Commit Graph

835 Commits

Author SHA1 Message Date
David Garske ab2afbd37b Allow the TLS 13 draft 18 build option and just use the final version. This allows the automated test scripts to pass. 2020-06-04 15:31:18 -07:00
David Garske 4d8cf5b571 Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF). 2020-06-04 15:31:18 -07:00
David Garske 093d9981fb Disable fast-rsa if RSA PSS is enabled (not supported). 2020-06-04 15:31:18 -07:00
David Garske cd1c2d5fae Enable TLS v1.3 by default. Remove old TLS v1.3 draft build support. 2020-06-04 15:31:18 -07:00
toddouska 23d1550439 Merge pull request #2989 from julek-wolfssl/openvpn
Additional OpenSSL compat layer stuff
2020-06-04 11:57:55 -07:00
Chris Conlon cafcaa4181 enable SNI by default for JNI/JSSE build 2020-06-03 14:24:10 -06:00
John Safranek 19fba3648c Bump Patch Version
1. Increase the patch level of the version number in configure.ac.
2. Added a template for the next version in ChangeLog.md.
3. Bumped version.h.
2020-05-27 10:11:58 -07:00
Juliusz Sosinowicz 4a85bf8108 Additional OpenSSL compat layer stuff
- Add X509_get0_notBefore and X509_get0_notAfter
- Implement EVP_PKEY_get0_DSA and DSA_bits
- OpenSSL_version now prints "wolfSSL $VERSION"
- Remove define guards in `wolfSSL_internal_get_version` as all protocols are defined regardless in `wolfssl/internal.h`and this function just returns the string description of the protocol
2020-05-20 16:55:16 +02:00
toddouska 6c9a0e440e Merge pull request #2959 from dgarske/wpas_tiny
Added wpa_supplicant support with reduced code size option
2020-05-11 08:55:22 -07:00
David Garske 10aa8a4ffc Added support --enable-wpas=small for reduced code size when building against the WPA supplicant with EAP-TLS. This does not use OPENSSL_EXTRA, which helps reduce code size. 2020-05-08 13:38:26 -07:00
Juliusz Sosinowicz b5886e0e37 Add option --enable-ip-alt-name
This commit adds the configure option `--enable-ip-alt-name` that enables support for the IP alternative subject name parsing in `wolfcrypt/src/asn.c:DecodeAltNames`.
2020-05-08 13:20:24 +02:00
Juliusz Sosinowicz 01a6dded72 Fix AES-GCM in EVP layer to have compatiblity with OpenSSL
- Tag checking in AES-GCM is done in Final call
- Reset `WOLFSSL_EVP_CIPHER_CTX` structure after Final call
- Don't zero `ctx->authTag` struct in Init call so that user can get the AES-GCM tag using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_GET_TAG, AES_BLOCK_SIZE, tag)`
- `ctx->authTag` is only zeroed before authenticated, non-confidential data Update call since this means we are entering a new Udate-Final cycle. This doesn't need to be done in the decrypt case since the tag should be supplied by the user before the final call using `EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_GCM_SET_TAG, AES_BLOCK_SIZE, tag)`
2020-04-27 15:52:01 +02:00
John Safranek 27011ff7ff Release Rollup
1. Update configure with the new version.
2. Update the ChangeLog.
3. Update the readme.
2020-04-21 10:21:53 -07:00
Juliusz Sosinowicz 89f7a51838 Add option to enable DPP support in wpa_supplicant (note DPP not yet supported as of this commit) 2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 18093a6b0b Code review changes
- Don't include `ENABLED_OPENSSLALL` with `ENABLED_WPAS`
- Return length in `wolfSSL_i2d_DHparams`
- Implement `wolfSSL_EC_POINT_mul` with independent multiplication and addition if `ECC_SHAMIR` not defined
- Implment `ASN1_SIMPLE` without `offsetof` by using a dummy struct
- Style fixes
2020-04-14 11:48:14 +02:00
Juliusz Sosinowicz 73b4d78d5b Added partial support for wpa_supplicant, hostapd, and cjose:
- Moved `SetECKeyInternal` and `SetECKeyExternal` to `internal.h` to allow usage outside of `ssl.c`
- Added `asn1t.h`
- Implemented the `IMPLEMENT_ASN1_FUNCTIONS` macro for a small subset of ASN1 tags
-- So far only `X509_ALGOR` and `ASN1_BIT_STRING` are supported
- Implemented `BN_mod_add` function
