Commit Graph

2084 Commits

Author SHA1 Message Date
Hayden Roche 3bcd4b45df Generate an assembler-safe user_settings.h in configure.ac and CMakeLists.txt.
For user_settings.h builds, .S assembly files need to include user_settings.h
in order to get the defines used by the build. However, a user_settings.h may
contain code only understood by a C compiler and not the assembler (e.g. a
typedef). This commit makes it so our autotools and CMake builds produce a file
user_settings_asm.h when doing a user_settings.h build. This generated header
contains only the preprocessor directives from the user_settings.h. As a result,
it can be safely included by our assembly code files.
2022-10-03 16:00:32 -07:00
Hayden Roche 08009e73fc Add RSA PSS salt defines to engine builds if not FIPS v2.
WOLFSSL_PSS_LONG_SALT and WOLFSSL_PSS_SALT_LEN_DISCOVER are supported in our
latest FIPS module (v5). These should be defined for engine builds as long as
the FIPS version isn't v2.
2022-09-30 08:21:15 -07:00
Sean Parkinson 754d274d8c Merge pull request #5593 from rizlik/ticket_nonce_size
tls13: support ticketNonce with size bigger than MAX_TICKET_NONCE_SZ
2022-09-29 08:11:22 +10:00
Marco Oliverio 56d6087749 tls13: support ticketNonce bigger than MAX_TICKET_NONCE_SZ
to enable it, use WOLFSSL_TICKET_NONCE_MALLOC define
2022-09-28 19:54:14 +02:00
Jacob Barthelmeh eb5076bb89 update changelog for release 5.5.1 2022-09-27 13:40:00 -06:00
David Garske 7970d5d794 Merge pull request #5152 from SparkiDev/armv7a_neon_asm
ARM ASM: ARMv7a with NEON instructions
2022-09-23 08:46:03 -07:00
Kareem 76afcc1da4 Restore v5-dev/v5-ready configure options as customers are currently using them. 2022-09-20 14:26:15 -07:00
Hayden Roche d212974d5e Clean up some FIPS versioning logic in configure.ac and WIN10 user_settings.h.
configure.ac: Get rid of v5-RC8, v5-RC9, v5-RC10, v5-RC11, v5-ready, and v5-dev.
v5-ready is now just ready and v5-dev just dev.
IDE/WIN10/user_settings.h: Make the FIPS blocks define HAVE_FIPS. Change WCv5.0
block to WCv5.0-RC12. Change FIPS Ready block to use HAVE_FIPS_VERSION_MINOR 3
instead of HAVE_FIPS_VERSION_MINOR 2.
2022-09-19 15:26:06 -07:00
Anthony Hu a2635be9e6 wolfCrypt support for external Kyber implementations (liboqs and pqm4) 2022-09-13 10:07:28 -04:00
Sean Parkinson 8c1e2c52e7 Kyber: Add option to build Kyber API
wolfSSL Kyber implementation not included.
Added tests and benchmarking.
2022-09-13 10:07:27 -04:00
Hayden Roche 14a521ca25 Make --enable-asynccrypt-sw imply --enable-asynccrypt.
Simplifies configuration.
2022-09-08 15:23:22 -07:00
David Garske e49efbc101 Merge pull request #5544 from haydenroche5/async_sw
Migrate async names from "test" to "software."
2022-09-08 10:18:26 -07:00
Sean Parkinson 81321fc10e SP: config option to force no asm
Added to configure.ac the option to specify SP to be built with ASM as
x64 defaults to with asm.
2022-09-08 16:20:15 +10:00
Sean Parkinson 5dc1732036 Fix define name
WOLFSSL_ARMASM_NO_CRYPTO -> WOLFSSL_ARMASM_NO_HW_CRYPTO
2022-09-08 08:39:00 +10:00
kaleb-himes 3ac985c2f1 Proposed changes based on customer report(s) under consideration by the team 2022-09-07 11:34:27 -06:00
Sean Parkinson 7d67ffac69 Fixup assembly to compile with ARMv7a 2022-09-07 09:30:06 +10:00
Sean Parkinson 805b0eb606 ARM ASM: ARMv7a with NEON instructions
Change to build assembly code for ARMv7a with NEON instruction set.
./configure -host=armv7a --enable-armasm
Added ARM32 SHA-256 NEON only implementation.
2022-09-07 09:29:56 +10:00
David Garske 4a8a11315b Merge pull request #5536 from SparkiDev/sha3_x64
SHA-3 improvements
2022-09-02 09:46:14 -07:00
Hayden Roche 959386422e Migrate async names from "test" to "software."
See async PR 52.
2022-09-01 17:53:18 -07:00
Marco Oliverio 401cfbd8e4 dtls13: enable hrr cookie by default 2022-09-01 09:37:35 +02:00
Sean Parkinson ce8959ea77 SHA-3 improvements
Add x86_64 assembly code:
  - BMI2
  - AVX2 (using ymm, slower than BMI2)
  - AVX2 of 4 similtaneous hashes
Add SHAKE128 functions and tests.
Add Absorb and Squeeze functions for SHAKE128 and SHAK256 and tests.
Add doxygen for SHA-3 and SHAKE functions.
Update other generated x86_64 assembly files to include settings.h.
2022-09-01 17:11:58 +10:00
Jacob Barthelmeh d75ce08d75 update readme for release 5.5.0 2022-08-30 09:31:28 -06:00
Marco Oliverio cfbd061625 add initial support for ConnectionID DTLS extension 2022-08-23 16:58:24 +02:00
Daniel Pouzzner 5b260ac52e configure.ac: remove enable-quic from enable-all feature set;
remove ENABLED_QUIC="yes" from "$ENABLED_CURL" = "yes" setup section;
add ENABLED_CURVE25519=yes if $ENABLED_QUIC = yes;

