mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
12,252 Commits 5 Branches 162 Tags
Commit Graph

884 Commits

Author SHA1 Message Date
Daniel Pouzzner
16267a1889 configure.ac: error when ENABLED_LINUXKM but $KERNEL_ARCH is empty (no default, no user value). 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
8331079c36 configure.ac: --enable-compkey gates in the recursive do_mp_jacobi(). mutex with --enable-linuxkm. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
170322956b wolfssl/test.h: polish implementation of HAVE_STACK_SIZE_VERBOSE, now enabled with --enable-stacksize-verbose; internal symbol renamed from original DEBUG_STACK_SIZE_VERBOSE, helper functions and macros refactored to be formally threadsafe and to track the overall high water mark (reports same "stack used" value as --enable-stacksize after final return); add "setting stack relative offset reference mark in funcname() to x" message at entry; add configure mutexing of --enable-stacksize[-verbose] relative to --enable-linuxkm. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
b99908ae66 configure.ac: refactor test -z "${KERNEL_ROOT}" into "${KERNEL_ROOT}" = "", and remove new AM_CFLAGS="$AM_CFLAGS -msse4" (bringing back identical to logic in master) now that $CFLAGS_SIMD_ENABLE et al take care of it. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
5589565051 linuxkm: add autotools detection of usable compiler flags for enabling and disabling SIMD and fp registers and auto-vectorization, and integrate into linuxkm makefiles. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
cd14cfb092 linuxkm: override-disable SIMD instructions for all .c.o's, with exceptions enumerated in Kbuild (currently only aes.c), and couple -msse with -fno-builtin-functions; export ENABLED_ASM for use as a pivot in Kbuild; use asm/i387.h, not asm/simd.h, for kernel_fpu_{begin,end}() protos. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
05bca8b0ee when BUILD_LINUXKM, suppress building the library; rename $KROOT/$KARCH to $KERNEL_ROOT/$KERNEL_ARCH; remove SIMD enablement from linuxkm CFLAGS; add linuxkm support for -DKERNEL_OPT=x. 2020-09-23 18:32:16 -05:00
Daniel Pouzzner
34fd53b4fc linuxkm: WIP support for wolfcrypt_test() at module load time. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
0cfe9ca5d6 configure.ac: --enable-linuxkm: improved defaults and consistency checking. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
836915d05f linuxkm: configure.ac more incompatible options: --enable-fastmath, --enable-iopool, and --enable-fips; linuxkm/Makefile: reduce -Wframe-larger-than from 65536 to kernel-compatible 5000; wolfssl/wolfcrypt/settings.h: unset HAVE_THREAD_LS when WOLFSSL_LINUXKM; wolfssl/wolfcrypt/types.h: when NO_INLINE and __GNUC__, #define WC_INLINE __attribute__((unused)) rather than to nothing to avoid -Wunused-function warnings; wolfssl/wolfcrypt/wc_port.h: #undef noinline after Linux kernel header includes (another macro conflict). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
911b23d2b4 configure.ac: check for incompatible combinations, and restore check for non-empty $KROOT when --enable-linuxkm. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
dff5344d82 configure.ac: when --enable-asm (default on), for gcc amd64 target always include -msse4 even if not --enable-intelasm (it's needed for TFM_X86_64 inline asm). 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
1aa15632ce initial buildability of full libwolfssl.ko loadable kernel module for Linux via ./configure --enable-linuxkm && make. 2020-09-23 18:32:15 -05:00
Daniel Pouzzner
bc1c85842d WIP: autotools support for LKM 2020-09-23 18:32:15 -05:00
David Garske
6425ebb60e Linux Kernel Module support using "--enable-linuxkm". 2020-09-23 18:32:15 -05:00
David Garske
9deb85ceb1 Fixes to reduce code size. 2020-09-18 09:14:41 -07:00
David Garske
d61be6f030 Restore the normal --enable-wpas macro. 2020-09-18 09:14:41 -07:00
David Garske
780e8a4619 Fixes for building --enable-wpas=small with WPA Supplicant v2.7. 2020-09-18 09:14:41 -07:00
Daniel Pouzzner
cc1d016d1e configure.ac: define BUILD_TESTS as ENABLED_EXAMPLES, rather than ENABLED_EXAMPLES && !ENABLED_LEANTLS; add missing preprocessor gating in tests/api.c test_wolfSSL_EVP_Digest() and test_wolfSSL_i2d_PrivateKey(). 2020-09-17 12:03:44 -05:00
