Commit Graph

2084 Commits

Author SHA1 Message Date
John Safranek 4b3933aa1b FIPS Revalidation
1. Enabled ECC Cofactor DH for the FIPSv2 build.
2. Updated the wolfCrypt HMAC-SHA-3 test to leave out the set of test cases that use the four-byte key in FIPS mode.
2018-05-16 15:47:12 -04:00
John Safranek 33040a25d8 FIPS Revalidation
1. Change to configure.ac to automatically enable HKDF in FIPSv2 builds.
2018-05-16 15:47:12 -04:00
John Safranek d0d2527950 FIPS Revalidation
1. Change to configure.ac to automatically enable AES-CTR in FIPSv2 builds.
2. Move the aes-ni asm file into the boundary if enabled.
3. Enable AES-ECB by default.
2018-05-16 15:47:12 -04:00
John Safranek aa968eac98 FIPS Revalidation
1. Enable SHA-224 by default if building for FIPSv2.
2018-05-16 15:47:12 -04:00
John Safranek be61204fd7 FIPS Revalidation
1. Added CMAC to the boundary.
2. Added DHE to the boundary.
2018-05-16 15:47:12 -04:00
John Safranek 6352208e04 FIPS Update
1. Add SHA-3 to the src/include.am so that it is always included in FIPSv2.
2. Tweak the SHA-3 header to follow the new FIPS pattern.
2018-05-16 15:47:12 -04:00
John Safranek 0c5d704c7f AES-CCM FIPS
1. Add new error code for the AES-CCM FIPS KAT failure.
2. When enabling FIPSv2, force enable AES-CCM.
2018-05-16 15:47:12 -04:00
toddouska 1be8a6e4ef Merge pull request #1502 from ejohnstown/update-m4
Update M4 Autoconf Files
2018-05-16 07:57:13 -07:00
John Safranek 2a4d386a50 Update ax_pthread.m4
1. Updated to the most recent copy of ax_pthread.m4.
2. Removed the darwin-clang check m4.
3. Added a check to see if AX_PTHREAD added the flag `-Qunused-arguments` for clang and if so prepend `-Xcompiler` so libtool will use it. Otherwise when building on Sierra's clang you get "soft" warnings on the build of the dylib.
2018-05-11 10:21:47 -07:00
Sean Parkinson 27c3a70e13 Allow building TLS 1.3 at draft 26 2018-05-01 15:19:18 +10:00
Brian Aker 3179d6ce2b Adding Copyright notice to autoconf files. 2018-04-14 22:30:02 -10:00
David Garske ce6728951f Added a new --enable-opensslall option, which ensures all openssl features are enabled. Documented and tested building the various open source defines we support in our build. 2018-04-11 13:54:07 -07:00
David Garske 689203d310 Added some more features to the --enable-all. Added new --enable-webclient option. 2018-04-11 13:54:07 -07:00
David Garske 6de8348918 Fixes for various build configurations. Added --enable-enckeys option to enable support for encrypted PEM private keys using password callback without having to use opensslextra. Moved ASN CryptKey function to wc_encrypt.c as wc_CryptKey. Fixup some missing heap args on XMALLOC/XFREE in asn.c. 2018-04-09 13:28:15 -07:00
toddouska 2deb977ecf Merge pull request #1473 from dgarske/pkcs7_norsa
Enabled PKCS7 support without RSA
2018-04-04 10:33:11 -07:00
David Garske c288d0815d Added support for building and using PKCS7 without RSA (assuming ECC is enabled). 2018-04-03 09:26:57 -07:00
David Garske 0c898f513d Nitrox V fixes and additions:
* Added support for ECC, AES-GCM and HMAC (SHA-224 and SHA3).
* Fixes for Nitrox V with TLS.
* ECC refactor for so key based `r` and `s` apply only when building with `WOLFSSL_ASYNC_CRYPT`.