tests/unit.c: move QuicTest() and SrpTest() before SuiteTest().
2022-08-17 14:25:38 -05:00
David Garske 5e6c45a6fb Merge pull request #5397 from SparkiDev/cert_rsa_pss
Certs with RSA-PSS sig
2022-08-11 08:19:12 -07:00
Sean Parkinson fb531dacc2 Certs with RSA-PSS sig
Add support for parsing and verifying certificates with RSA-PSS
signatures. Including check PSS parameters in key with those in
signature algorithm.
Add support for parsing private RSA PSS key.
Add support for parsing public RSA PSS key.
2022-08-11 09:43:01 +10:00
Daniel Pouzzner f771181e1a fixes for issues introduced in #5384:
added numerous missing _SMALL_STACK code paths (PK objects on the stack);

in settings.h, enable WOLFSSL_SMALL_STACK_STATIC by default when WOLFSSL_SMALL_STACK is defined (NO_WOLFSSL_SMALL_STACK_STATIC to override);

fixes for unsafe strcat()s in tests/quic.c;

fix for unsafe macro WOLFSSL_IS_QUIC();

fix to exclude quic from enable-all when enable-linuxkm (quic needs opensslextra, and opensslextra currently only works in-kernel in cryptonly builds);

fix for signed/unsigned clash in wolfSSL_quic_receive().
2022-08-10 13:33:56 -05:00
Stefan Eissing 4431438fb2 add QUIC support. 2022-08-08 13:24:00 +02:00
Hayden Roche 3bf21b5a05 Expand error queue usage with new macro WOLFSSL_ERROR_VERBOSE.
We have users who need to debug errors coming out of libwolfssl in production,
where --enable-debug isn't an option. Our error queue implementation is the
solution, but our usage of WOLFSSL_ERROR isn't consistent. This commit greatly
expands our usage of WOLFSSL_ERROR. There are too many error cases to tackle
all at once, and not all error cases are particularly meaningful or likely to be
hit in regular operation of the library. I've tried to focus on errors that
users are likely to hit, and I've chosen to ignore things like the mountain of
BUFFER_E and BAD_FUNC_ARG cases (for the most part). I've also tried to expand
WOLFSSL_ERROR usage in files where we haven't been using it historically
(e.g. aes.c), so the pattern is now there for other developers to follow. In
order to prevent these additions from exploding the size of libwolfssl, they're
all behind a new macro, WOLFSSL_ERROR_VERBOSE. If WOLFSSL_VERBOSE_ERRORS is
defined, WOLFSSL_ERROR_VERBOSE just maps to WOLFSSL_ERROR.
2022-08-05 10:32:18 -07:00
Sean Parkinson 9ea3e173d0 Merge pull request #5277 from JacobBarthelmeh/req_attr
expand subject name and req attribute support
2022-08-04 14:32:14 +10:00
Anthony Hu fd412ed298 Fix so curl can do FTPS on TLS 1.3 with session resumption. 2022-08-02 10:51:14 -04:00
JacobBarthelmeh 99ed727179 add WOLFSSL_CERT_NAME_ALL macro guard and new values to set subject 2022-08-01 10:52:09 -07:00
