mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
16,242 Commits 5 Branches 162 Tags
Commit Graph

1220 Commits

Author SHA1 Message Date
Anthony Hu
b957a6e872 Purge Rabbit cipher 2022-01-28 13:13:53 -05:00
John Safranek
1465f99b12
Merge pull request #4734 from haydenroche5/fips_v5_des3 
Allow DES3 with FIPS v5-dev.
 2022-01-27 15:07:22 -08:00
Hayden Roche
58789991f9 Allow DES3 with FIPS v5-dev. 2022-01-24 15:18:44 -08:00
Daniel Pouzzner
a718637c6f AES: harmonize wc_Aes{Encrypt,Decrypt} and wc_Aes{Encrypt,Decrypt}Direct implementations to return int; add return values to all static void functions in aes.c that can fail; add WARN_UNUSED_RESULT to all static functions in aes.c with return values; implement missing error percolation around AES block cipher implementations; bump FIPS version for v5-ready and v5-dev to 5.3 (v5-RC12 is 5.2). 2022-01-24 11:44:16 -06:00
John Safranek
93404361ff
Merge pull request #4783 from SparkiDev/mac_sha512_def 
SHA-512 ASM: For Mac computers default to using SHA512 instructions
 2022-01-24 09:03:08 -08:00
Daniel Pouzzner
386aac9694 AES-SIV: 
in configure.ac, enable SIV only if !ENABLED_FIPS or if building FIPS v5-dev;

in cmac.{c,h}, remove !HAVE_FIPS gating on ShiftAndXorRb().
 2022-01-21 01:26:33 -06:00
Sean Parkinson
8a2cab8702 SHA-512 ASM: For Mac computers default to using SHA512 instructions 2022-01-21 16:40:35 +10:00
Sean Parkinson
848f5eeb0c
Merge pull request #4755 from dgarske/dtls_srtp 
DTLS SRTP (RFC5764) support (adds `--enable-srtp`)
 2022-01-21 10:43:47 +10:00
David Garske
d1a23a3285
Merge pull request #4758 from kareem-wolfssl/asioOldTls 
Fix building ASIO with Old TLS disabled.
 2022-01-20 10:44:41 -08:00
Hayden Roche
a05b1b012f Add --enable-chrony configure option. 
This turns on the necessary features for using the chrony NTP package with
wolfSSL.
 2022-01-19 19:13:34 -08:00
David Garske
609d6442b1
Merge pull request #4753 from SparkiDev/siphash 
Add SipHash algorithm
 2022-01-19 18:51:44 -08:00
Sean Parkinson
a6485a228d Add SipHash algorithm 2022-01-20 09:41:18 +10:00
Hayden Roche
62b07d8806 Add AES-SIV (RFC 5297). 
This commit adds functions to encrypt and decrypt data using AES in SIV mode, as
described in RFC 5297. This was added in the process of porting chrony to
wolfSSL. chrony is an NTP implementation that can use NTS (network time
security), which requires AES-SIV.
 2022-01-19 14:32:33 -08:00
Anthony Hu
c2860cb311 Get rid of HC-128 2022-01-17 18:11:54 -05:00
Kareem
021f9171c5 Fix building ASIO with Old TLS disabled. 2022-01-14 15:00:02 -07:00
David Garske
6ccbd8776f DTLS SRTP (RFC5764) support (adds --enable-srtp). Used with WebRTC to agree on profile for new real-time session keys. 2022-01-14 07:35:45 -08:00
elms
efe2cea8d1 TLS: Default secure renegotiation compatability 
By default this change will have servers send the renegotiation info
extension, but not allow renegotiation. This is accordance with RFC 5746

From to RFC 5746:
> In order to enable clients to probe, even servers that do not support
> renegotiation MUST implement the minimal version of the extension
> described in this document for initial handshakes, thus signaling
> that they have been upgraded.

With openSSL 3.0 the default it not allow connections to servers
without secure renegotiation extension. See
https://github.com/openssl/openssl/pull/15127
 2022-01-11 15:56:35 -08:00
David Garske
5910ada93d
Merge pull request #4736 from douzzer/20220107-cppcheck-hygiene 
cppcheck sweep
 2022-01-10 12:52:22 -08:00
Daniel Pouzzner
a14982b079 configure.ac: add ENABLED_WPAS to the config summary. 2022-01-07 21:36:24 -06:00
David Garske
b4da751076 Fixes for SE050 Ed25519/Curve25519. 2022-01-07 12:54:54 -08:00
David Garske
db1bb9ea6a
Merge pull request #4694 from anhu/with-curl 
Add a --enable-curl build option
 2022-01-04 13:39:07 -08:00
David Garske
cf29badd52
Merge pull request #4721 from anhu/lighty 
lighttpd requires WOLFSSL_KEY_GEN…
 2022-01-04 12:37:41 -08:00
Anthony Hu
038a9d8fa9 lighttpd requires WOLFSSL_KEY_GEN. Without it, a call to wolfSSL_CTX_use_PrivateKey fails. 2022-01-04 13:09:13 -05:00
Jacob Barthelmeh
7dd50a1beb bump version for dev and update year in readme 2022-01-03 16:02:10 -07:00
John Safranek
68e58bb321
Update configure and fips-check.sh for FIPS RC12. 2021-12-30 15:21:44 -08:00
Anthony Hu
69733e87c5 SNI and ALT_CERT_CHAINS 2021-12-29 12:50:50 -05:00
Jacob Barthelmeh
616026880e bump version by .1 for dev 2021-12-28 16:25:05 -07:00
Jacob Barthelmeh
816718ecd3 prepare for release 5.1.0 2021-12-27 10:34:09 -07:00
Anthony Hu
8eea17d92a More stuff, probably not complete yet 2021-12-23 17:28:24 -05:00
JacobBarthelmeh
801c0c7efd
Merge pull request #4549 from elms/cmake/ac_catchup 
cmake/configure consistency
 2021-12-23 13:49:44 -07:00
elms
c89b7d5f79 configure and cmake: Closing gap on options and output 
cmake:
 * 32-bit and 16-bit mode flags
 * Add 4bit to AESGCM
 * Add align data
 * Encrypted Keys option
 * PKC12 option
 * Header installation cleanup

