Commit Graph

2084 Commits

Author SHA1 Message Date
Daniel Pouzzner 16267a1889 configure.ac: error when ENABLED_LINUXKM but $KERNEL_ARCH is empty (no default, no user value). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 8331079c36 configure.ac: --enable-compkey gates in the recursive do_mp_jacobi(). mutex with --enable-linuxkm. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 170322956b wolfssl/test.h: polish implementation of HAVE_STACK_SIZE_VERBOSE, now enabled with --enable-stacksize-verbose; internal symbol renamed from original DEBUG_STACK_SIZE_VERBOSE, helper functions and macros refactored to be formally threadsafe and to track the overall high water mark (reports same "stack used" value as --enable-stacksize after final return); add "setting stack relative offset reference mark in funcname() to x" message at entry; add configure mutexing of --enable-stacksize[-verbose] relative to --enable-linuxkm. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner b99908ae66 configure.ac: refactor test -z "${KERNEL_ROOT}" into "${KERNEL_ROOT}" = "", and remove new AM_CFLAGS="$AM_CFLAGS -msse4" (bringing back identical to logic in master) now that $CFLAGS_SIMD_ENABLE et al take care of it. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 5589565051 linuxkm: add autotools detection of usable compiler flags for enabling and disabling SIMD and fp registers and auto-vectorization, and integrate into linuxkm makefiles. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner cd14cfb092 linuxkm: override-disable SIMD instructions for all .c.o's, with exceptions enumerated in Kbuild (currently only aes.c), and couple -msse with -fno-builtin-functions; export ENABLED_ASM for use as a pivot in Kbuild; use asm/i387.h, not asm/simd.h, for kernel_fpu_{begin,end}() protos. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 05bca8b0ee when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner 34fd53b4fc linuxkm: WIP support for wolfcrypt_test() at module load time. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 0cfe9ca5d6 configure.ac: --enable-linuxkm: improved defaults and consistency checking. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 836915d05f linuxkm: configure.ac more incompatible options: --enable-fastmath, --enable-iopool, and --enable-fips; linuxkm/Makefile: reduce -Wframe-larger-than from 65536 to kernel-compatible 5000; wolfssl/wolfcrypt/settings.h: unset HAVE_THREAD_LS when WOLFSSL_LINUXKM; wolfssl/wolfcrypt/types.h: when NO_INLINE and __GNUC__, #define WC_INLINE __attribute__((unused)) rather than to nothing to avoid -Wunused-function warnings; wolfssl/wolfcrypt/wc_port.h: #undef noinline after Linux kernel header includes (another macro conflict). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 911b23d2b4 configure.ac: check for incompatible combinations, and restore check for non-empty $KROOT when --enable-linuxkm. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner dff5344d82 configure.ac: when --enable-asm (default on), for gcc amd64 target always include -msse4 even if not --enable-intelasm (it's needed for TFM_X86_64 inline asm). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner 1aa15632ce initial buildability of full libwolfssl.ko loadable kernel module for Linux via ./configure --enable-linuxkm && make. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner bc1c85842d WIP: autotools support for LKM 2020-09-23 18:32:15 -05:00
David Garske 6425ebb60e Linux Kernel Module support using "--enable-linuxkm". 2020-09-23 18:32:15 -05:00
David Garske 9deb85ceb1 Fixes to reduce code size. 2020-09-18 09:14:41 -07:00
David Garske d61be6f030 Restore the normal --enable-wpas macro. 2020-09-18 09:14:41 -07:00
David Garske 780e8a4619 Fixes for building --enable-wpas=small with WPA Supplicant v2.7. 2020-09-18 09:14:41 -07:00
Daniel Pouzzner cc1d016d1e configure.ac: define BUILD_TESTS as ENABLED_EXAMPLES, rather than ENABLED_EXAMPLES && !ENABLED_LEANTLS; add missing preprocessor gating in tests/api.c test_wolfSSL_EVP_Digest() and test_wolfSSL_i2d_PrivateKey(). 2020-09-17 12:03:44 -05:00
David Garske 7d45e85b03 Add ED448 to the "all" options. 2020-08-21 15:47:02 -07:00
John Safranek 362e328180 NTRU fixes
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
2020-08-19 10:46:03 -07:00
John Safranek 3f6861ee82 FIPS Ready Fix with ECC Timing Resistance
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
2020-08-14 10:54:55 -07:00
John Safranek 95337e666c Release Update
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
2020-08-12 14:43:47 -07:00
toddouska fa146870bd Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked
Additional OpenSSL compat stuff for OpenSSH
2020-08-11 16:32:31 -07:00
toddouska 1681ed1b85 Merge pull request #3211 from cconlon/jniconfig
Update "enable-jni" option for current JSSE requirements
2020-08-11 12:39:54 -07:00
JacobBarthelmeh 8b7f588aaf Merge pull request #3108 from SparkiDev/openssl_interop
Update OpenSSL interopability testing
2020-08-11 09:42:43 -06:00
Sean Parkinson 93cdfd7132 Update OpenSSL interopability testing
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
2020-08-11 16:44:45 +10:00
Sean Parkinson 72d1352bd6 Fix ARM builds
Need to include options.h in assembly now.
