Commit Graph

2084 Commits

Author SHA1 Message Date
David Garske 093d9981fb Disable fast-rsa if RSA PSS is enabled (not supported). 2020-06-04 15:31:18 -07:00
David Garske cd1c2d5fae Enable TLS v1.3 by default. Remove old TLS v1.3 draft build support. 2020-06-04 15:31:18 -07:00
David Garske ca9dc7d509 Fix for wc_ecc_import_unsigned failing if first private key byte is zero (Fixes #2950). Fix wc_ecc_is_point to return better code IS_POINT_E on failure (was returning -1). Improved ECC import API unit tests. Added WOLFSSL_VALIDATE_ECC_IMPORT and WOLFSSL_VALIDATE_ECC_KEYGEN to --enable-all. 2020-06-04 15:25:56 -07:00
toddouska 23d1550439 Merge pull request #2989 from julek-wolfssl/openvpn
Additional OpenSSL compat layer stuff
2020-06-04 11:57:55 -07:00
Chris Conlon cafcaa4181 enable SNI by default for JNI/JSSE build 2020-06-03 14:24:10 -06:00
John Safranek 19fba3648c Bump Patch Version
1. Increase the patch level of the version number in configure.ac.
2. Added a template for the next version in ChangeLog.md.
3. Bumped version.h.
2020-05-27 10:11:58 -07:00
Juliusz Sosinowicz 4a85bf8108 Additional OpenSSL compat layer stuff
- Add X509_get0_notBefore and X509_get0_notAfter
- Implement EVP_PKEY_get0_DSA and DSA_bits
- OpenSSL_version now prints "wolfSSL $VERSION"
- Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol
2020-05-20 16:55:16 +02:00
toddouska 6c9a0e440e Merge pull request #2959 from dgarske/wpas_tiny
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
David Garske 10aa8a4ffc Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size. 2020-05-08 13:38:26 -07:00
Juliusz Sosinowicz b5886e0e37 Add option --enable-ip-alt-name
This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
2020-05-08 13:20:24 +02:00
Juliusz Sosinowicz 01a6dded72 Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
2020-04-27 15:52:01 +02:00
John Safranek 27011ff7ff Release Rollup
1. Update configure with the new version.
2. Update the ChangeLog.
3. Update the readme.
2020-04-21 10:21:53 -07:00
Juliusz Sosinowicz 89f7a51838 Add option to enable DPP support in wpa_supplicant (note DPP not yet supported as of this commit) 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 18093a6b0b Code review changes
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 73b4d78d5b Added partial support for wpa_supplicant, hostapd, and cjose:
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
Sean Parkinson 416f0775d3 Merge pull request #2900 from dgarske/sp_no_malloc
Added option to build SP small without malloc
2020-04-14 09:40:11 +10:00
toddouska ee0289bea6 Merge pull request #2825 from julek-wolfssl/self-include-options
OpenVPN changes
2020-04-13 13:11:18 -07:00
David Garske d412ccb6f8 Added new option WOLFSSL_SP_NO_MALLOC for building small SP without malloc. Added SP documentation. Added ./configure --enable-sp=yes,nomalloc supprt. https://github.com/wolfSSL/scripts/pull/79 2020-04-10 11:13:55 -07:00
John Safranek 7a6de91296 Omit -fomit-frame-pointer from CFLAGS. 2020-04-08 14:06:11 -07:00
Juliusz Sosinowicz 48e40fac2b OpenVPN changes
Include <wolfssl/options.h> in settings.h for OpenVPN
Additional API fixes
2020-04-02 20:23:13 +02:00
Sean Parkinson e17e064ce2 Allow setting of MTU in DTLS 2020-03-18 12:36:11 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
toddouska 1288c6b249 Merge pull request #2809 from dgarske/conf_usersettings
Fix to enable inclusion of all .c files when using `--enable-usersettings`
2020-02-27 12:10:07 -08:00
toddouska eddf4abf8e Merge pull request #2775 from embhorn/api_port
openSSL compatibility API for EVP, BIO, and SSL_SESSION
2020-02-27 11:51:21 -08:00
David Garske 0f188be892 Merge pull request #2805 from ejohnstown/update-config
configure
2020-02-21 09:35:52 -08:00
Jacob Barthelmeh e837894578 add AES-OFB mode 2020-02-20 17:28:32 -06:00
David Garske baace2c0e3 Fix to enable inclusion of all .c files when using the --enable-usersettings option. 2020-02-19 11:58:33 -08:00
John Safranek 9953f2d01d 1. Remove duplicate AM_CONDITIONAL statments from configure.ac.
