Sean Parkinson
2eb044dc60
SP: Add support for P521
2022-02-23 14:51:47 +10:00
John Safranek
bb8af1cac5
Prepare for release 5.2.0
...
1. Update versions as appropriate.
2. Modify FreeAtomicUser() to only free the Aes data in the callback
contexts if the contexts exist.
2022-02-18 13:55:22 -08:00
elms
208c457348
tls13: fix to not send RENEGOTIATION_INFO ext
...
Introduced in PR #4742 to enable sending of extension in TLS1.2
without fully supporting secure renegotiation in accordance with
RFC 5746 4.3 https://datatracker.ietf.org/doc/html/rfc5746#section-4.3
2022-02-17 11:22:17 -08:00
Sean Parkinson
f02296a4e6
Configure HMAC: define NO_HMAC when HMAC disabled
2022-02-14 17:22:10 +10:00
Daniel Pouzzner
91578df19d
fixes for clang -Os on clang >= 12.0.0; fixes for bugs in blake2s.
2022-02-10 15:54:10 -06:00
tmael
0d5edfadcb
Merge pull request #4837 from SparkiDev/sp_c_config
...
SP C: when sp_c32.c ad sp_c64.c are included in build changed
2022-02-09 07:51:20 -08:00
Sean Parkinson
343cb0da23
SP C: when sp_c32.c ad sp_c64.c are included in build changed
...
When compiling with the CFLAG -m32, sp_c32.c is used and not sp_c64.c.
The build system cannot detect that this is a 32-bit platform and to use
sp_c32.c.
The SP code detects which implementaiton to use and sets defines that
enable the code in sp_c32.c or sp_c64.c.
ENABLED_64BIT, 64-bit platform, was on by default, which is not always
true.
By making ENABLED_64BIT not default then the decision of which SP C
files to include in the build had to change to not being the other.
That is, sp_c64.c is not included when the configuration line explicitly
enables 32bit and sp_c32.c is not include when the configuration line
explicitly enables 64bit.
2022-02-09 15:56:57 +10:00
David Garske
ed1fc9fc51
Merge pull request #4833 from SparkiDev/sha3_arm_crypto
...
SHA-3, ARM64: add assembly support for crypto instructions
2022-02-08 11:05:35 -08:00
Sean Parkinson
0042a2594c
SHA-3, ARM64: add assembly support for crypto instructions
...
Add ability to compile ARM assembly from inline C code.
2022-02-08 12:21:38 +10:00
Marco Oliverio
08fbcf5eae
autoconf: add PSA options
2022-02-04 12:12:04 +01:00
Anthony Hu
9ea40f3a9c
Purge IDEA cipher
2022-01-31 15:29:25 -05:00
David Garske
5bdaf44354
Merge pull request #4774 from anhu/kill_rabbit
...
Purge Rabbit cipher
2022-01-31 09:17:23 -08:00
David Garske
40fff86807
Merge pull request #4801 from tmael/cert_rr
...
cert subset improvements
2022-01-28 11:00:55 -08:00
Anthony Hu
b957a6e872
Purge Rabbit cipher
2022-01-28 13:13:53 -05:00
John Safranek
1465f99b12
Merge pull request #4734 from haydenroche5/fips_v5_des3
...
Allow DES3 with FIPS v5-dev.
2022-01-27 15:07:22 -08:00
Tesfa Mael
1c1bd413e0
cert subset SHA2-256, ecc-256, cert gen, cryptocb
2022-01-26 17:11:00 -08:00
Hayden Roche
58789991f9
Allow DES3 with FIPS v5-dev.
2022-01-24 15:18:44 -08:00
Daniel Pouzzner
a718637c6f
AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2).
2022-01-24 11:44:16 -06:00
John Safranek
93404361ff
Merge pull request #4783 from SparkiDev/mac_sha512_def
...
SHA-512 ASM: For Mac computers default to using SHA512 instructions
2022-01-24 09:03:08 -08:00
Daniel Pouzzner
386aac9694
AES-SIV:
...
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;
in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
2022-01-21 01:26:33 -06:00
Sean Parkinson
8a2cab8702
SHA-512 ASM: For Mac computers default to using SHA512 instructions
2022-01-21 16:40:35 +10:00
Sean Parkinson
848f5eeb0c
Merge pull request #4755 from dgarske/dtls_srtp
...
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
2022-01-21 10:43:47 +10:00
David Garske
d1a23a3285
Merge pull request #4758 from kareem-wolfssl/asioOldTls
...
Fix building ASIO with Old TLS disabled.
