WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
13,289 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

964 Commits (fd01f79f864c23b9fb471a2bec6e8d6583e8679a)

Author SHA1 Message Date
Daniel Pouzzner 0f6ae330da wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table. 2021-01-28 22:51:28 -06:00
Daniel Pouzzner a89087ed2d configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source. 2021-01-25 17:56:28 -06:00
toddouska 5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix 
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
 2021-01-18 13:37:34 -08:00
John Safranek d4e13796c2
M1 Support 
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
 2021-01-06 09:21:07 -08:00
Sean Parkinson fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options 
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
 2021-01-06 14:19:57 +10:00
Daniel Pouzzner 3d88676ff1 test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene. 2020-12-30 16:12:08 -06:00
elms 4280861af0
Merge pull request #3591 from dgarske/wolftpm 
Added helper configure option '--enable-wolftpm`
 2020-12-23 12:22:44 -08:00
Daniel Pouzzner d5dd35c739 add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options. 2020-12-23 12:03:06 -06:00
David Garske daa6833f37 Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb). 2020-12-23 08:09:24 -08:00
Daniel Pouzzner f06361ddf6 add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory). 2020-12-22 17:12:57 -06:00
Jacob Barthelmeh 47c186df34 prepare for release 4.6.0 2020-12-22 02:33:58 +07:00
Jacob Barthelmeh 4de1c1b037 add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509 2020-12-21 17:24:35 +07:00
toddouska fe92d29eb5
Merge pull request #3574 from cconlon/releasefixes 
Release fixes for Jenkins tests, example client
 2020-12-18 14:06:27 -08:00
Juliusz Sosinowicz 3231cfe9e0 Refactor extension stack generation 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz c405c3477f Protect against invalid write in RsaPad_PSS 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz a9d502ef85 Add `--enable-libest` option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
Chris Conlon 502e471cde fix spelling of Nitrox in configure option summary 2020-12-16 13:08:32 -07:00
Chris Conlon f375cff685 enable AES-CTR for libsignal build 2020-12-16 12:44:01 -07:00
Daniel Pouzzner 18984abc9e configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes. 2020-12-11 14:16:44 -06:00
Daniel Pouzzner e9a79b2e0d configure.ac: fix rebase error, re enable-sp-asm on ARM. 2020-12-10 14:46:22 -06:00
Daniel Pouzzner 0fa4bde5b5 configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met. 2020-12-10 14:21:08 -06:00
Daniel Pouzzner 27a6de2c2f configure.ac, wolfssl/wolfcrypt/settings.h, wolfssl/wolfcrypt/wc_port.h: update linuxkm defaults and settings for compatibility with sp-math-all, and change linuxkm default math from sp-math to sp-math-all; refactor enable-all and enable-all-crypto logic to allow piecemeal exclusion of options from the command line. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner cfc08cc13f configure.ac: remove smallstackcache from linuxkm default options; add several feature exclusions to enable-all and enable-all-crypto to make them compatible with fips=ready; render the FIPS option in the feature summary at end. 2020-12-10 14:16:20 -06:00
toddouska cd3b91a8fe
Merge pull request #3536 from SparkiDev/arm64_rev 
ByteReverseWord32 AARCH64: Use proper instruction - REV32
 2020-12-10 11:59:00 -08:00
toddouska 367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Sean Parkinson d34b0072a2 ARM: identify ARM CPU for Thumb and Cortex 
Better detailed check of CPU architecture for 32-bit byte reversal asm
 2020-12-09 08:54:18 +10:00
toddouska 84a9e16805
Merge pull request #3388 from SparkiDev/aesgcm_4bit_table 
AES-GCM: GMULT using 4-bit table
 2020-11-25 15:45:28 -08:00
toddouska a0cd75081d
Merge pull request #3514 from SparkiDev/aesni_sse4 
AESNI compile flags: clang doesn't need -msse4
 2020-11-25 08:55:35 -08:00
Sean Parkinson ca5ffc0743 AESNI compile flags: clang can't have -msse4 
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
 2020-11-25 10:32:42 +10:00
Sean Parkinson d0703f8931 AES-GCM: GMULT using 4-bit table 
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
 2020-11-25 08:47:50 +10:00
Sean Parkinson 91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
David Garske 1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske 5de80d8e41 Further refactor the minimum ECC key size. Adds `--with-eccminsz=BITS` option. Fix for FIPSv2 which includes 192-bit support. If `WOLFSSL_MIN_ECC_BITS` is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske c697520826 Disable ECC key sizes < 224 bits by default. Added `--enable-eccweakcurves` or `ECC_WEAK_CURVES` to enable smaller key sizes. Currently this option is automatically enabled if `WOLFSSL_MIN_ECC_BITS` is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske 7e3efa3792
Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Glenn Strauss f9e48ee361 build updates for lighttpd: recommend -DNO_BIO 
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
 2020-11-05 20:40:43 -06:00
Glenn Strauss 030eb9347c lighttpd: allow ssl3, tls1.0 if explicitly enabled 2020-11-05 20:40:43 -06:00
Glenn Strauss 7cee131e37 restore `--enable-lighty` with `--enable-all` 
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
 2020-11-05 20:40:43 -06:00
David Garske a9a495270c Fix to disable CRL monitor for single threaded or lighttpd. Do not set `--enable-lighty` with `--enable-all`. 2020-11-05 20:40:43 -06:00
Glenn Strauss bcf1f0375b build updates for lighttpd: recommended flags 2020-11-05 20:40:43 -06:00