mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
13,028 Commits 5 Branches 162 Tags
Commit Graph

949 Commits

Author SHA1 Message Date
Juliusz Sosinowicz
3231cfe9e0 Refactor extension stack generation 2020-12-17 14:27:46 +01:00
Juliusz Sosinowicz
c405c3477f Protect against invalid write in RsaPad_PSS 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
78a20ec3ae Extension manipulation 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
2689d499b9 Tests starting to pass 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
ff2574b3cb OpenSSL Compat layer 
Implment/stub:
- wolfSSL_X509_NAME_delete_entry
- wolfSSL_X509_get_ext_by_OBJ
- wolfSSL_a2i_ASN1_INTEGER
- X509V3_parse_list
- wolfSSL_TXT_DB_write
- wolfSSL_TXT_DB_insert
- wolfSSL_EVP_PKEY_get_default_digest_nid
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
1a50d8e028 WIP 
- wolfSSL_BIO_ctrl_pending ignore BASE64 bio's as well now
- Save the last Finished messages sent or received in the WOLFSSL struct
- Implement wolfSSL_CTX_set_max_proto_version
- wolfSSL_d2i_X509_bio now uses wolfSSL_BIO_read so that the entire chain is properly read from the BIO
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
85b1196b08 Implement/stub: 
- X509_REQ_print_fp
- X509_print_fp
- DHparams_dup
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
728f4ce892 Implement/stub: 
- wc_DhKeyCopy
- SSL_CTX_set_srp_strength
- SSL_get_srp_username
- X509_REQ_get_attr_by_NID
- X509_REQ_get_attr
- X509_ATTRIBUTE
- wolfSSL_DH_dup
Add srp.h file with SRP_MINIMAL_N
 2020-12-17 14:26:49 +01:00
Juliusz Sosinowicz
b52e11d3d4 Implement/stub the following: 
- X509_get0_extensions
- X509_to_X509_REQ
- i2d_X509_REQ_bio
- X509v3_get_ext_count
- i2d_PKCS7_bio
Additional changes:
- Added a wc_PKCS7_VerifySignedData call to wolfSSL_d2i_PKCS7_bio to populate the PKCS7 struct with parsed values
- wc_PKCS7_VerifySignedData_ex -> wc_PKCS7_VerifySignedData
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
3721d80e84 Implement wolfSSL_PKCS7_to_stack and wolfSSL_d2i_ASN1_OBJECT 
- I also implemented wolfSSL_c2i_ASN1_OBJECT which was previously a stub.
- More configure.ac flags added to libest option
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
777bdb28bc Implement/stub the following: 
- `NID_pkcs9_challengePassword` - added
- `wolfSSL_OPENSSL_cleanse` - implemented
- `wolfSSL_X509_REQ_add1_attr_by_NID` - stubbed
- `wolfSSL_c2i_ASN1_OBJECT` - stubbed
 2020-12-17 14:26:30 +01:00
Juliusz Sosinowicz
a9d502ef85 Add --enable-libest option to configure.ac 
Refactoring and adding defines for functions
 2020-12-17 14:26:30 +01:00
Daniel Pouzzner
18984abc9e configure.ac: replace --enable-stacksize-verbose with --enable-stacksize=verbose, and change _LINUXKM_DEFAULTS ENABLED_SP_DEFAULT and ENABLED_SP_MATH_ALL_DEFAULT from small to yes. 2020-12-11 14:16:44 -06:00
Daniel Pouzzner
e9a79b2e0d configure.ac: fix rebase error, re enable-sp-asm on ARM. 2020-12-10 14:46:22 -06:00
Daniel Pouzzner
0fa4bde5b5 configure.ac: move --enable-sp-asm handling to follow --enable-sp-math-all handling, so that $ENABLED_SP requirement is properly met. 2020-12-10 14:21:08 -06:00
Daniel Pouzzner
27a6de2c2f configure.ac, wolfssl/wolfcrypt/settings.h, wolfssl/wolfcrypt/wc_port.h: update linuxkm defaults and settings for compatibility with sp-math-all, and change linuxkm default math from sp-math to sp-math-all; refactor enable-all and enable-all-crypto logic to allow piecemeal exclusion of options from the command line. 2020-12-10 14:16:21 -06:00
Daniel Pouzzner