configure:
 * Add comment for `v5-RC9`
 * update CFLAGS to always be appended instead of mix of prepend and append
 * removed duplicate `ARC4` logic
 2021-12-23 09:22:47 -08:00
Daniel Pouzzner
a6ed5dc92d configure.ac: update fips with RC11. 2021-12-22 17:32:36 -06:00
Anthony Hu
991ddaadfc Add a --enable-curl build option 2021-12-22 17:34:58 -05:00
David Garske
6b47954d58
Merge pull request #4670 from julek-wolfssl/krb5-missing-api 
Missing config for krb5 1.16.1
 2021-12-20 15:54:41 -08:00
David Garske
ce4f436d0f
Merge pull request #4587 from SparkiDev/dis_algs_fix_1 
Disable algorithms: fixes
 2021-12-19 20:12:30 -08:00
Daniel Pouzzner
5c6bd8c2c9 configure.ac: in fips v5 setup, consider HAVE_AES{CCM,CTR,GCM,OFB}_PORT when auto-setting -DWOLFSSL_AES_DIRECT -DHAVE_AES_ECB; refactor KCAPI options for readability and correctness. 2021-12-16 17:03:01 -06:00
Daniel Pouzzner
cf16480c85 configure.ac: fix hard tabs, and fix fips "v5-ready" that should have been "v5-dev". 2021-12-16 13:00:10 -06:00
Daniel Pouzzner
b6b12fe946 configure.ac: fips cleanup: drop flavor keys "v5-REL" (confusing); drop "v3" aka "v3-ready" (no longer buildable); add flavor "v5-dev" aka "dev"; refactor the "v5*" case of the FIPS setup switch to impose feature locks for v5 and v5-ready, but allow feature overrides with the new v5-dev; fix a debugging echo in the v2 case added in 1c27654300. 2021-12-16 13:00:10 -06:00
David Garske
dec78169bf
Merge pull request #4658 from julek-wolfssl/apache-2.4.51 
Add Apache 2.4.51 support
 2021-12-16 08:52:10 -08:00
Juliusz Sosinowicz
d5783d1eaa Missing config for krb5 1.16.1 2021-12-16 14:35:39 +01:00
Juliusz Sosinowicz
e78f7f734e Add Apache 2.4.51 support 
- Define `OPENSSL_COMPATIBLE_DEFAULTS` and `WOLFSSL_NO_OCSP_ISSUER_CHECK` for Apache config
- Fix `SSL_set_timeout` to match OpenSSL signature
- Implement `pkey` in `X509_INFO`
- Detect attempt to connect with plain HTTP
- Implement `wolfSSL_OCSP_request_add1_nonce`
- Set `ssl->cipher.bits` when calling `wolfSSL_get_current_cipher`
- Use custom flush method in `wolfSSL_BIO_flush` when set in BIO method
- Set the TLS version options in the `ssl->options` at the end of ClientHello parsing
- Don't modify the `ssl->version` when in a handshake (`ssl->msgsReceived.got_client_hello` is set)
- `wolfSSL_get_shutdown` returns a full bidirectional return when the SSL object is cleared. `wolfSSL_get_shutdown` calls `wolfSSL_clear` on a successful shutdown so if we detect a cleared SSL object, assume full shutdown was performed.
 2021-12-16 12:39:38 +01:00
Sean Parkinson
bd7e19b8fe
Merge pull request #4639 from JacobBarthelmeh/ECC 
deterministic ECC sign edge case fix and add variant
 2021-12-16 08:48:37 +10:00
Daniel Pouzzner
eb032e0266 configure.ac: refactor changes of 7cccaa98b7 around FIPS v5*. 2021-12-14 18:08:12 -06:00
kaleb-himes
7cccaa98b7 The minimal changes needed to add KCAPI support with fips-ready 2021-12-10 14:44:20 -07:00
Jacob Barthelmeh
0446d93285 add deterministic k variant for ECC to enable all 2021-12-08 10:49:17 -07:00
Daniel Pouzzner
30b68060fb configure.ac: fix whitespace; client.c: make gcc 5.4.0 -Wmaybe-uninitialized happy. 2021-12-04 00:57:49 -06:00
David Garske
b4c6140b64
Merge pull request #4442 from julek-wolfssl/kerberos 
Add Kerberos 5 support
 2021-12-02 09:07:34 -08:00
Juliusz Sosinowicz
aac1b406df Add support for Nginx 1.21.4 
- Add KEYGEN to Nginx config
- Check for name length in `wolfSSL_X509_get_subject_name`
- Refactor `wolfSSL_CONF_cmd`
- Implement `wolfSSL_CONF_cmd_value_type`
- Don't forecfully overwrite side
- `issuerName` should be `NULL` since the name is empty
 2021-12-01 09:49:52 +01:00
Anthony Hu
ffe7a84e3d Stop needlessly enabling ENABLED_OPENSSLEXTRA when enabling liboqs. 2021-11-24 14:09:19 -05:00
Juliusz Sosinowicz
3da810cb1b Implement OpenSSL API's 
- `OBJ_DUP`
- `i2d_PKCS7`
- `BN_rshift1
- `BN_rshift` testing
- Add `--enable-krb`
 2021-11-22 11:47:58 +01:00