* ECC refactor for `e` and `signK` to use key based pointer for Nitrox V.
* Improved the Nitrox V HMAC to use start, update and final API's instead of caching updates.
* Fix for Intel QuickAssist with unsupported HMAC hash algos using `IntelQaHmacGetType` (such as SHA3).
* Added new API `wc_mp_to_bigint_sz` to zero pad unsigned bin.
* Fix for AES GCM to gate HW use based on IV len in aes.c and remove the gate in test.c.
* Implemented workaround to use software for AES GCM Nitrox V hardware and 13 byte AAD length for TLS.
* New debug option `WOLFSSL_NITROX_DEBUG` to add pending count.
2018-04-03 09:14:20 -07:00
John Safranek e59bb43878 Configure Update
Revise default compiler optimization flags enable name to something more descriptive.
2018-03-28 13:19:46 -07:00
John Safranek e6a19bb1e8 Configure Update
Add a disable option to turn off the default optimization options so the user may set their own in a CFLAGS.
2018-03-27 16:41:39 -07:00
John Safranek 477d2413cd Configure Update
1. Initialize CXXFLAGS (C++ compiler flags) the same way we do CFLAGS.
2. Add CPPFLAGS (C preprocessor flags) to the options.h file with the other CFLAGS.
2018-03-27 10:23:44 -07:00
David Garske 3bf325290d Base16/64 improvements:
* Add define `WOLFSSL_BASE16` to explicitly expose base16 support.
* Add `./configure --enable-base16` option (disabled by default in configure, but enabled in coding.h when required internally).
* Added base16 tests in test.c `base16_test`.
* Enabled base64 decode tests when `WOLFSSL_BASE64_ENCODE` is not defined.
2018-03-22 10:36:56 -07:00
Chris Conlon 2989c73411 Merge pull request #1447 from JacobBarthelmeh/PKCS7
remove pkcs7 requirement of x963kdf when ecc is disabled
2018-03-22 10:01:55 -06:00
toddouska 2a356228be Merge pull request #1445 from SparkiDev/wpas_fix
Fixes for wpa_supplicant
2018-03-21 15:11:43 -07:00
Jacob Barthelmeh 467608b6c9 remove pkcs7 requirement of x963kdf when ecc is disabled 2018-03-19 10:08:46 -06:00
Sean Parkinson bd53d7ba59 TLS v1.3 support for Draft 23 and Draft 27
Draft 24: Second ClientHello usees version 0x0303 - no change.
Draft 25: The record layer header is now additional authentication data to
encryption.
Draft 26: Disallow SupportedVersion being used in ServerHello for
negotiating below TLS v1.3.
Draft 27: Older versions can be negotiated (by exclusion of 0x0304) in
SupportedVersion - no change.
2018-03-19 16:15:02 +10:00
Sean Parkinson b325e0ff91 Fixes for wpa_supplicant 2018-03-19 11:46:38 +10:00
David Garske 8edbca1b21 Enable ECC for all platforms by default. For aarch64 enable SHA512, SHA224, SHA3 and FastMath by default. 2018-03-07 09:41:07 -08:00
Sean Parkinson 89182f5ca9 Add assembly code for ARM and 64-bit ARM
Split out different implementations into separate file.
Turn on SP asm by configuring with: --enable-sp-asm
Changed small ASM code for ECC on x86_64 to be smaller and slower.