David Garske
7d45e85b03 Add ED448 to the "all" options. 2020-08-21 15:47:02 -07:00
John Safranek
362e328180
NTRU fixes 
1. When configuring for NTRU, enable static RSA.
2. The echoserver should not try to use NTRU with TLSv1.3.
 2020-08-19 10:46:03 -07:00
John Safranek
3f6861ee82
FIPS Ready Fix with ECC Timing Resistance 
Commit 6467de5 added some timing resistance to ECC shared secret
agreement. It involved adding an RNG object to the ecc keys so
a random z value can be added to the mix. The older FIPS release
has ECC outside the boundary, so it uses the new ECC code. FIPSv2
has ECC inside the boundary, but all the TLS code checks for that
version of FIPS and leaves out the calls to the new functions as
it is using an older version of ecc.c. FIPS Ready uses the latest
version of ecc.c but compiles as FIPSv2. So, the code outside of
the crypto layer is treating ECC as FIPSv2 and not calling the new
functions, but the crypto layer assumes the RNG should be present,
and errs out on testing.
1. Added a separate option for FIPS Ready to the enable-fips
   configure option. `--enable-fips=ready`. It will treat FIPS
   Ready as the next kind of FIPS release. FIPS Ready will be
   treated like FIPS v3 in the build.
2. Changed the C preprocessor checks for FIPS version 2 to be
   checks for not version 2, with respect to ECC Timing Resistance
   and FIPS builds.
 2020-08-14 10:54:55 -07:00
John Safranek
95337e666c
Release Update 
1. Update the usual versions.
2. Update README and ChangeLog.
3. Modify genecc and renewcerts to update two certificate files that had expired.
4. Update the expired certificate files.
 2020-08-12 14:43:47 -07:00
toddouska
fa146870bd
Merge pull request #3155 from julek-wolfssl/openssh-fixes-cherry-picked 
Additional OpenSSL compat stuff for OpenSSH
 2020-08-11 16:32:31 -07:00
toddouska
1681ed1b85
Merge pull request #3211 from cconlon/jniconfig 
Update "enable-jni" option for current JSSE requirements
 2020-08-11 12:39:54 -07:00
JacobBarthelmeh
8b7f588aaf
Merge pull request #3108 from SparkiDev/openssl_interop 
Update OpenSSL interopability testing
 2020-08-11 09:42:43 -06:00
Sean Parkinson
93cdfd7132 Update OpenSSL interopability testing 
Added TLS 1.3 testing.
Added Ed25519 and Ed448 testing.
Added tesitng of OpenSSL client against wolfSSL server.
Fixed builds of Curve25519/Curve448/Ed25519/Ed448 in different
configurations.
 2020-08-11 16:44:45 +10:00
Sean Parkinson
72d1352bd6 Fix ARM builds 
Need to include options.h in assembly now.
bufPt declared in block but not outside.
poly1305_block and poly1305_blocks need prototype - declaration in
wolfcrypt/src/port/arm/armv8-poly1305.c (__arch64__ only).
