mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
17,697 Commits 5 Branches 162 Tags
Commit Graph

1352 Commits

Author SHA1 Message Date
Daniel Pouzzner
a3fd714501 configure.ac: allow --enable-opensslextra with --enable-linuxkm if --enable-cryptonly is also given. 2022-07-20 18:21:29 -05:00
David Garske
c029b23043
Merge pull request #5308 from SparkiDev/ecies_gen_iv 
ECIES: Google Pay generates IV and places it before msg
 2022-07-20 06:46:14 -07:00
Sean Parkinson
09bba3510f ECIES: Google Pay ECIES 
Generates IV and places it before msg
Uses 12 byte IV with AES-CTR
Add API to explicitly set KDF salt.
 2022-07-20 09:30:47 +10:00
Lealem Amedie
cee9f9a871 Fix for --disable-aes without --disable-aesgcm 2022-07-18 10:26:20 -07:00
JacobBarthelmeh
86662bca2f update library version to 5.4.0 2022-07-08 16:04:26 -07:00
David Garske
a771baf551
Merge pull request #5332 from SparkiDev/memusage_fix_2 
SP math: fix configure.ac to allow its use
 2022-07-07 07:40:13 -07:00
David Garske
738d79c5d5
Merge pull request #5330 from SparkiDev/aesni_no_sse4 
AESNI: fix configure to use minimal compiler flags
 2022-07-06 20:44:40 -07:00
Sean Parkinson
74baa0dafa SP math: fix configure.ac to allow its use 
Choosing SP and SP math was resulting in only integer.c being used.
Fixed now.
Reorder realloc calls for memory logging to ensure scripts can match
allocate and free calls.
 2022-07-07 12:16:12 +10:00
Sean Parkinson
9ba77300f9 AESNI: fix configure to use minimal compiler flags 2022-07-07 09:30:48 +10:00
Daniel Pouzzner
19106a9510 configure.ac and tests/api.c: lock out compkey on FIPS 140-3 RC12 and ready, and add backward-compat code in test_wc_ecc_export_x963_ex() to allow RC12 compkey builds to pass unit.test. 2022-07-06 17:31:56 -05:00
David Garske
a7fa7875e4
Merge pull request #5244 from julek-wolfssl/wpas-dpp 
Support for new DPP and EAP-TEAP/EAP-FAST in wpa_supplicant
 2022-07-06 11:35:52 -07:00
Juliusz Sosinowicz
39e53c2b7c Add wc_EccPublicKeyToDer_ex doxygen entry 2022-07-06 11:59:29 +02:00
David Garske
9a256ca002
Merge pull request #5288 from haydenroche5/openldap 
Add --enable-openldap option to configure.ac.
 2022-07-05 16:04:51 -07:00
Hayden Roche
f5a5d4ada5 Enhance OpenLDAP support. 
- Add --enable-openldap to configure.ac
- Fix some issues around subject alt names and the WOLFSSL_GENERAL_NAME struct.
 2022-07-05 10:40:07 -07:00
Fabian Keil
eb9a9ceef8 configure: Improve defaults for 64-bit BSDs 
... by consistently treating host cpu "amd64" like host cpu "x86_64".

Tested on ElectroBSD amd64.
 2022-07-05 19:37:31 +02:00
Juliusz Sosinowicz
afaf41823c wpa_supplicant uses larger challenge passwords for x509 requests 2022-07-05 08:49:00 +02:00
Juliusz Sosinowicz
5179741ddb wpas: validate ecc points are on the curve 2022-07-05 08:48:37 +02:00
Juliusz Sosinowicz
448cde5a4b Support for new DPP in wpa_supplicant 
- Add null check to asn template code in MakeCertReq and test
- ENABLED_ECCCUSTCURVES can also be "all"
 2022-07-05 08:48:18 +02:00
David Garske
2f1e236305 Improvements to --enable-cryptonly in configure.ac output. Improvement to math select order in configure.ac and stray heap math=yes. 2022-06-30 12:42:55 -07:00
Daniel Pouzzner
17659ed48c configure.ac: when --enable-fips=disabled, don't touch DEF_SP_MATH/DEF_FAST_MATH; 
don't enable sp-math-all asm gates when !ENABLED_ASM;