2018-03-07 11:57:09 +10:00
Jacob Barthelmeh 922d65d97c bump version to 3.14.0 2018-03-02 12:31:41 -07:00
toddouska 73dbc8f6e7 Merge pull request #1395 from JacobBarthelmeh/Certs
Add support for writing multiple OUs, DCs and for writing a unique EKU OID
2018-02-26 08:39:58 -08:00
toddouska 22e55e72c1 Merge pull request #1394 from cconlon/selftest
Add CAVP-only Self Test for special build
2018-02-23 15:50:06 -08:00
Jacob Barthelmeh 453aa16e8d Add support for writing multiple OUs, DCs and for writing a unique EKU OID 2018-02-23 10:46:26 -07:00
Chris Conlon ad53037852 add CAVP selftest option for special build 2018-02-23 10:14:56 -07:00
JacobBarthelmeh 89390180a0 Merge branch 'master' into Compatibility-Layer 2018-02-22 15:24:31 -07:00
Sean Parkinson d09f26a69f Support indefinite length BER encodings in PKCS #7 2018-02-21 08:29:50 +10:00
Jacob Barthelmeh c9525d9c1d add opensslextra=x509small build option 2018-02-19 17:32:39 -07:00
Jacob Barthelmeh 165059226e add HAVE_AES_ECB to enable all build 2018-02-16 17:06:26 -07:00
Jacob Barthelmeh f569645212 add wolfSSL_SHA256 function 2018-02-16 16:57:45 -07:00
David Garske 9ff97997a6 Merge pull request #1360 from SparkiDev/sp_math
Minimal implementation of MP when using SP.
2018-02-14 15:49:23 -08:00
toddouska 4d04f0951c Merge pull request #1363 from SparkiDev/tls13_draft23
Support TLS v1.3 Draft 23
2018-02-13 11:39:53 -08:00
Sean Parkinson 9a0c822582 Support TLS v1.3 Draft 23
Change KeyShare number.
Support SignatureAlgorithmsCert extension - nothing done with
information as only one chain supported on server.
Compiling for Draft 22 supported: --enable-tls-draft22
Compiling for Draft 18 still supported.
2018-02-09 10:42:15 +10:00
Sean Parkinson a3a4f2d59c Minimal implementation of MP when using SP.
--enable-sp-math to include minimal implementation of MP (only with
--enable-sp.)
Add futher functionality for ECC (conditionally compiled):
- check key
- is point on curve
- API to add and double projective points
- API to map from project to affine
- Uncompress point (including sqrt)
Some configuration options will not work with SP math - configure.ac
detects this and errors out.
Change test code to better support SP sizes only.
2018-02-08 15:50:17 +10:00
David Garske 3e05118995 * Added the tls_bench example to the build output when threading is supported.
* Fixed some `tls_bench` build issues with various configure options.
* Moved the `WOLFSSL_PACK` and `WC_NORETURN` macros into types.h.
* Added support for `__builtin_bswap32` and `__builtin_bswap64`. Since the performance of the builtins varries by platform its off by default, but can be enabled by customer using `WOLF_ALLOW_BUILTIN`. Quick check on x86 showed the 32-bit swap performance matched, but 64-bit swap was slower.
2018-02-07 11:13:13 -08:00
toddouska 2efe7f6d96 Merge pull request #1319 from JacobBarthelmeh/Compatibility-Layer-Part5
Compatibility layer part4
2018-01-19 14:49:12 -08:00
Jacob Barthelmeh 025ba1445e add WOLFSSL_VERIFY_CB_ALL_CERTS macro 2018-01-18 18:26:32 -07:00
kaleb-himes ed95fca448 Add status of inline configure option to feature output 2018-01-17 14:20:49 -07:00
toddouska 54acc2df51 Merge pull request #1318 from SparkiDev/tls13_draft22
Changes for TLS v1.3 Draft 22
2018-01-17 11:22:50 -08:00
dgarske 2dc60b9e01 Merge pull request #1321 from SparkiDev/fe_init_small_fix
Fix fe_init implementation to appear for small Ed25519
2018-01-17 08:30:13 -08:00
Sean Parkinson c09d972012 Fix fe_init implementation to appear for small Ed25519 2018-01-17 11:34:22 +10:00
Sean Parkinson 5f14de33e7 Changes for TLS v1.3 Draft 22
Middlebox compatibility available too.
2018-01-17 09:38:11 +10:00