2. Update copyright year in configure.ac.
2020-02-18 16:16:59 -08:00
Juliusz Sosinowicz ab56d078a4 keygen-moduli passed
Handle trailing newlines in wolfSSL_BN_hex2bn
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz b5c52d7c70 openssh WIP and some light refactoring 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 41de1bb156 WIP 2020-02-18 21:36:26 +01:00
Sean Parkinson 8972bf6278 Add support for P384 curve into SP 2020-02-17 15:46:34 +10:00
Juliusz Sosinowicz 044ad957e5 Add --enable-openvpn build option 2020-01-28 15:29:24 +01:00
John Safranek f2db85c07c Deprecate some configure flags
1. Add C_EXTRA_FLAGS and C_FLAGS to CFLAGS.
2. Remove the cached copied of C_EXTRA_FLAGS and C_FLAGS.
3. The option.h is set only on CFLAGS, CPPFLAGS, and the AM_ versions.
2020-01-22 14:26:16 -08:00
JacobBarthelmeh 6b4551c012 Merge pull request #2654 from cariepointer/qt-512-513
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn 8580bd9937 CertManager verify callback
Execute verify callback from wolfSSL_CertManagerLoadCA
2019-12-26 09:29:03 -06:00
Jacob Barthelmeh 5675a2b3c5 prepare for release v4.3.0 2019-12-20 08:43:34 -07:00
toddouska f81ce71c25 Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer
add --disable-errorqueue option
2019-12-17 16:37:02 -08:00
John Safranek 0348123261 Maintenance: Configure
1. Remove some redundant AM_CONDITIONAL macros checking for OCSP and CRL.
2. Moved the AM_CONDITIONAL macro setting BUILD_PKCS12 to the other AM_CONDITIONALS.
2019-12-13 15:02:03 -08:00
Jacob Barthelmeh 2e5258fe15 add --disable-errorqueue option 2019-12-11 11:19:58 -07:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
toddouska e6292eca9c Merge pull request #2597 from ejohnstown/octeon-global
Sync OCTEON Sniffer
2019-11-18 17:06:30 -08:00
toddouska 7a5c8f4e07 Merge pull request #2584 from SparkiDev/sp_rsa4096
SP now has support for RSA/DH 4096-bit operations
2019-11-18 15:38:47 -08:00
John Safranek 604219f2fc Sync OCTEON fix
1. For OCTEON builds, leave out the "-DCVMX_BUILD_FOR_LINUX_HOST" option
from CFLAGS by default so it makes standalone host builds.
2. Add a check of the variable OCTEON_HOST for linux to add back in the
"-DCVMX_BUILD_FOR_LINUX_HOST" to CFLAGS.
2019-11-14 14:21:44 -08:00
David Garske af142b307b Support for WebRTC (ref m79):
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
2019-11-13 12:34:33 -08:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
Chris Conlon 98a2322dd9 Merge pull request #2525 from tmael/open_coexist
Raise an error when opensslcoexist option is used with openssl[all][extra]
2019-11-01 11:32:46 -06:00
toddouska fca0705a0b Merge pull request #2526 from aaronjense/libwebsockets-build-fix
libwebsockets build fixes
2019-10-31 13:05:46 -07:00