* Fix for SP math all not initializing raw big int.
* Fix for array bounds warning with "-O3" on SetEccPublicKey.
* Fix a sniffer async edge case with TLS v1.2 static RSA and extended master.
* Improved the sniffer test script detection of features.
* Disable ECC custom curve test with Intel QuickAssist.
 2022-04-18 11:46:40 -07:00
kaleb-himes 5d46d10933 Address peer feedback 2022-04-08 10:12:24 -06:00
Sean Parkinson 284ebacc57
Merge pull request #4916 from JacobBarthelmeh/hsm 
Add SECO use and expand cryptodev
 2022-04-07 10:21:32 +10:00
Daniel Pouzzner e3409a40a5 configure.ac: when $ENABLED_LINUXKM_DEFAULTS, set -DWOLFSSL_OLD_PRIME_CHECK only if $ENABLED_FIPS == no. 2022-04-05 08:10:03 -05:00
Hayden Roche f39bd5e02b
Merge pull request #5014 from dgarske/kcapi_ecc_import 2022-04-04 14:08:29 -07:00
Daniel Pouzzner 04385f8557 configure.ac: fips 140-3: don't insist on linuxkm-pie unless configuring an actual linuxkm build. 2022-04-04 10:14:22 -05:00
David Garske 9c572efa40 Disable the public key check in import private key for KCAPI. Fix type warning in KCAPI AES. 2022-04-01 11:27:17 -07:00
Juliusz Sosinowicz 4b5649edc9 Allow encrypt then mac with apache 2022-03-31 15:55:57 +02:00
Hayden Roche a914d782c0
Merge pull request #4810 from anhu/engine_fla 2022-03-30 13:43:09 -07:00
Daniel Pouzzner e9b941e16e configure.ac: fix --enable-reproducible-build to cope with update from libtool-2.4.6 to -2.4.7. 2022-03-29 07:53:43 -05:00
Anthony Hu 0627437048 Suggestions from haydenroche5 2022-03-28 17:44:00 -04:00
Juliusz Sosinowicz 6dc86e7df1 Add support for `--enable-ffmpeg` 2022-03-28 12:47:19 +02:00
Sean Parkinson 7eb95674ee
Merge pull request #4966 from dgarske/kcapi 
Fixes for KCAPI AES GCM and ECC
 2022-03-25 10:18:16 +10:00
David Garske b509e174bb Whitespace fix. 2022-03-24 10:19:28 -07:00
Juliusz Sosinowicz 850b8c5c3b OpenSSL compatible API 
`WOLFSSL_ERROR_CODE_OPENSSL` breaks ABI compatiblity due to changing the expected return code. Let's only do this when building with the full compatibility layer.
 2022-03-24 12:16:59 +01:00
Juliusz Sosinowicz ae9b01c5b8 bind 9.18.0 fixes 
- return `1` from `wolfSSL_BIO_set_mem_eof_return` instead of `0` for success
- bind requires ALPN
- `OPENSSL_COMPATIBLE_DEFAULT` defined for bind
- `WOLFSSL_ERROR_CODE_OPENSSL` defined when using compatibility layer
- return `bio->eof` on no pending data to read in memory BIO (defaults to `WOLFSSL_BIO_ERROR`)
- `flags` is no longer an input parameter in `wolfSSL_ERR_get_error_line_data`
- allow lazy parameter loading in `wolfSSL_DH_set0_key`
- implement reference counter in `WOLFSSL_EC_KEY`
- load serial number from `x509->serialNumber` if `x509->serial` is empty
 2022-03-24 12:16:59 +01:00
David Garske 1b0e5f4806 Allow disabling DRBG with KCAPI. Add KCAPI `/dev/hwrng` support. 2022-03-23 09:37:50 -07:00
David Garske 5fe6f1c875 For KCAPI do not force enable ECC curves, set K or seed callback, disable AES GCM tests with non standard IV. 2022-03-23 09:37:50 -07:00
Anthony Hu b6e590836d initialize ENABLE_FIPS 2022-03-23 10:29:59 -04:00
Anthony Hu 3dd2219548 Don't over-write ENABLED_FIPS with no if user didn't specify anything. 2022-03-22 20:33:27 -04:00
David Garske b90df0a6aa
Merge pull request #4951 from ejohnstown/wolfrand 
wolfRand for AMD
 2022-03-21 09:09:19 -07:00
David Garske 3fba5d17c3 Various portability improvements: 
* Change DTLS epoch size word16.
