Commit Graph

2084 Commits

Author SHA1 Message Date
toddouska 5eba89c3ca Merge pull request #3742 from julek-wolfssl/error-queue-per-thread
Add --enable-error-queue-per-thread
2021-02-23 12:02:16 -08:00
Elms c4d2e7cfdb configure: split SHA3 and SHAKE256 to work with ED448
Define flags and defaults early, but set CFLAGS later to allow
override.
2021-02-22 10:14:21 -08:00
Fabian Keil 1b319804ad configure: When enabling --enable-sp-asm, accept host_cpu amd64 as alternative to x86_64
Allows to use --enable-sp-asm on ElectroBSD amd64.

Previouly configure failed with:
 configure: error: ASM not available for CPU. Supported CPUs: x86_64, aarch64, arm
2021-02-20 14:25:05 +01:00
Elms 31d3dfdd4d configure: ED448 to enable SHA3 and SHAKE256 properly
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
2021-02-19 13:18:52 -08:00
Jacob Barthelmeh 5f3ee2985c bump version for development bundles 2021-02-16 23:57:47 +07:00
Juliusz Sosinowicz b8f841599c Add --enable-error-queue-per-thread 2021-02-16 16:08:13 +01:00
Juliusz Sosinowicz 9a1e54cfd5 Nginx 1.19.6 Fixes 2021-02-16 14:25:45 +01:00
Jacob Barthelmeh 847938f4d6 prepare for release v4.7.0 2021-02-16 02:41:37 +07:00
David Garske 98b5900266 Revert of changes in PR #3289, which should not have removed the HAVE_SECRET_CALLBACK and WOLFSSL_PUBLIC_ECC_ADD_DBL. These are required for hostapd. 2021-02-12 14:11:17 -08:00
toddouska d40ea03621 Merge pull request #3703 from SparkiDev/sp_int_malloc
SP int: Rework allocation of temporaries
2021-02-11 13:49:45 -08:00
toddouska 39cb84de25 Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff
OpenVPN master additions
2021-02-11 08:56:45 -08:00
Daniel Pouzzner d64315a951 configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 . 2021-02-11 00:12:05 -06:00
Sean Parkinson b330196c28 SP int: Rework allocation of temporaries
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
2021-02-11 10:34:40 +10:00
toddouska 67b1280bbf Merge pull request #3545 from kabuobeid/smime
Added support for reading S/MIME messages via SMIME_read_PKCS7.
2021-02-10 15:59:32 -08:00
David Garske 47d5f6f624 Merge pull request #3714 from SparkiDev/sp_int_rsavfy 2021-02-09 07:28:40 -08:00
Kareem Abuobeid a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
Sean Parkinson 763f388471 SP int: get rsavfy and rsapub working again 2021-02-09 09:58:23 +10:00
Elms c17597a4fb build: arbitrary path for make check
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
2021-02-05 12:10:32 -08:00
Juliusz Sosinowicz 46821196ab Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).

Enable keying material for OpenVPN
2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz c18701ebe7 Implement RFC 5705: Keying Material Exporters for TLS 2021-02-02 12:06:11 +01:00
Daniel Pouzzner 0f6ae330da wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table. 2021-01-28 22:51:28 -06:00
Daniel Pouzzner a89087ed2d configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source. 2021-01-25 17:56:28 -06:00
toddouska 5a7e79cbfd Merge pull request #3632 from SparkiDev/all_not_tls13_fix
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
2021-01-18 13:37:34 -08:00
John Safranek d4e13796c2 M1 Support
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
2021-01-06 09:21:07 -08:00
Sean Parkinson fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
2021-01-06 14:19:57 +10:00
Daniel Pouzzner 3d88676ff1 test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene. 2020-12-30 16:12:08 -06:00
elms 4280861af0 Merge pull request #3591 from dgarske/wolftpm
Added helper configure option '--enable-wolftpm`
2020-12-23 12:22:44 -08:00
Daniel Pouzzner d5dd35c739 add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options. 2020-12-23 12:03:06 -06:00
David Garske daa6833f37 Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb). 2020-12-23 08:09:24 -08:00
Daniel Pouzzner f06361ddf6 add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory). 2020-12-22 17:12:57 -06:00
Jacob Barthelmeh 47c186df34 prepare for release 4.6.0 2020-12-22 02:33:58 +07:00
Jacob Barthelmeh 4de1c1b037 add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509 2020-12-21 17:24:35 +07:00
toddouska fe92d29eb5 Merge pull request #3574 from cconlon/releasefixes
Release fixes for Jenkins tests, example client
2020-12-18 14:06:27 -08:00
Juliusz Sosinowicz 3231cfe9e0 Refactor extension stack generation 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz c405c3477f Protect against invalid write in RsaPad_PSS 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz ff2574b3cb OpenSSL Compat layer
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 1a50d8e028 WIP
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 85b1196b08 Implement/stub:
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz 728f4ce892 Implement/stub:
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz b52e11d3d4 Implement/stub the following:
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz 777bdb28bc Implement/stub the following:
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz a9d502ef85 Add --enable-libest option to configure.ac
Refactoring and adding defines for functions
2020-12-17 14:26:30 +01:00
Chris Conlon 502e471cde fix spelling of Nitrox in configure option summary 2020-12-16 13:08:32 -07:00
Chris Conlon f375cff685 enable AES-CTR for libsignal build 2020-12-16 12:44:01 -07:00
Daniel Pouzzner 18984abc9e configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes. 2020-12-11 14:16:44 -06:00
Daniel Pouzzner e9a79b2e0d configure.ac: fix rebase error, re enable-sp-asm on ARM. 2020-12-10 14:46:22 -06:00
Daniel Pouzzner 0fa4bde5b5 configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met. 2020-12-10 14:21:08 -06:00