add --with-arm-target to allow selecting thumb or cortex in conjunction with a full --host tuple (e.g. --host=armv6zk-softfloat-linux-gnueabi --with-arm-target=thumb).
 2022-06-28 18:15:28 -05:00
David Garske
d4d7e2e5f2
Merge pull request #5294 from SparkiDev/sp_math_all_no_128bit 
SP math all: don't use sp_int_word when SQR_MUL_ASM available
 2022-06-28 07:38:42 -07:00
Sean Parkinson
22336d30e5 SP math all: don't use sp_int_word when SQR_MUL_ASM available 
1. _WIN64 doesn't have 128-bit type but now can use 64-bit sp_int_digit
when assembly code snippets are being used.
2. Fix sp_div() to support values closer to maximum size.
3. Fix builds to work for more configurations.
4. Have ECC uncompressed code keep intermediate values in range of
maximum (x^3 calculation fixed).
5. Fix configuation.ac's check of FIPS for using signed SP Math All.
Default now not signed as intended.
 2022-06-28 15:51:53 +10:00
David Garske
b84b808b1b
Merge pull request #5167 from ejohnstown/cac-ext 
Add support for some FPKI certificate cases, UUID, FASC-N, PIV extension
 2022-06-27 09:06:15 -07:00
Daniel Pouzzner
790584113f configure.ac: WOLFSSL_WPAS[_SMALL] requires OPENSSL_EXTRA. 2022-06-24 16:38:56 -05:00
Daniel Pouzzner
9a29dfc8cb fix whitespace. 2022-06-24 16:08:38 -05:00
Daniel Pouzzner
940d0140f9 configure.ac fixes related to change in default math back end (to sp-math-all): wolfRand doesn't use fastmath; 
FIPS v5-dev follows the non-FIPS default (now sp-math-all);

add -DWC_NO_CACHE_RESISTANT to AM_CFLAGS when $ENABLED_HARDEN != yes;

add ENABLED_BIGNUM sensor and use it in linuxkm math back end assert;