Daniel Pouzzner a3fd714501 configure.ac: allow --enable-opensslextra with --enable-linuxkm if --enable-cryptonly is also given. 2022-07-20 18:21:29 -05:00
David Garske c029b23043 Merge pull request #5308 from SparkiDev/ecies_gen_iv
ECIES: Google Pay generates IV and places it before msg
2022-07-20 06:46:14 -07:00
Sean Parkinson 09bba3510f ECIES: Google Pay ECIES
Generates IV and places it before msg
Uses 12 byte IV with AES-CTR
Add API to explicitly set KDF salt.
2022-07-20 09:30:47 +10:00
Lealem Amedie cee9f9a871 Fix for --disable-aes without --disable-aesgcm 2022-07-18 10:26:20 -07:00
JacobBarthelmeh 86662bca2f update library version to 5.4.0 2022-07-08 16:04:26 -07:00
David Garske a771baf551 Merge pull request #5332 from SparkiDev/memusage_fix_2
SP math: fix configure.ac to allow its use
2022-07-07 07:40:13 -07:00
David Garske 738d79c5d5 Merge pull request #5330 from SparkiDev/aesni_no_sse4
AESNI: fix configure to use minimal compiler flags
2022-07-06 20:44:40 -07:00
Sean Parkinson 74baa0dafa SP math: fix configure.ac to allow its use
Choosing SP and SP math was resulting in only integer.c being used.
Fixed now.
Reorder realloc calls for memory logging to ensure scripts can match
allocate and free calls.
2022-07-07 12:16:12 +10:00
Sean Parkinson 9ba77300f9 AESNI: fix configure to use minimal compiler flags 2022-07-07 09:30:48 +10:00
Daniel Pouzzner 19106a9510 configure.ac and tests/api.c: lock out compkey on FIPS 140-3 RC12 and ready, and add backward-compat code in test_wc_ecc_export_x963_ex() to allow RC12 compkey builds to pass unit.test. 2022-07-06 17:31:56 -05:00
David Garske a7fa7875e4 Merge pull request #5244 from julek-wolfssl/wpas-dpp
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
2022-07-06 11:35:52 -07:00
Juliusz Sosinowicz 39e53c2b7c Add wc_EccPublicKeyToDer_ex doxygen entry 2022-07-06 11:59:29 +02:00
David Garske 9a256ca002 Merge pull request #5288 from haydenroche5/openldap
Add --enable-openldap option to configure.ac.
2022-07-05 16:04:51 -07:00
Hayden Roche f5a5d4ada5 Enhance OpenLDAP support.
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
2022-07-05 10:40:07 -07:00
Fabian Keil eb9a9ceef8 configure: Improve defaults for 64-bit BSDs
... by consistently treating host cpu "amd64" like host cpu "x86_64".

Tested on ElectroBSD amd64.
2022-07-05 19:37:31 +02:00
Juliusz Sosinowicz afaf41823c wpa_supplicant uses larger challenge passwords for x509 requests 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz 5179741ddb wpas: validate ecc points are on the curve 2022-07-05 08:48:37 +02:00
Juliusz Sosinowicz 448cde5a4b Support for new DPP in wpa_supplicant
- Add null check to asn template code in MakeCertReq and test
- ENABLED_ECCCUSTCURVES can also be "all"
2022-07-05 08:48:18 +02:00