mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,552 Commits 5 Branches 162 Tags
Commit Graph

994 Commits

Author SHA1 Message Date
David Garske
4d8068a328
Merge pull request #3813 from douzzer/configure-autotools-boilerplate-at-the-top 
configure.ac: put autotools boilerplate at the top
 2021-03-02 09:22:09 -08:00
Sean Parkinson
d805a5c681 SP int: get keygen working with SP math again 
./configure --enable-sp --enable-sp-math --enable-keygen
 2021-02-25 10:01:27 +10:00
Daniel Pouzzner
9be1e74dc3 configure.ac: move the autotools boilerplate/initializations back to the top, before --enable-distro and --enable-reproducible-build handling. 2021-02-24 17:04:33 -06:00
Daniel Pouzzner
c201b6801c
Merge pull request #3808 from lechner/enable-base64-with-all 
Enable Base64 as part of --enable-all.
 2021-02-24 14:39:20 -06:00
Daniel Pouzzner
764207a9f5
Merge pull request #3806 from elms/autoconf/oot_fips_check 
configure: fix for FIPS out-of-tree builds
 2021-02-24 14:38:26 -06:00
toddouska
94a23c1d48
Merge pull request #3646 from julek-wolfssl/nginx-1.19.6 
Add support for Nginx 1.19.6
 2021-02-24 12:21:51 -08:00
Elms
36ba2e134b configure: FIPS error and compatability cleanup 
Use autotools macros for case and if. Simplify validation logic.
 2021-02-24 08:53:50 -08:00
Felix Lechner
ae28550667 Enable Base64 as part of --enable-all. 
Part of an effort to standardize build options across distributions.

When building with all options, this includes Base64, a feature that
was requested in the past.

This commit passed Debian's Salsa CI pipeline [1] as part of a larger
commit streamlining the build options for distributions. [2]

A related pull request by douzzer activated reproducible builds for
distributions by default. [3]

Thanks to David Garske for his generous contributions to this commit!

[1] https://salsa.debian.org/lechner/wolfssl/-/pipelines/233601
[2] https://salsa.debian.org/lechner/wolfssl/-/blob/debian/master/debian/patches/standardize-distro-options.patch
[3] e30b3d3554
 2021-02-23 19:46:56 -08:00
Daniel Pouzzner
9dadd02fb9 configure.ac move --enable-distro handling to top (preceding --enable-reproducible-build handling), and turn on reproducible-build by default when enable-distro; fix spelling error in reproducible-build help text. 2021-02-23 17:05:44 -06:00
Elms
47872224d8 configure: fix for FIPS out-of-tree builds 
Check for fips files relative to source directory.
 2021-02-23 14:17:35 -08:00
JacobBarthelmeh
0dfdf92ff7
Merge pull request #3784 from elms/cmake_curve_ed 
configure: ED448 to enable SHA3 and SHAKE256 properly
 2021-02-24 03:20:38 +07:00
toddouska
5eba89c3ca
Merge pull request #3742 from julek-wolfssl/error-queue-per-thread 
Add --enable-error-queue-per-thread
 2021-02-23 12:02:16 -08:00
Elms
c4d2e7cfdb configure: split SHA3 and SHAKE256 to work with ED448 
Define flags and defaults early, but set CFLAGS later to allow
override.
 2021-02-22 10:14:21 -08:00
Elms
31d3dfdd4d configure: ED448 to enable SHA3 and SHAKE256 properly 
SHA3 and SHAKE256 are required for ED448, but were potentially
overwritten after being set when ED448, specifically others than
x86_64/aarch64
 2021-02-19 13:18:52 -08:00
Jacob Barthelmeh
5f3ee2985c bump version for development bundles 2021-02-16 23:57:47 +07:00
Juliusz Sosinowicz
b8f841599c Add --enable-error-queue-per-thread 2021-02-16 16:08:13 +01:00
Juliusz Sosinowicz
9a1e54cfd5 Nginx 1.19.6 Fixes 2021-02-16 14:25:45 +01:00
Jacob Barthelmeh
847938f4d6 prepare for release v4.7.0 2021-02-16 02:41:37 +07:00
David Garske
98b5900266 Revert of changes in PR #3289, which should not have removed the HAVE_SECRET_CALLBACK and WOLFSSL_PUBLIC_ECC_ADD_DBL. These are required for hostapd. 2021-02-12 14:11:17 -08:00
toddouska
d40ea03621
Merge pull request #3703 from SparkiDev/sp_int_malloc 
SP int: Rework allocation of temporaries
 2021-02-11 13:49:45 -08:00
toddouska
39cb84de25
Merge pull request #3697 from julek-wolfssl/openvpn-2.5-missing-stuff 
OpenVPN master additions
 2021-02-11 08:56:45 -08:00
Daniel Pouzzner
d64315a951 configure.ac: add --enable-reproducible-build: put ar and ranlib in deterministic mode, and leave LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS out of the generated config.h. relates to PR #3417 . 2021-02-11 00:12:05 -06:00
Sean Parkinson
b330196c28 SP int: Rework allocation of temporaries 
Allocate only as much is as needed.
Use macros to simplify code.
Don't use an sp_int if you can use an array of 'sp_int_digit's.
 2021-02-11 10:34:40 +10:00
toddouska
67b1280bbf
Merge pull request #3545 from kabuobeid/smime 
Added support for reading S/MIME messages via SMIME_read_PKCS7.
 2021-02-10 15:59:32 -08:00
David Garske
47d5f6f624
Merge pull request #3714 from SparkiDev/sp_int_rsavfy 2021-02-09 07:28:40 -08:00
Kareem Abuobeid
a4e819c60a Added support for reading S/MIME messages via SMIME_read_PKCS7. 2021-02-08 17:14:37 -07:00
Sean Parkinson
763f388471 SP int: get rsavfy and rsapub working again 2021-02-09 09:58:23 +10:00
Elms
c17597a4fb build: arbitrary path for make check 
To support builds in other directories, unit.test and wolfcrypt test
must be aware of the source and build directory.
 2021-02-05 12:10:32 -08:00
Juliusz Sosinowicz
46821196ab Fix call to wolfSSL_connect when in wolfSSL_connect_TLSv13 
If a client is:
- TLS 1.3 capable
- calls connect with wolfSSL_connect_TLSv13
- on an WOLFSSL object that allows downgrading
then the call to wolfSSL_connect should happen before changing state to HELLO_AGAIN. Otherwise wolfSSL_connect will assume that messages up to ServerHelloDone have been read (when in reality only ServerHello had been read).