cfc08cc13f configure.ac: remove smallstackcache from linuxkm default options; add several feature exclusions to enable-all and enable-all-crypto to make them compatible with fips=ready; render the FIPS option in the feature summary at end. 2020-12-10 14:16:20 -06:00
toddouska
cd3b91a8fe
Merge pull request #3536 from SparkiDev/arm64_rev 
ByteReverseWord32 AARCH64: Use proper instruction - REV32
 2020-12-10 11:59:00 -08:00
toddouska
367f28b917
Merge pull request #3443 from SparkiDev/tls13_psk_no_dhe 
TLS 1.3: PSK only
 2020-12-09 09:45:34 -08:00
Sean Parkinson
d34b0072a2 ARM: identify ARM CPU for Thumb and Cortex 
Better detailed check of CPU architecture for 32-bit byte reversal asm
 2020-12-09 08:54:18 +10:00
toddouska
84a9e16805
Merge pull request #3388 from SparkiDev/aesgcm_4bit_table 
AES-GCM: GMULT using 4-bit table
 2020-11-25 15:45:28 -08:00
toddouska
a0cd75081d
Merge pull request #3514 from SparkiDev/aesni_sse4 
AESNI compile flags: clang doesn't need -msse4
 2020-11-25 08:55:35 -08:00
Sean Parkinson
ca5ffc0743 AESNI compile flags: clang can't have -msse4 
Setting the SSE4 architecture with clang creates executables that can't
run on old machines.
 2020-11-25 10:32:42 +10:00
Sean Parkinson
d0703f8931 AES-GCM: GMULT using 4-bit table 
When 64-bit data type available and not big endian code is faster.
--enable-aesgcm=4bit
 2020-11-25 08:47:50 +10:00
Sean Parkinson
91d23d3f5a Implement all relevant mp functions in sp_int 2020-11-19 11:58:14 +10:00
Sean Parkinson
d8b58286d1 TLS 1.3: PSK only 
Support building with only TLS 1.3 and PSK without code for (EC)DHE and
certificates.
Minimise build size for this configuration.
 2020-11-19 09:21:24 +10:00
David Garske
1d531fe13b Peer review fixes. 2020-11-10 09:47:37 -08:00
David Garske
5de80d8e41 Further refactor the minimum ECC key size. Adds --with-eccminsz=BITS option. Fix for FIPSv2 which includes 192-bit support. If WOLFSSL_MIN_ECC_BITS is defined that will be used. 2020-11-10 09:47:37 -08:00
David Garske
c697520826 Disable ECC key sizes < 224 bits by default. Added --enable-eccweakcurves or ECC_WEAK_CURVES to enable smaller key sizes. Currently this option is automatically enabled if WOLFSSL_MIN_ECC_BITS is less than 224-bits. 2020-11-10 09:47:36 -08:00
David Garske
7e3efa3792
Merge pull request #3474 from douzzer/lighttpd-update-1.4.56 
lighttpd support update for v1.4.56
 2020-11-09 09:24:58 -08:00
Glenn Strauss
f9e48ee361 build updates for lighttpd: recommend -DNO_BIO 
(cherry picked from commit bfe12839e18ccc3ab95cfc33b34c875ebe55c14a)
 2020-11-05 20:40:43 -06:00
Glenn Strauss
030eb9347c lighttpd: allow ssl3, tls1.0 if explicitly enabled 2020-11-05 20:40:43 -06:00
Glenn Strauss
7cee131e37 restore --enable-lighty with --enable-all 
protect lighttpd recommendations (and recommended restrictions)
to when building wolfSSL specifically for use by lighttpd, and
omit these optional settings when building `--enable-all`
 2020-11-05 20:40:43 -06:00
David Garske
a9a495270c Fix to disable CRL monitor for single threaded or lighttpd. Do not set --enable-lighty with --enable-all. 2020-11-05 20:40:43 -06:00
Glenn Strauss
bcf1f0375b build updates for lighttpd: recommended flags 2020-11-05 20:40:43 -06:00
Glenn Strauss
e5ed227a87 build updates for lighttpd: -DOPENSSL_ALL 
avoid potential for WolfSSL to silently omit expected functionality
 2020-11-05 20:40:43 -06:00
Glenn Strauss
503de43cbd build updates for lighttpd 
Update configure.ac and various #ifdefs to enable WolfSSL to
build features for use by lighttpd.