* Allow override of the `RECORD_SIZE` and `STATIC_BUFFER_LEN`.
* Remove endianness force from game build.
* Add `gmtime_s` option.
* Fix for macro conflict with `MAX_KEY_SIZE`.
* Expose functions `wolfSSL_X509_notBefore`, `wolfSSL_X509_notAfter`, `wolfSSL_X509_version` without `OPENSSL_EXTRA`.
 2022-03-17 14:00:55 -07:00
Jacob Barthelmeh 40c79b1134 add macro guards to handle build with QNX CAAM 2022-03-17 12:04:52 -06:00
JacobBarthelmeh 55b42dd85a Add SECO use and expand cryptodev 2022-03-17 12:04:52 -06:00
John Safranek f80faebfe5
wolfRand for AMD 
1. Add configure option to enable AMD's RDSEED.
2. Add seed parameters when building specifically for AMD using RDSEED.
3. Update the wolfCrypt test to play nice with the larger seed size.
 2022-03-15 15:20:08 -07:00
Daniel Pouzzner d531e21f34
Merge pull request #4946 from dgarske/async_earlydata 
Fixes for TLS v1.3 early data with async
 2022-03-15 12:12:09 -05:00
David Garske 9c29102c43
Merge pull request #4948 from SparkiDev/tls12_pa_failsafe 
TLS: add peer authentication failsafe for TLS 1.2 and below
 2022-03-15 09:42:56 -07:00
David Garske 4ec49d2189
Merge pull request #4943 from SparkiDev/sp_arm64_perf_1 
SP ASM performance improvements
 2022-03-14 18:40:51 -07:00
Sean Parkinson 9ed061cc96 TLS: add peer authentication failsafe for TLS 1.2 and below 
Tightened the TLS 1.3 failsafe checks too.
 2022-03-15 08:51:44 +10:00
Anthony Hu b3319bd952 Undo the logic around enable sha as its enabled by default already. 2022-03-14 16:29:13 -04:00
Anthony Hu 821e293ed4 Fix to add test where needed. 2022-03-14 15:54:39 -04:00
Anthony Hu b3e28fab67 Make the code simpler. 2022-03-14 13:51:05 -04:00
Anthony Hu ea500bd1c8 --enable-engine=fips-v2,fips-readyetc., etc. 2022-03-14 13:51:05 -04:00
Anthony Hu 07ee2bcecf Created new --enable-engine and --enable-engine-witout-fips flags 2022-03-14 13:51:05 -04:00
David Garske dd8fb41f66 Fixes for TLS v1.3 early data with async. 2022-03-11 14:03:46 -08:00
Sean Parkinson 3ea5e56c26 SP ASM performance improvements 
Mostly improving Aarch64 assembly.
Change Karatsuba implementations.
Specialised code for exponentiating to 0x10001 for RSA.
 2022-03-11 08:42:46 +10:00
David Garske b30ada1608
Merge pull request #4940 from ejohnstown/wolfrand 
Fix wolfRand Build
 2022-03-09 15:42:19 -08:00
David Garske 3a62857dbd Fixes to support building opensslextra with SP math. Disables some of the compatibility layer BN and ECC point handling. 2022-03-09 11:53:56 -08:00
John Safranek d6fb454063
Fix wolfRand Build 
1. Remove the v3 FIPS build from configure and automake. This was for
   the old FIPS Ready build, which is now fixed to the certificate 3389
   configuration.
2. Remove AES-GCM, PKCS12, and SHA-3 from wolfRand build. They were
   getting reenabled later in the configure.
 2022-03-09 10:35:39 -08:00
Daniel Pouzzner 0231304607 fixes for make check with --enable-all (now including --enable-earlydata) with fips or asynccrypt: 
in scripts/tls13.test, use fips-compatible server-side cipher suite for "TLS v1.3 cipher suite mismatch" test, and modernize some syntax;

in configure.ac, omit earlydata from enable-all when asynccrypt, pending fix;

also in configure.ac, fix AC_CHECK_DECLS()-overriding-AC_CHECK_FUNCS() kludge, to fix CPPFLAGS=-std=c99 builds.
 2022-03-07 17:19:31 -06:00