mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
6,540 Commits 5 Branches 162 Tags
Commit Graph

577 Commits

Author SHA1 Message Date
Go Hosohara
bfed9f28d3 Modification for compliling application with libsignal-protocol-c. 2017-12-19 13:19:05 +09:00
Chris Conlon
e3a4f468c1 PKCS7 and SCEP need either AES or 3DES enabled, error out if not 2017-11-20 13:16:44 -07:00
toddouska
53ec80b291
Merge pull request #1238 from cconlon/pkcs7cleanup 
PKCS7 cleanup: remove dependencies on 3DES and SHA1
 2017-11-16 13:51:57 -08:00
Chris Conlon
30e8f5539b PKCS7 cleanup: remove dependencies on 3DES and SHA1 2017-11-16 10:37:47 -07:00
David Garske
d5cc3ca198 Disable TLS v1.0 by default. Added new --enable-tlsv10 option to force enable (only works if --enable-oldtls is set, which is on by default). 2017-11-14 14:01:31 -08:00
David Garske
5a5fea7b46 Add USE_SLOW_SHA256 and USE_SLOW_SHA512 options for reduced code size of SHA. Existing USE_SLOW_SHA2 applies for SHA512 only. Cleanup formatting of the sha256.c and sha512.c code. Added new ./configure --lowresource option, which defines the memory reduction defines. Fix for make check resume.test scipt with NO_SESSION_CACHE defined. 2017-11-09 11:05:28 -08:00
David Garske
b8cc132e99 Added ability to force 32-bit mode using --enable-32bit. Added ability to disable all inline asembly using --disable-asm. Added check for __EMSCRIPTEN__ define in types.h to properly setup 64-bit type. Fixes for build combinations with SHA512 and CHACHA20. 2017-11-06 14:37:34 -08:00
Sean Parkinson
32cbff7257 Remove coverage rules not required. 2017-11-02 09:46:57 +10:00
Sean Parkinson
323db1a95d Fix no ECC builds with TLS13 code. 
Fix tests so that having ECC disabled works as well.
Fix define protection for Draft 18 and HRR Cookie.
 2017-10-24 09:11:24 -07:00
toddouska
8a01d725da Merge pull request #1177 from dgarske/certreq_tests 
Testing improvements for cert gen and TLS cert validation
 2017-10-24 08:21:37 -07:00
David Garske
911b6f95f8 Release v3.12.2 (lib 14.0.0). Updated copywright. 2017-10-22 15:58:35 -07:00
David Garske
024c8725ad Testing improvements for cert gen and TLS cert validation: 
* Fixes to support certificate generation (`WOLFSSL_CERT_GEN`) without RSA enabled.
* Added new ECC CA for 384-bit tests.
* Created new server cert chain (ECC CA for 256-bit that signs server-ecc.pem)
* Created new `./certs/ecc/genecc.sh` script for generating all ECC CA's, generated server cert req (CSR), signing with CA and the required CRL.
* Moved the wolfCrypt ECC CA / ECC cert gen test into `ecc_test` as `ecc_test_cert_gen`.
* Refactor duplicate code that saves DER to disk, converts DER to PEM and saves PEM to disk into SaveDerAndPem function.
* Changed `ecc_test_make_pub` and `ecc_test_key_gen` to use XMALLOC for temp buffers (uses heap instead of stack).
* Cleanup to combine all certificate subject information into global `certDefaultName`.
* Updated cert request info to use wolfSSL instead of Yassl.
* Cleanup to combine keyUsage into `certKeyUsage` and `certKeyUsage2`.
* Re-number error codes in rsa_test.
* Moved the certext_test after the ecc_test, since it uses a file generated in `ecc_test_cert_gen`.
 2017-10-19 16:17:51 -07:00
Sean Parkinson
c49188cc89 Turn off SP by default 2017-10-17 09:32:24 +10:00
Sean Parkinson
90f8f67982 Single Precision maths for RSA (and DH) 
Single Precision ECC implementation
 2017-10-17 08:36:39 +10:00
toddouska
819acd18a7 Merge pull request #1180 from SparkiDev/tls13_nd 
Fixed DRAFT_18 define and fixed downgrading with TLS v1.3
 2017-10-13 09:24:55 -07:00
David Garske
6707be2b0e Added new --disable-oldnames option to allow for using openssl along-side wolfssl headers (without OPENSSL_EXTRA). Add --enable-opensslcoexist which makes sure oldnames is disabled. Refactor of SSL_ to WOLF_SSL_. Refactor of SHA, MD5, SHA224, SHA256, SHA512 and SHA384 to WC_ naming. 2017-10-11 09:10:42 -07:00
Sean Parkinson
7dca25ea88 Fixed DRAFT_18 define and fixed downgrading with TLS v1.3 
Changed the define in configure.ac to match the one used in the code.
