Commit Graph

2084 Commits

Author SHA1 Message Date
Daniel Pouzzner 27a6de2c2f configure.ac, wolfssl/wolfcrypt/settings.h, wolfssl/wolfcrypt/wc_port.h: update linuxkm defaults and settings for compatibility with sp-math-all, and change linuxkm default math from sp-math to sp-math-all; refactor enable-all and enable-all-crypto logic to allow piecemeal exclusion of options from the command line. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner cfc08cc13f configure.ac: remove smallstackcache from linuxkm default options; add several feature exclusions to enable-all and enable-all-crypto to make them compatible with fips=ready; render the FIPS option in the feature summary at end. 2020-12-10 14:16:20 -06:00
toddouska cd3b91a8fe Merge pull request #3536 from SparkiDev/arm64_rev
ByteReverseWord32 AARCH64: Use proper instruction - REV32
2020-12-10 11:59:00 -08:00
toddouska 367f28b917 Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe
TLS 1.3: PSK only
2020-12-09 09:45:34 -08:00
Sean Parkinson d34b0072a2 ARM: identify ARM CPU for Thumb and Cortex
Better detailed check of CPU architecture for 32-bit byte reversal asm
2020-12-09 08:54:18 +10:00
toddouska 84a9e16805 Merge pull request #3388 from SparkiDev/aesgcm_4bit_table
AES-GCM: GMULT using 4-bit table
2020-11-25 15:45:28 -08:00
toddouska a0cd75081d Merge pull request #3514 from SparkiDev/aesni_sse4
AESNI compile flags: clang doesn't need -msse4
2020-11-25 08:55:35 -08:00
Sean Parkinson ca5ffc0743 AESNI compile flags: clang can't have -msse4
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
2020-11-25 10:32:42 +10:00
Sean Parkinson d0703f8931 AES-GCM: GMULT using 4-bit table
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
2020-11-25 08:47:50 +10:00
Sean Parkinson 91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
Sean Parkinson d8b58286d1 TLS 1.3: PSK only
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
2020-11-19 09:21:24 +10:00
David Garske 1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske 5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske 7e3efa3792 Merge pull request #3474 from douzzer/lighttpd-update-1.4.56
lighttpd support update for v1.4.56
2020-11-09 09:24:58 -08:00
Glenn Strauss f9e48ee361 build updates for lighttpd: recommend -DNO_BIO
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
2020-11-05 20:40:43 -06:00
Glenn Strauss 030eb9347c lighttpd: allow ssl3, tls1.0 if explicitly enabled 2020-11-05 20:40:43 -06:00
Glenn Strauss 7cee131e37 restore --enable-lighty with --enable-all
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
2020-11-05 20:40:43 -06:00
David Garske a9a495270c Fix to disable CRL monitor for single threaded or lighttpd. Do not set --enable-lighty with --enable-all. 2020-11-05 20:40:43 -06:00
Glenn Strauss bcf1f0375b build updates for lighttpd: recommended flags 2020-11-05 20:40:43 -06:00
Glenn Strauss e5ed227a87 build updates for lighttpd: -DOPENSSL_ALL
avoid potential for WolfSSL to silently omit expected functionality
2020-11-05 20:40:43 -06:00
Glenn Strauss 503de43cbd build updates for lighttpd
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.

Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
2020-11-05 20:40:43 -06:00
Sean Parkinson 2588fe366e cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
2020-11-05 11:16:27 +10:00
Daniel Pouzzner 7d177e78d7 don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner a5d96721ac wolfcrypt/src: remove wc_debug.c and move its contents to logging.c. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner 8be2d7690a add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime. 2020-10-28 17:28:01 -05:00
toddouska 931eea30f5 Merge pull request #3397 from cconlon/rc2
RC2 ECB/CBC and PKCS#12 Integration
2020-10-28 15:06:47 -07:00
David Garske ff092c02d2 Merge pull request #3396 from SparkiDev/fips_armasm
FIPS ARMASM: get build working
2020-10-22 15:26:24 -07:00
Daniel Pouzzner 6142c22948 add wc_XChaCha_init(), wc_XChaCha20Poly1305_Init(), wc_XChaCha20Poly1305_encrypt_oneshot(), wc_XChaCha20Poly1305_decrypt_oneshot(), and wc_Poly1305_EncodeSizes64(). also, remove redundant arg check (typo) in wc_Poly1305Update(). 2020-10-21 14:08:41 -05:00
David Garske b58ea5842a wolfSSL RC2 template. 2020-10-16 11:46:40 -06:00
David Garske ab88ab160c Merge pull request #3395 from douzzer/misc-fixes-20201015
misc fixes for coverage and buildability
2020-10-16 07:28:48 -07:00
Sean Parkinson aeb44c5352 FIPS ARMASM: get build working 2020-10-16 16:41:18 +10:00
Daniel Pouzzner eb7a79aa5e misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073). 2020-10-15 15:05:29 -05:00
John Safranek 69ac13c2e9 wolfSSH Update
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
2020-10-15 11:37:31 -07:00
Daniel Pouzzner 9de5eea1d9 configure.ac: supplement AC_CHECK_FUNCS() (function link test) with AC_CHECK_DECLS() (function declaration test) to avoid false positives. fixes various build failure modes. 2020-10-09 22:18:51 -05:00
Daniel Pouzzner 570f55a0e3 wolfSSL_get_ocsp_producedDate*(): gate on !defined(NO_ASN_TIME), and in client_test(), gate call to strftime() on HAVE_STRFTIME and add fallback code; add HAVE_STRFTIME test to configure.ac. 2020-10-08 23:26:28 -05:00
Daniel Pouzzner c18f7010cf configure.ac: remove enable_apachehttpd and enable_secure_renegotiation from new --enable-all (valgrind woes). 2020-10-02 18:54:45 -05:00
Daniel Pouzzner d900e57ae4 improve --enable-linuxkm-defaults fidelity. 2020-10-01 18:07:48 -05:00
Daniel Pouzzner c37ba164bf configure.ac: don't include enable_certgencache=yes in --enable-all[-crypto] feature sets, to avoid memory leak false alarms. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner 24b20352f8 configure.ac: refactor-for-clarity enable-all[-crypto] feature selection logic conditionalized on sp-math and linuxkm. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner fd3815c708 configure.ac: include enable_xchacha in --enable-all-crypto. 2020-10-01 14:38:26 -05:00
Daniel Pouzzner a4bd213099 configure.ac: improve --enable-all coverage and make it compatible with --enable-sp-math, add --enable-all-crypto (crypto-only subset of --enable-all), and add --enable-linuxkm-defaults ("Enable feature defaults for Linux Kernel Module"). 2020-10-01 14:38:26 -05:00
Sean Parkinson 66ed9b1522 ARM asm: fixes for compiling on Mac and ChaCha20 streaming
Don't set the CPU to generic on Mac.
Implement streaming for ChaCha20.
2020-09-29 13:38:02 +10:00
Daniel Pouzzner 09b9ac8b86 add AM_CONDITIONAL([BUILD_DEBUG],...) to configure.ac, and use it to gate inclusion of wolfcrypt/src/debug.c in src/include.am; remove superfluous includes from wolfcrypt/src/debug.c. 2020-09-23 18:32:17 -05:00
Daniel Pouzzner 4742a17006 configure.ac: move AC_ARG_ENABLE([linuxkm] before AC_ARG_ENABLE([filesystem], and add ENABLED_FILESYSTEM_DEFAULT=no when ENABLED_LINUXKM. 2020-09-23 18:32:17 -05:00
Daniel Pouzzner 291febb270 configure.ac: clean up AC_ARG_ENABLE() for linuxkm, and make AC_ARG_WITH for linux-source and linux-arch unconditional. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 331fe47eb6 linuxkm: add ASFLAGS_FPU_DISABLE_SIMD_ENABLE ASFLAGS_FPU_ENABLE_SIMD_DISABLE ASFLAGS_FPUSIMD_DISABLE ASFLAGS_FPUSIMD_ENABLE to facilitate erroring for unexpected fp/simd instructions in Kbuild, while allowing expected ones. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner c8cd042bdd configure.ac: for linuxkm, make --enable-sp-math the default, and add additional exclusions --enable-fastrsa and --with-libz. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner af6bd1d163 configure.ac: tidying linuxkm reqs/exclusions tests at end. 2020-09-23 18:32:16 -05:00