Commit Graph

2084 Commits

Author SHA1 Message Date
Sean Parkinson 2eb044dc60 SP: Add support for P521 2022-02-23 14:51:47 +10:00
John Safranek bb8af1cac5 Prepare for release 5.2.0
1. Update versions as appropriate.
2. Modify FreeAtomicUser() to only free the Aes data in the callback
   contexts if the contexts exist.
2022-02-18 13:55:22 -08:00
elms 208c457348 tls13: fix to not send RENEGOTIATION_INFO ext
Introduced in PR #4742 to enable sending of extension in TLS1.2
without fully supporting secure renegotiation in accordance with
RFC 5746 4.3 https://datatracker.ietf.org/doc/html/rfc5746#section-4.3
2022-02-17 11:22:17 -08:00
Sean Parkinson f02296a4e6 Configure HMAC: define NO_HMAC when HMAC disabled 2022-02-14 17:22:10 +10:00
Daniel Pouzzner 91578df19d fixes for clang -Os on clang >= 12.0.0; fixes for bugs in blake2s. 2022-02-10 15:54:10 -06:00
tmael 0d5edfadcb Merge pull request #4837 from SparkiDev/sp_c_config
SP C: when sp_c32.c ad sp_c64.c are included in build changed
2022-02-09 07:51:20 -08:00
Sean Parkinson 343cb0da23 SP C: when sp_c32.c ad sp_c64.c are included in build changed
When compiling with the CFLAG -m32, sp_c32.c is used and not sp_c64.c.
The build system cannot detect that this is a 32-bit platform and to use
sp_c32.c.

The SP code detects which implementaiton to use and sets defines that
enable the code in sp_c32.c or sp_c64.c.

ENABLED_64BIT, 64-bit platform, was on by default, which is not always
true.
By making ENABLED_64BIT not default then the decision of which SP C
files to include in the build had to change to not being the other.
That is, sp_c64.c is not included when the configuration line explicitly
enables 32bit and sp_c32.c is not include when the configuration line
explicitly enables 64bit.
2022-02-09 15:56:57 +10:00
David Garske ed1fc9fc51 Merge pull request #4833 from SparkiDev/sha3_arm_crypto
SHA-3, ARM64: add assembly support for crypto instructions
2022-02-08 11:05:35 -08:00
Sean Parkinson 0042a2594c SHA-3, ARM64: add assembly support for crypto instructions
Add ability to compile ARM assembly from inline C code.
2022-02-08 12:21:38 +10:00
Marco Oliverio 08fbcf5eae autoconf: add PSA options 2022-02-04 12:12:04 +01:00
Anthony Hu 9ea40f3a9c Purge IDEA cipher 2022-01-31 15:29:25 -05:00
David Garske 5bdaf44354 Merge pull request #4774 from anhu/kill_rabbit
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
David Garske 40fff86807 Merge pull request #4801 from tmael/cert_rr
cert subset improvements
2022-01-28 11:00:55 -08:00
Anthony Hu b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
John Safranek 1465f99b12 Merge pull request #4734 from haydenroche5/fips_v5_des3
Allow DES3 with FIPS v5-dev.
2022-01-27 15:07:22 -08:00
Tesfa Mael 1c1bd413e0 cert subset SHA2-256, ecc-256, cert gen, cryptocb 2022-01-26 17:11:00 -08:00
Hayden Roche 58789991f9 Allow DES3 with FIPS v5-dev. 2022-01-24 15:18:44 -08:00
Daniel Pouzzner a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00
John Safranek 93404361ff Merge pull request #4783 from SparkiDev/mac_sha512_def
SHA-512 ASM: For Mac computers default to using SHA512 instructions
2022-01-24 09:03:08 -08:00
Daniel Pouzzner 386aac9694 AES-SIV:
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
2022-01-21 01:26:33 -06:00
Sean Parkinson 8a2cab8702 SHA-512 ASM: For Mac computers default to using SHA512 instructions 2022-01-21 16:40:35 +10:00
Sean Parkinson 848f5eeb0c Merge pull request #4755 from dgarske/dtls_srtp
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
2022-01-21 10:43:47 +10:00
David Garske d1a23a3285 Merge pull request #4758 from kareem-wolfssl/asioOldTls
Fix building ASIO with Old TLS disabled.
2022-01-20 10:44:41 -08:00
Hayden Roche a05b1b012f Add --enable-chrony configure option.
This turns on the necessary features for using the chrony NTP package with
wolfSSL.
2022-01-19 19:13:34 -08:00
David Garske 609d6442b1 Merge pull request #4753 from SparkiDev/siphash
Add SipHash algorithm
2022-01-19 18:51:44 -08:00
Sean Parkinson a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Hayden Roche 62b07d8806 Add AES-SIV (RFC 5297).
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
2022-01-19 14:32:33 -08:00
Anthony Hu c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Kareem 021f9171c5 Fix building ASIO with Old TLS disabled. 2022-01-14 15:00:02 -07:00
David Garske 6ccbd8776f DTLS SRTP (RFC5764) support (adds --enable-srtp). Used with WebRTC to agree on profile for new real-time session keys. 2022-01-14 07:35:45 -08:00
elms efe2cea8d1 TLS: Default secure renegotiation compatability
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746