2022-01-20 10:44:41 -08:00
Hayden Roche
a05b1b012f
Add --enable-chrony configure option.
...
This turns on the necessary features for using the chrony NTP package with
wolfSSL.
2022-01-19 19:13:34 -08:00
David Garske
609d6442b1
Merge pull request #4753 from SparkiDev/siphash
...
Add SipHash algorithm
2022-01-19 18:51:44 -08:00
Sean Parkinson
a6485a228d
Add SipHash algorithm
2022-01-20 09:41:18 +10:00
Hayden Roche
62b07d8806
Add AES-SIV (RFC 5297).
...
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
2022-01-19 14:32:33 -08:00
Anthony Hu
c2860cb311
Get rid of HC-128
2022-01-17 18:11:54 -05:00
Kareem
021f9171c5
Fix building ASIO with Old TLS disabled.
2022-01-14 15:00:02 -07:00
David Garske
6ccbd8776f
DTLS SRTP (RFC5764) support (adds --enable-srtp). Used with WebRTC to agree on profile for new real-time session keys.
2022-01-14 07:35:45 -08:00
elms
efe2cea8d1
TLS: Default secure renegotiation compatability
...
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746
From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.
With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
2022-01-11 15:56:35 -08:00
David Garske
5910ada93d
Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene
...
cppcheck sweep
2022-01-10 12:52:22 -08:00
Daniel Pouzzner
a14982b079
configure.ac: add ENABLED_WPAS to the config summary.
2022-01-07 21:36:24 -06:00
David Garske
b4da751076
Fixes for SE050 Ed25519/Curve25519.
2022-01-07 12:54:54 -08:00
David Garske
db1bb9ea6a
Merge pull request #4694 from anhu/with-curl
...
Add a --enable-curl build option
2022-01-04 13:39:07 -08:00
David Garske
cf29badd52
Merge pull request #4721 from anhu/lighty
...
lighttpd requires WOLFSSL_KEY_GEN…
2022-01-04 12:37:41 -08:00
Anthony Hu
038a9d8fa9
lighttpd requires WOLFSSL_KEY_GEN. Without it, a call to wolfSSL_CTX_use_PrivateKey fails.
2022-01-04 13:09:13 -05:00
Jacob Barthelmeh
7dd50a1beb
bump version for dev and update year in readme
2022-01-03 16:02:10 -07:00
John Safranek
68e58bb321
Update configure and fips-check.sh for FIPS RC12.
2021-12-30 15:21:44 -08:00
Anthony Hu
69733e87c5
SNI and ALT_CERT_CHAINS
2021-12-29 12:50:50 -05:00
Jacob Barthelmeh
616026880e
bump version by .1 for dev
2021-12-28 16:25:05 -07:00
Jacob Barthelmeh
816718ecd3
prepare for release 5.1.0
2021-12-27 10:34:09 -07:00
Anthony Hu
8eea17d92a
More stuff, probably not complete yet
2021-12-23 17:28:24 -05:00
JacobBarthelmeh
801c0c7efd
Merge pull request #4549 from elms/cmake/ac_catchup
...
cmake/configure consistency
2021-12-23 13:49:44 -07:00
elms
c89b7d5f79
configure and cmake: Closing gap on options and output
...
cmake:
* 32-bit and 16-bit mode flags
* Add 4bit to AESGCM
* Add align data
* Encrypted Keys option
* PKC12 option
* Header installation cleanup
configure:
* Add comment for `v5-RC9`
* update CFLAGS to always be appended instead of mix of prepend and append
* removed duplicate `ARC4` logic
2021-12-23 09:22:47 -08:00
Daniel Pouzzner
a6ed5dc92d
configure.ac: update fips with RC11.
2021-12-22 17:32:36 -06:00
Anthony Hu
991ddaadfc
Add a --enable-curl build option
2021-12-22 17:34:58 -05:00
David Garske
6b47954d58
Merge pull request #4670 from julek-wolfssl/krb5-missing-api
...
Missing config for krb5 1.16.1
2021-12-20 15:54:41 -08:00
David Garske
ce4f436d0f
Merge pull request #4587 from SparkiDev/dis_algs_fix_1
...
Disable algorithms: fixes
2021-12-19 20:12:30 -08:00
Daniel Pouzzner
5c6bd8c2c9
configure.ac: in fips v5 setup, consider HAVE_AES{CCM,CTR,GCM,OFB}_PORT when auto-setting -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB; refactor KCAPI options for readability and correctness.
2021-12-16 17:03:01 -06:00