- Allow for setting of `EC_KEY` export form through EC_KEY_set_conv_form
- Implemented `i2o_ECPublicKey`
- Implemented `EC_POINT_copy`
- Implemented deriving DH and ECDH keys in `EVP_PKEY_CTX`. Functions added:
-- `EVP_PKEY_derive_init`
-- `EVP_PKEY_derive_set_peer`
-- `EVP_PKEY_derive`
- Implemented `EVP_PKEY_get0_DH`
- Implemented `X509_ALGOR_new`
- Implemented `X509_ALGOR_free`
- Implemented `X509_ALGOR_set0`
- Implemented `X509_PUBKEY_new`
- Implemented `X509_PUBKEY_free`
- Implemented `X509_PUBKEY_set`
- Implemented `RSA_padding_add_PKCS1_PSS`
- Implemented `RSA_verify_PKCS1_PSS`
- Changed second parameter of `wolfSSL_d2i_PUBKEY` to be constant
- Corrected long names in `asn.h`
- Added `wc_ecc_get_generator` as a way to get the generator point of a curve
- Added `wc_ecc_export_point_der_ex` to export an ECC point in compressed or uncompressed format with one API
- Added `wc_ecc_export_point_der_compressed` to export a point in an `ecc_point` structure in compressed DER format
- Added 'wc_RsaSSL_Verify_ex` which adds the option to choose a padding type
- Added `wc_RsaPad_ex` and `wc_RsaUnPad_ex` to `rsa.h` as `WOLFSSL_LOCAL` functions
- `CopyDecodedToX509` now fills `x509->key` and `x509->algor` when populating x509
- `wolfSSL_EVP_CipherInit` now uses `wc_AesGcmSetExtIV` to set the IV so that it is copied to `ctx->iv` by `wolfSSL_StoreExternalIV`
- Added error checking to `wolfSSL_EVP_PKEY_get_der`
- `wolfSSL_X509_ALGOR_get0` now attempts to return something in all parameters
- Refactored `wolfSSL_EC_KEY_new` to use `*_new` functions when available
- Added `setupPoint` to set the internal point if not yet set
- Always set external point in `wolfSSL_ECPoint_d2i`
- Added compressed point support to `wolfSSL_EC_POINT_point2oct`
- Fix `wolfSSL_EC_POINT_mul` so that it will calculate the full `generator * n + q * m` then OpenSSL does
- Added `WOLFSSL_RSA_GetRNG` helper function to get a `WC_RNG` from `WOLFSSL_RSA`
- Correct short names in `wolfssl_object_info`
- Added all currently supported curves to `wolfssl_object_info`
- Added `oidCurveType` to `oid2nid`
- Add more padding types to `wolfSSL_RSA_public_decrypt`
- Fix `keysize` in `wc_ecc_import_point_der`
- Added tests for new additions
2020-04-14 11:45:32 +02:00
Sean Parkinson 416f0775d3 Merge pull request #2900 from dgarske/sp_no_malloc
Added option to build SP small without malloc
2020-04-14 09:40:11 +10:00
toddouska ee0289bea6 Merge pull request #2825 from julek-wolfssl/self-include-options
OpenVPN changes
2020-04-13 13:11:18 -07:00
David Garske d412ccb6f8 Added new option WOLFSSL_SP_NO_MALLOC for building small SP without malloc. Added SP documentation. Added ./configure --enable-sp=yes,nomalloc supprt. https://github.com/wolfSSL/scripts/pull/79 2020-04-10 11:13:55 -07:00
John Safranek 7a6de91296 Omit -fomit-frame-pointer from CFLAGS. 2020-04-08 14:06:11 -07:00
Juliusz Sosinowicz 48e40fac2b OpenVPN changes
Include <wolfssl/options.h> in settings.h for OpenVPN
Additional API fixes
2020-04-02 20:23:13 +02:00
Sean Parkinson e17e064ce2 Allow setting of MTU in DTLS 2020-03-18 12:36:11 +10:00
Sean Parkinson 2c6eb7cb39 Add Curve448, X448, Ed448 implementations 2020-02-28 09:30:45 +10:00
toddouska 1288c6b249 Merge pull request #2809 from dgarske/conf_usersettings
Fix to enable inclusion of all .c files when using `--enable-usersettings`
2020-02-27 12:10:07 -08:00
toddouska eddf4abf8e Merge pull request #2775 from embhorn/api_port
openSSL compatibility API for EVP, BIO, and SSL_SESSION
2020-02-27 11:51:21 -08:00
David Garske 0f188be892 Merge pull request #2805 from ejohnstown/update-config
configure
2020-02-21 09:35:52 -08:00
Jacob Barthelmeh e837894578 add AES-OFB mode 2020-02-20 17:28:32 -06:00
David Garske baace2c0e3 Fix to enable inclusion of all .c files when using the --enable-usersettings option. 2020-02-19 11:58:33 -08:00
John Safranek 9953f2d01d 1. Remove duplicate AM_CONDITIONAL statments from configure.ac.