Change signature of wolfSSL_GetVersion() to take const arg.
Pass (const WOLFSSL*) to wolfSSL_GetVersion() for use with
SSL_CTX_set_info_callback(), where OpenSSL callback takes (const SSL *)
 2020-11-05 20:40:43 -06:00
Sean Parkinson
2588fe366e cpuid and SP ASM: ensure WOLFSSL_X86_64_BUILD is defined 
WOLFSSL_X86_64_BUILD is defined only when fast math is enabled.
Define it when SP ASM is enabled and on an x86_64 host.
Undo cpuid code being enabled when WOLFSSL_SP_ASM as it shouldn't for
non-Intel CPUs.
 2020-11-05 11:16:27 +10:00
Daniel Pouzzner
7d177e78d7 don't include wolfssl/options.h in logging.c, use AM_CFLAGS (not wolfssl/options.h) to communicate HAVE_WC_INTROSPECTION to the compiler, and use config.h (not wolfssl/options.h) to communicate LIBWOLFSSL_CONFIGURE_ARGS and LIBWOLFSSL_GLOBAL_CFLAGS to the compiler (for logging.c). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
a5d96721ac wolfcrypt/src: remove wc_debug.c and move its contents to logging.c. 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
1ba0883f4c introspection tweaks: rename wolfcrypt/src/debug.c to wolfcrypt/src/wc_debug.c; restore BUILD_WC_DEBUG gating for autotools inclusion of wc_debug.o and disable opportunistically when ENABLED_LEANTLS, ENABLED_LEANPSK, or ENABLED_LOWRESOURCE; add HAVE_WC_INTROSPECTION gate for libwolfssl_configure_args() and libwolfssl_global_cflags(). 2020-10-28 17:28:05 -05:00
Daniel Pouzzner
8be2d7690a add API functions libwolfssl_configure_args() and libwolfssl_global_cflags() to retrieve build parameters at runtime. 2020-10-28 17:28:01 -05:00
toddouska
931eea30f5
Merge pull request #3397 from cconlon/rc2 
RC2 ECB/CBC and PKCS#12 Integration
 2020-10-28 15:06:47 -07:00
David Garske
ff092c02d2
Merge pull request #3396 from SparkiDev/fips_armasm 
FIPS ARMASM: get build working
 2020-10-22 15:26:24 -07:00
Daniel Pouzzner
6142c22948 add wc_XChaCha_init(), wc_XChaCha20Poly1305_Init(), wc_XChaCha20Poly1305_encrypt_oneshot(), wc_XChaCha20Poly1305_decrypt_oneshot(), and wc_Poly1305_EncodeSizes64(). also, remove redundant arg check (typo) in wc_Poly1305Update(). 2020-10-21 14:08:41 -05:00
David Garske
b58ea5842a wolfSSL RC2 template. 2020-10-16 11:46:40 -06:00
David Garske
ab88ab160c
Merge pull request #3395 from douzzer/misc-fixes-20201015 
misc fixes for coverage and buildability
 2020-10-16 07:28:48 -07:00
Sean Parkinson
aeb44c5352 FIPS ARMASM: get build working 2020-10-16 16:41:18 +10:00
Daniel Pouzzner
eb7a79aa5e misc fixes for coverage and buildability: add MD2 to --enable-all*; fix spelling of "Sno" to "no" for $ENABLED_BLAKE2S default; when ENABLED_QSH add -DWOLFSSL_STATIC_DH -DWOLFSSL_STATIC_PSK (relates to ZD11073); add missing gating for !defined(WOLFSSL_DEVCRYPTO) in api.c:test_wc_Sha256FinalRaw(); fix tests/api.c:IsValidCipherSuite() to build under gcc10 (relates to ZD11073). 2020-10-15 15:05:29 -05:00
John Safranek
69ac13c2e9
wolfSSH Update 
Originally, wolfSSH required some algorithms to be enabled in wolfCrypt
to work correctly. wolfSSH is now more flexible with how wolfCrypt is
configured, and these combinations do not have to be restricted.
 2020-10-15 11:37:31 -07:00