toddouska
5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread
...
Add --enable-error-queue-per-thread
2021-02-23 12:02:16 -08:00
Elms
c4d2e7cfdb
configure: split SHA3 and SHAKE256 to work with ED448
...
Define flags and defaults early, but set CFLAGS later to allow
override.
2021-02-22 10:14:21 -08:00
Fabian Keil
1b319804ad
configure: When enabling --enable-sp-asm, accept host_cpu amd64 as alternative to x86_64
...
Allows to use --enable-sp-asm on ElectroBSD amd64.
Previouly configure failed with:
configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
2021-02-20 14:25:05 +01:00
Elms
31d3dfdd4d
configure: ED448 to enable SHA3 and SHAKE256 properly
...
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
2021-02-19 13:18:52 -08:00
Jacob Barthelmeh
5f3ee2985c
bump version for development bundles
2021-02-16 23:57:47 +07:00
Juliusz Sosinowicz
b8f841599c
Add --enable-error-queue-per-thread
2021-02-16 16:08:13 +01:00
Juliusz Sosinowicz
9a1e54cfd5
Nginx 1.19.6 Fixes
2021-02-16 14:25:45 +01:00
Jacob Barthelmeh
847938f4d6
prepare for release v4.7.0
2021-02-16 02:41:37 +07:00
David Garske
98b5900266
Revert of changes in PR #3289 , which should not have removed the HAVE_SECRET_CALLBACK and WOLFSSL_PUBLIC_ECC_ADD_DBL. These are required for hostapd.
2021-02-12 14:11:17 -08:00
toddouska
d40ea03621
Merge pull request #3703 from SparkiDev/sp_int_malloc
...
SP int: Rework allocation of temporaries
2021-02-11 13:49:45 -08:00
toddouska
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
...
OpenVPN master additions
2021-02-11 08:56:45 -08:00
Daniel Pouzzner
d64315a951
configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 .
2021-02-11 00:12:05 -06:00
Sean Parkinson
b330196c28
SP int: Rework allocation of temporaries
...
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
2021-02-11 10:34:40 +10:00
toddouska
67b1280bbf
Merge pull request #3545 from kabuobeid/smime
...
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
David Garske
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy
2021-02-09 07:28:40 -08:00
Kareem Abuobeid
a4e819c60a
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-08 17:14:37 -07:00
Sean Parkinson
763f388471
SP int: get rsavfy and rsapub working again
2021-02-09 09:58:23 +10:00
Elms
c17597a4fb
build: arbitrary path for make check
...
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
Juliusz Sosinowicz
46821196ab
Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13
...
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).
Enable keying material for OpenVPN
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
c18701ebe7
Implement RFC 5705: Keying Material Exporters for TLS
2021-02-02 12:06:11 +01:00
Daniel Pouzzner
0f6ae330da
wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table.
2021-01-28 22:51:28 -06:00
Daniel Pouzzner
a89087ed2d
configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source.
2021-01-25 17:56:28 -06:00
toddouska
5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix
...
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
2021-01-18 13:37:34 -08:00
John Safranek
d4e13796c2
M1 Support
...
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
2021-01-06 09:21:07 -08:00
Sean Parkinson
fa86c1aa91
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
...
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.
Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
Daniel Pouzzner
3d88676ff1
test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene.
2020-12-30 16:12:08 -06:00
elms
4280861af0
Merge pull request #3591 from dgarske/wolftpm
...
Added helper configure option '--enable-wolftpm`
2020-12-23 12:22:44 -08:00
Daniel Pouzzner
d5dd35c739
add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options.
2020-12-23 12:03:06 -06:00
David Garske
daa6833f37
Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb).
2020-12-23 08:09:24 -08:00
Daniel Pouzzner
f06361ddf6
add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory).
2020-12-22 17:12:57 -06:00
Jacob Barthelmeh
47c186df34
prepare for release 4.6.0
2020-12-22 02:33:58 +07:00
Jacob Barthelmeh
4de1c1b037
add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509
2020-12-21 17:24:35 +07:00
toddouska
fe92d29eb5
Merge pull request #3574 from cconlon/releasefixes
...
Release fixes for Jenkins tests, example client
2020-12-18 14:06:27 -08:00
Juliusz Sosinowicz
3231cfe9e0
Refactor extension stack generation
2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
c405c3477f
Protect against invalid write in RsaPad_PSS
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae
Extension manipulation
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9
Tests starting to pass
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb
OpenSSL Compat layer
...
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028
WIP
...
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08
Implement/stub:
...
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892
Implement/stub:
...
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4
Implement/stub the following:
...
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84
Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT
...
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc
Implement/stub the following:
...
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85
Add --enable-libest option to configure.ac
...
Refactoring and adding defines for functions
2020-12-17 14:26:30 +01:00
Chris Conlon
502e471cde
fix spelling of Nitrox in configure option summary
2020-12-16 13:08:32 -07:00
Chris Conlon
f375cff685
enable AES-CTR for libsignal build
2020-12-16 12:44:01 -07:00
Daniel Pouzzner
18984abc9e
configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes.
2020-12-11 14:16:44 -06:00
Daniel Pouzzner
e9a79b2e0d
configure.ac: fix rebase error, re enable-sp-asm on ARM.
2020-12-10 14:46:22 -06:00
Daniel Pouzzner
0fa4bde5b5
configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met.
2020-12-10 14:21:08 -06:00