2. Update copyright year in configure.ac.
2020-02-18 16:16:59 -08:00
Juliusz Sosinowicz ab56d078a4 keygen-moduli passed
Handle trailing newlines in wolfSSL_BN_hex2bn
2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz b5c52d7c70 openssh WIP and some light refactoring 2020-02-18 21:37:06 +01:00
Juliusz Sosinowicz 41de1bb156 WIP 2020-02-18 21:36:26 +01:00
Sean Parkinson 8972bf6278 Add support for P384 curve into SP 2020-02-17 15:46:34 +10:00
Juliusz Sosinowicz 044ad957e5 Add --enable-openvpn build option 2020-01-28 15:29:24 +01:00
John Safranek f2db85c07c Deprecate some configure flags
1. Add C_EXTRA_FLAGS and C_FLAGS to CFLAGS.
2. Remove the cached copied of C_EXTRA_FLAGS and C_FLAGS.
3. The option.h is set only on CFLAGS, CPPFLAGS, and the AM_ versions.
2020-01-22 14:26:16 -08:00
JacobBarthelmeh 6b4551c012 Merge pull request #2654 from cariepointer/qt-512-513
Add Qt 5.12 and 5.13 support
2020-01-10 17:34:23 -07:00
Carie Pointer 28cf563c76 Fixes from PR review: styling and formatting, remove duplicate code 2020-01-07 17:01:53 -07:00
Chris Conlon 45c5a2d39c update copyright to 2020 2020-01-03 15:06:03 -08:00
Eric Blankenhorn 8580bd9937 CertManager verify callback
Execute verify callback from wolfSSL_CertManagerLoadCA
2019-12-26 09:29:03 -06:00
Jacob Barthelmeh 5675a2b3c5 prepare for release v4.3.0 2019-12-20 08:43:34 -07:00
toddouska f81ce71c25 Merge pull request #2660 from JacobBarthelmeh/Compatibility-Layer
add --disable-errorqueue option
2019-12-17 16:37:02 -08:00
John Safranek 0348123261 Maintenance: Configure
1. Remove some redundant AM_CONDITIONAL macros checking for OCSP and CRL.
2. Moved the AM_CONDITIONAL macro setting BUILD_PKCS12 to the other AM_CONDITIONALS.
2019-12-13 15:02:03 -08:00
Jacob Barthelmeh 2e5258fe15 add --disable-errorqueue option 2019-12-11 11:19:58 -07:00
Carie Pointer ee13dfd878 Add Qt 5.12 and 5.13 support
Co-Authored-By: aaronjense <aaron@wolfssl.com>
Co-Authored-By: MJSPollard <mpollard@wolfssl.com>
Co-Authored-By: Quinn Miller <quinnmiller1997@users.noreply.github.com>
Co-Authored-By: Tim Parrish <timparrish@users.noreply.github.com>
2019-12-06 14:27:01 -07:00
toddouska e6292eca9c Merge pull request #2597 from ejohnstown/octeon-global
Sync OCTEON Sniffer
2019-11-18 17:06:30 -08:00
toddouska 7a5c8f4e07 Merge pull request #2584 from SparkiDev/sp_rsa4096
SP now has support for RSA/DH 4096-bit operations
2019-11-18 15:38:47 -08:00
John Safranek 604219f2fc Sync OCTEON fix
1. For OCTEON builds, leave out the "-DCVMX_BUILD_FOR_LINUX_HOST" option
from CFLAGS by default so it makes standalone host builds.
2. Add a check of the variable OCTEON_HOST for linux to add back in the
"-DCVMX_BUILD_FOR_LINUX_HOST" to CFLAGS.
2019-11-14 14:21:44 -08:00
David Garske af142b307b Support for WebRTC (ref m79):
* Fixed `set1_curves_list` API's to use `const char*` for names.
* Fixed `ossl_typ.h` to include `ssl.h` compatibility.
* Added `SSL_CTX_up_ref`.
* Added `wolfSSL_set1_curves_list`
* Added `TLS_method` and `DTLS_method`
* Added `SSL_CIPHER_standard_name`.
* Added `X509_STORE_CTX_get0_cert`
* Added `SSL_CTX_set_cert_verify_callback`.
* Enabled "either" side support when `--enable-opensslall` is used.
* Changed `SSL_CIPHER_get_rfc_name` to use `wolfSSL_CIPHER_get_name` instead of stub.
2019-11-13 12:34:33 -08:00
Sean Parkinson 5221c082f1 SP now has support for RSA/DH 4096-bit operations 2019-11-12 12:04:06 +10:00
Chris Conlon 98a2322dd9 Merge pull request #2525 from tmael/open_coexist
Raise an error when opensslcoexist option is used with openssl[all][extra]
2019-11-01 11:32:46 -06:00