Enable keying material for OpenVPN
 2021-02-02 12:06:11 +01:00
Juliusz Sosinowicz
c18701ebe7 Implement RFC 5705: Keying Material Exporters for TLS 2021-02-02 12:06:11 +01:00
Daniel Pouzzner
0f6ae330da wolfcrypt: smallstack refactors of AES code for lkm compatibility with --enable-aesgcm=table. 2021-01-28 22:51:28 -06:00
Daniel Pouzzner
a89087ed2d configure.ac: check compatibility of chosen FIPS option with the source tree, for early prevention of accidental attempts to build FIPS with non-FIPS source, or non-FIPS with FIPS source. 2021-01-25 17:56:28 -06:00
toddouska
5a7e79cbfd
Merge pull request #3632 from SparkiDev/all_not_tls13_fix 
Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only op…
 2021-01-18 13:37:34 -08:00
John Safranek
d4e13796c2
M1 Support 
We separate out 64-bit desktop support based on the Intel check. With
the advent of the new Apple chip, ARM can also be a desktop processor.
Detect it like we do the Intel 64-bit, and treat it similarly with
respect to fast and normal math.
 2021-01-06 09:21:07 -08:00
Sean Parkinson
fa86c1aa91 Configuration: enable all, disable TLS 1.3 - turn off TLS 1.3 only options 
configuration: --enable-all --disable-tls13
Post-handshake authentication and HRR cookie are enable with
'--enable-all' but disabling TLS 1.3 caused configure to fail.
Don't enable these TLS 1.3 only options when TLS 1.3 is disabled.

Also fix up tests that don't work without TLS 1.3 enabled.
 2021-01-06 14:19:57 +10:00
Daniel Pouzzner
3d88676ff1 test.c: add WOLFSSL_TEST_SUBROUTINE macro to qualify all previously global subtest handlers, defaulting to the empty string. this restores the version<=4.5 test.c namespace allowing end users to call the tests directly piecemeal. --enable-linuxkm[-defaults] sets -DWOLFSSL_TEST_SUBROUTINE=static for extra namespace hygiene. 2020-12-30 16:12:08 -06:00
elms
4280861af0
Merge pull request #3591 from dgarske/wolftpm 
Added helper configure option '--enable-wolftpm`
 2020-12-23 12:22:44 -08:00
Daniel Pouzzner
d5dd35c739 add --enable-trackmemory=verbose, and add WOLFSSL_TEST_MAX_RELATIVE_HEAP_{BYTES,ALLOCS} and -m/-a (runtime counterparts) to wolfcrypt_test(). also add -h to wolfcrypt_test() to print available options. 2020-12-23 12:03:06 -06:00
David Garske
daa6833f37 Added helper configure option '--enable-wolftpm` to enable options used by wolfTPM. This enables (cert gen/req/ext, pkcs7, cryptocb and aes-cfb). 2020-12-23 08:09:24 -08:00
Daniel Pouzzner
f06361ddf6 add WOLFSSL_SMALL_STACK_STATIC macro, and use it to conditionally declare const byte vectors in test.c static for stack depth control -- currently only enabled for linuxkm, but should be compatible with any target with a TLB (virtual memory). 2020-12-22 17:12:57 -06:00
Jacob Barthelmeh
47c186df34 prepare for release 4.6.0 2020-12-22 02:33:58 +07:00
Jacob Barthelmeh
4de1c1b037 add cert gen to lighty build for function wolfSSL_PEM_write_bio_X509 2020-12-21 17:24:35 +07:00
toddouska
fe92d29eb5
Merge pull request #3574 from cconlon/releasefixes 
Release fixes for Jenkins tests, example client
 2020-12-18 14:06:27 -08:00
Juliusz Sosinowicz
3231cfe9e0 Refactor extension stack generation 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
c405c3477f Protect against invalid write in RsaPad_PSS 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00