From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.

With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
2022-01-11 15:56:35 -08:00
David Garske 5910ada93d Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene
cppcheck sweep
2022-01-10 12:52:22 -08:00
Daniel Pouzzner a14982b079 configure.ac: add ENABLED_WPAS to the config summary. 2022-01-07 21:36:24 -06:00
David Garske b4da751076 Fixes for SE050 Ed25519/Curve25519. 2022-01-07 12:54:54 -08:00
David Garske db1bb9ea6a Merge pull request #4694 from anhu/with-curl
Add a --enable-curl build option
2022-01-04 13:39:07 -08:00
David Garske cf29badd52 Merge pull request #4721 from anhu/lighty
lighttpd requires WOLFSSL_KEY_GEN…
2022-01-04 12:37:41 -08:00
Anthony Hu 038a9d8fa9 lighttpd requires WOLFSSL_KEY_GEN. Without it, a call to wolfSSL_CTX_use_PrivateKey fails. 2022-01-04 13:09:13 -05:00
Jacob Barthelmeh 7dd50a1beb bump version for dev and update year in readme 2022-01-03 16:02:10 -07:00
John Safranek 68e58bb321 Update configure and fips-check.sh for FIPS RC12. 2021-12-30 15:21:44 -08:00
Anthony Hu 69733e87c5 SNI and ALT_CERT_CHAINS 2021-12-29 12:50:50 -05:00
Jacob Barthelmeh 616026880e bump version by .1 for dev 2021-12-28 16:25:05 -07:00
Jacob Barthelmeh 816718ecd3 prepare for release 5.1.0 2021-12-27 10:34:09 -07:00
Anthony Hu 8eea17d92a More stuff, probably not complete yet 2021-12-23 17:28:24 -05:00
JacobBarthelmeh 801c0c7efd Merge pull request #4549 from elms/cmake/ac_catchup
cmake/configure consistency
2021-12-23 13:49:44 -07:00
elms c89b7d5f79 configure and cmake: Closing gap on options and output
cmake:
 * 32-bit and 16-bit mode flags
 * Add 4bit to AESGCM
 * Add align data
 * Encrypted Keys option
 * PKC12 option
 * Header installation cleanup

configure:
 * Add comment for `v5-RC9`
 * update CFLAGS to always be appended instead of mix of prepend and append
 * removed duplicate `ARC4` logic
2021-12-23 09:22:47 -08:00
Daniel Pouzzner a6ed5dc92d configure.ac: update fips with RC11. 2021-12-22 17:32:36 -06:00
Anthony Hu 991ddaadfc Add a --enable-curl build option 2021-12-22 17:34:58 -05:00
David Garske 6b47954d58 Merge pull request #4670 from julek-wolfssl/krb5-missing-api
Missing config for krb5 1.16.1
2021-12-20 15:54:41 -08:00
David Garske ce4f436d0f Merge pull request #4587 from SparkiDev/dis_algs_fix_1
Disable algorithms: fixes
2021-12-19 20:12:30 -08:00
Daniel Pouzzner 5c6bd8c2c9 configure.ac: in fips v5 setup, consider HAVE_AES{CCM,CTR,GCM,OFB}_PORT when auto-setting -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB; refactor KCAPI options for readability and correctness. 2021-12-16 17:03:01 -06:00