add configuration callout for "Side-channel Hardening" reporting value of $ENABLED_HARDEN.
 2022-06-24 15:55:08 -05:00
David Garske
5ef507c78d
Merge pull request #5280 from douzzer/20220623-enable-dh-const 
--enable-dh=const
 2022-06-24 08:29:35 -07:00
David Garske
00b82888bc
Merge pull request #4759 from dgarske/sp_math_default 
Enable wolfSSL SP Math all (sp_int.c) by default
 2022-06-23 16:14:54 -07:00
Daniel Pouzzner
768737d21e configure.ac: support --enable-dh=const, and link with libm ("LT_LIB_M") only if ENABLED_DH = yes. 2022-06-23 15:00:59 -05:00
David Garske
78d3284c3c Fix for FIPS 140-2 and older ACVP math selection. Fix for building with "--disable-sp-math-all --disable-fastmath". Fix for building SAKKE with HAVE_WOLF_BIGINT. 2022-06-23 11:10:44 -07:00
Sean Parkinson
ee12c12e98 Fixes required to make SP Math default 
fasthugemath means turn on fastmath
Use sp_int_digit and not sp_digit in sp_int.c.
test.c needs to use large static buffer when SP Math used like fastmath.
When building static memroy, SP math all without WOLFSSL_SP_NO_MALLOC is
a valid configuration.
Fix freeing of bigint in sp_int.c.
Cast x to a signed value to negate and then back to unsigned. (For
Windows builds.)
Remove warning about empty file on Windows about integer.obj.
Allow RSA verify only and RSA public only to be used with other public
key algorithms.
If building for FIPS, then older versions of RSA and ECC require SP Math
to support negative numbers.
Get old FIPS files building with SP int.
Disallow --enable-sp-math and --enable-sp-math-all.
When just --enable-sp-math on configuration line then disable SP Math
all.
 2022-06-23 14:15:54 +10:00
David Garske
4db7732d78 Fixes for --enable-sha3 reproducibility with small. Fixes for shake256 typo and making sure WOLFSSL_NO_SHAKE256 gets set when disabled. Replaces PR #4225. 2022-06-21 16:02:42 -07:00
David Garske
6d2a41b9fd Enable wolfSSL SP Math all (sp_int.c) by default. If --enable-fastmath or USE_FAST_MATH is set the older tfm.c fast math will be used. To use the old integer.c heap math use --enable-heapmath or USE_INTEGER_HEAP_MATH. 2022-06-16 10:57:30 +10:00
Marco Oliverio
9d22e11776 misc.c: introduce w64wrapper to handle 64bit numbers 
as word64 is not always available, introduce an abstract type and companion
operations. They use a word64 if available and fallback on word32[2] otherwise.
 2022-06-15 10:46:42 -07:00
Marco Oliverio
d8ac35579c dtls13: add autotools, cmake build options and vstudio paths 2022-06-15 10:46:42 -07:00
Sean Parkinson
9656963f61
Merge pull request #5231 from dgarske/glitch_harden 
Added sanity check on TLS encrypt to trap against glitching
 2022-06-15 09:48:18 +10:00
David Garske
2f4864cab2 Added sanity check on TLS encrypt to trap against glitching. 2022-06-14 09:37:44 -07:00
David Garske
0b78961111
Merge pull request #5186 from SparkiDev/pk_c_rework_1 
pk.c: rework
 2022-06-13 08:35:09 -07:00
Sean Parkinson
890abfbefc pk.c: rework 
Re-order RSA functions.
Add comments to RSA functions.
Rework RSA function implementations.
 2022-06-10 09:54:32 +10:00
Hayden Roche
df87eb5508 Add an --enable-strongswan option to configure.ac. 
Also, clean up some repetition around adding `-DHAVE_OCSP`.
 2022-06-09 16:24:41 +02:00
David Garske
802e3127c0
Merge pull request #5145 from JacobBarthelmeh/caam 
CAAM support with QNX i.MX8, add AES-CTR crypto callback
 2022-06-03 15:24:10 -07:00
Sean Parkinson
64eaf74e83
Merge pull request #5206 from dgarske/user_settings 
Fixes for user settings with SP ASM and ED/Curve25519 small
 2022-06-03 09:25:17 +10:00
David Garske
8307a55429 Fixes --enable-usersettings with SP ASM and ED/Curve25519 small CURVED25519_SMALL. 2022-06-02 14:17:25 -07:00
Juliusz Sosinowicz
84bca63b2e Add WOLFSSL_NO_ASYNC_IO to low resource build 2022-05-27 21:26:55 +02:00
David Garske
6424af120c
Merge pull request #5161 from SparkiDev/sp_armv7a 
SP ARM 32: Fixes to get building for armv7-a
 2022-05-23 10:01:49 -07:00
JacobBarthelmeh
36db5ef929 add test case for UUID and FASC-N 2022-05-23 09:17:42 -07:00
David Garske
b5d65b9579
Merge pull request #5159 from kareem-wolfssl/fipsv3HmacMd5 
Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary.
 2022-05-20 18:40:29 -07:00
Sean Parkinson
bc5262a5d0 SP ARM 32: Fixes to get building for armv7-a 
Change ldrd to either have even first register or change over to ldm
with even first register.
Ensure shift value in ORR instruction has a hash before it.
Don't index loads and stores by 256 or more - make them post-index.
div2 for P521 simplified.
 2022-05-20 12:15:58 +10:00
Daniel Pouzzner
efc8d36aa5 configure.ac: add whitespace separators to "((" groupings to mollify shellcheck SC1105 "Shells disambiguate (( differently or not at all. For subshell, add spaces around ( . For ((, fix parsing errors." 2022-05-19 18:19:11 -05:00
Kareem
832a7a40a6 Allow using 3DES and MD5 with FIPS 140-3, as they fall outside of the FIPS boundary. 2022-05-19 12:06:20 -07:00