bufPt declared in block but not outside.
poly1305_block and poly1305_blocks need prototype - declaration in
wolfcrypt/src/port/arm/armv8-poly1305.c (__arch64__ only).
2020-08-10 11:59:10 +10:00
David Garske b25eccb07e Merge pull request #3203 from tmael/libwebsockets
Enable HAVE_EX_DATA for libwebsockets
2020-08-08 14:34:18 -07:00
toddouska 1724347f7a Merge pull request #3091 from julek-wolfssl/sess-serialization
Expose session serialization outside of `OPENSSL_EXTRA`
2020-08-07 15:41:27 -07:00
Tesfa Mael 6379ca8e10 libwebsockets requires *CRYPTO_EX_DATA* APIs 2020-08-06 16:29:39 -07:00
toddouska 462f4f9e45 Merge pull request #3196 from cconlon/cavpmarvell
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
2020-08-06 10:45:03 -07:00
Juliusz Sosinowicz 139a192185 Implement wolfSSL_d2i_X509_NAME 2020-08-06 15:52:11 +02:00
Chris Conlon e5e87db6aa add HAVE_EX_DATA, OPENSSL_ALL, HAVE_ALPN to enable-jni configure option 2020-08-05 15:43:26 -06:00
toddouska 8d00b015c1 Merge pull request #3182 from dgarske/configall_noold
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
2020-08-04 12:25:59 -07:00
David Garske 776b1a2d17 Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools. 2020-07-31 15:17:53 -07:00
David Garske 197c21a508 Fix for --enable-all (also used by --enable-distro) to NOT enable SSLV3 and TLS v1.0. 2020-07-31 13:54:08 -07:00
Chris Conlon c6b4fa3be3 add selftest version for newer 4.1.0 validation 2020-07-29 15:10:47 -06:00
toddouska e84defb268 Merge pull request #3044 from dgarske/sniffer_tls13
TLS v1.3 sniffer support
2020-07-24 11:46:38 -07:00
David Garske 1b051d9c5b TLS v1.3 sniffer support:
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
2020-07-17 15:22:35 -07:00
David Garske 90ee12f51a Added test case for ECC non-blocking. ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make. 2020-07-17 15:13:50 -07:00
David Garske 547144bc9c Adds ECC non-blocking sign/verify support when used with SP math. New --enable-sp=nonblock and --enable-ecc=nonblock options. Example ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock. 2020-07-17 15:13:50 -07:00
Juliusz Sosinowicz b57cf802eb Expose session serialization outside of OPENSSL_EXTRA
Use `./configure CFLAGS='-DHAVE_EXT_CACHE'` to enable session serialization without `OPENSSL_EXTRA`.
2020-06-30 20:17:21 +02:00
kaleb-himes 308562e853 configure.ac change == to = when not C code 2020-06-24 13:41:03 -06:00
toddouska 48cd6f36ff Merge pull request #2967 from dgarske/ecc_null
Fixes for ECC key import
2020-06-18 10:10:49 -07:00
David Garske 3b8455fcd0 Fix for building without ECC and DH (TLS v1.3 cannot be enabled). 2020-06-05 10:26:32 -07:00
David Garske 7879e83ae0 Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3). 2020-06-04 16:31:19 -07:00
David Garske 66fdc2c536 Disable TLS v1.3 if none of these are available "ECC, CURVE25519, CURVE448 or DH". 2020-06-04 15:31:19 -07:00
David Garske ab2afbd37b Allow the TLS 13 draft 18 build option and just use the final version. This allows the automated test scripts to pass. 2020-06-04 15:31:18 -07:00
David Garske 4d8cf5b571 Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF). 2020-06-04 15:31:18 -07:00