 2020-08-10 11:59:10 +10:00
David Garske
b25eccb07e
Merge pull request #3203 from tmael/libwebsockets 
Enable HAVE_EX_DATA for libwebsockets
 2020-08-08 14:34:18 -07:00
toddouska
1724347f7a
Merge pull request #3091 from julek-wolfssl/sess-serialization 
Expose session serialization outside of `OPENSSL_EXTRA`
 2020-08-07 15:41:27 -07:00
Tesfa Mael
6379ca8e10 libwebsockets requires *CRYPTO_EX_DATA* APIs 2020-08-06 16:29:39 -07:00
toddouska
462f4f9e45
Merge pull request #3196 from cconlon/cavpmarvell 
Add fips-check.sh target for marvell-linux-selftest, selftest v2 support
 2020-08-06 10:45:03 -07:00
Juliusz Sosinowicz
139a192185 Implement wolfSSL_d2i_X509_NAME 2020-08-06 15:52:11 +02:00
Chris Conlon
e5e87db6aa add HAVE_EX_DATA, OPENSSL_ALL, HAVE_ALPN to enable-jni configure option 2020-08-05 15:43:26 -06:00
toddouska
8d00b015c1
Merge pull request #3182 from dgarske/configall_noold 
Fix to NOT enable SSLV3 and TLS v1.0 with `--enable-all`
 2020-08-04 12:25:59 -07:00
David Garske
776b1a2d17 Fix for ED25519 with user_settings.h. Fixes for build warnings. Fix spelling error. Added template for wolfBoot key/sign tools. 2020-07-31 15:17:53 -07:00
David Garske
197c21a508 Fix for --enable-all (also used by --enable-distro) to NOT enable SSLV3 and TLS v1.0. 2020-07-31 13:54:08 -07:00
Chris Conlon
c6b4fa3be3 add selftest version for newer 4.1.0 validation 2020-07-29 15:10:47 -06:00
toddouska
e84defb268
Merge pull request #3044 from dgarske/sniffer_tls13 
TLS v1.3 sniffer support
 2020-07-24 11:46:38 -07:00
David Garske
1b051d9c5b TLS v1.3 sniffer support: 
* Added TLS v1.3 sniffer support using static ephemeral key.
* Add support for using a static ephemeral DH and ECC keys with TLS v1.3 using `WOLFSSL_STATIC_EPHEMERAL`.
* Adds new API's `wolfSSL_CTX_set_ephemeral_key` and `wolfSSL_set_ephemeral_key`.
* Expanded TLS extension support in sniffer.
* Refactor of the handshake hashing code.
* Added parameter checking to the TLS v1.3 key derivations (protects use of "DoTls13Finished" if handshake resources have been free'd).
* Added support for loading DH keys via `wc_DhImportKeyPair` and `wc_DhExportKeyPair`, enabled with `WOLFSSL_DH_EXTRA`.
* Added sniffer documentation `sslSniffer/README.md`.
 2020-07-17 15:22:35 -07:00
David Garske
90ee12f51a Added test case for ECC non-blocking. ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock CFLAGS="-DWOLFSSL_PUBLIC_MP" && make. 2020-07-17 15:13:50 -07:00
David Garske
547144bc9c Adds ECC non-blocking sign/verify support when used with SP math. New --enable-sp=nonblock and --enable-ecc=nonblock options. Example ./configure --enable-ecc=nonblock --enable-sp=yes,nonblock. 2020-07-17 15:13:50 -07:00
Juliusz Sosinowicz
b57cf802eb Expose session serialization outside of OPENSSL_EXTRA 
Use `./configure CFLAGS='-DHAVE_EXT_CACHE'` to enable session serialization without `OPENSSL_EXTRA`.
 2020-06-30 20:17:21 +02:00
kaleb-himes
308562e853 configure.ac change == to = when not C code 2020-06-24 13:41:03 -06:00
toddouska
48cd6f36ff
Merge pull request #2967 from dgarske/ecc_null 
Fixes for ECC key import
 2020-06-18 10:10:49 -07:00
David Garske
3b8455fcd0 Fix for building without ECC and DH (TLS v1.3 cannot be enabled). 2020-06-05 10:26:32 -07:00
David Garske
7879e83ae0 Fixes for building with ./configure --enable-tls13 --disable-rsa --disable-ecc --enable-psk. Fix to properly detect if missing a asymmetric key algorithm (required by TLS v1.3). 2020-06-04 16:31:19 -07:00
David Garske
66fdc2c536 Disable TLS v1.3 if none of these are available "ECC, CURVE25519, CURVE448 or DH". 2020-06-04 15:31:19 -07:00
David Garske
ab2afbd37b Allow the TLS 13 draft 18 build option and just use the final version. This allows the automated test scripts to pass. 2020-06-04 15:31:18 -07:00
David Garske
4d8cf5b571 Fixes for building TLSv1.3 with FIPS v1 (no RSA PSS or HKDF). 2020-06-04 15:31:18 -07:00