Fixed downgrading to disallow unless ssl->options.downgrade is set.
TLS 1.3 client method does not have downgrade on anymore.
Test changed to not expect downgrading to work.
Test of TLS v1.3 client downgrade is actually upgrading on server.
Fixed 80 character line problems.
 2017-10-11 12:17:28 +10:00
John Safranek
f344f04e60 wolfSSH Option 
Added a configure convenience option for building wolfSSL to work with wolfSSH.
 2017-10-04 16:11:52 -07:00
Sean Parkinson
00e073424a Fix WPAS config to not use FORTRESS config 2017-09-15 10:49:07 +10:00
Jacob Barthelmeh
ef73c1df7c add AES-XTS mode --enable-xts 2017-08-30 17:50:15 -06:00
Jacob Barthelmeh
3fda99cbc4 seperate build of QSH from build of NTRU 2017-08-16 14:19:38 -06:00
David Garske
44a3622248 Fixes to better handle threading with async. Fix wc_CamelliaCbcEncrypt return code checking. Fix to ensure cycles per byte shows on same line. Refactor of async event state. Refactor to initalize event prior to operation (in case it finishes before adding to queue). Add HAVE_AES_DECRYPT to --enable-all option. Cleanup benchmark error display. 2017-08-15 21:19:28 -07:00
Jacob Barthelmeh
b55f981d5b prepare for release v3.12.0 2017-08-04 15:32:27 -06:00
David Garske
3be4e0823e Adds option --enable-chacha=noasm to allow disabling the Intel AVX/AVX2 speedups when used with --enable-intelasm. 2017-08-03 13:39:46 -07:00
dgarske
05ed5cafc2 Merge pull request #1061 from SparkiDev/tls13_leantls 
Fixes for LEANTLS and TLS13 builds
 2017-07-25 21:01:00 -07:00
Sean Parkinson
038d16212f Fixes for LEANTLS and TLS13 builds 2017-07-26 10:43:36 +10:00
Sean Parkinson
bde6a35ac4 Assembly optimization for AES-NI, and AVX1 and AVX2 
Unroll the loop for 8.
Use new optimized maths.
Fix SHA-384 to use SHA-512 assembly code.
Only perform CPU id check in one place.
 2017-07-25 08:50:39 +10:00
toddouska
36c2ee92dc Merge pull request #1050 from JacobBarthelmeh/ARMv8 
Xilinx port
 2017-07-24 15:37:05 -07:00
Jacob Barthelmeh
59a46d08d9 Xilinx port 2017-07-21 17:39:47 -06:00
John Safranek
431a0cbea9 Multicast 
1. Since multicast's only cipher suite uses null cipher
   automatically enable it.
2. Add options to example client and server to start
   testing multicast API. (Uses TLS over TCP.)
3. Updates to use the forced secrets set by API.
 2017-07-19 13:31:39 -07:00
John Safranek
5154584576 Multicast DTLS 
1. Add DTLS-multicast to the enable options.
2. Reorg DTLS related enable options together.
3. Update a couple enable option texts to use the AS_HELP_STRING() macro.
4. Add three new APIs for managing a DTLS Multicast session.
5. Add test code for new APIs.
6. Add stub code for the new APIs.
 2017-07-19 13:26:23 -07:00
David Garske
8612d52844 Fix issue with ARMv8 not performing 128-bit math against constants correctly in debug builds. Fix was to use the __int128_t as const for integers. Also added ./configure --enable-curve25519=no128bit option to force FE to not use the int128_t math. 2017-07-14 10:39:30 -07:00
David Garske
171796e8e2 Fix up for building without ./configure to warn if hardening options are not enabled. Currently ./configure defaults to --enable-harden, but if building sources directly and using settings.h or user_settings.h the hardening defines will not be set by default. If a user wants to use without hardening they can suppress the warning by defining WC_NO_HARDEN. 2017-07-10 14:40:07 -07:00
Sean Parkinson
7aee92110b Code review fixes 
Also put in configuration option for sending HRR Cookie extension with
state.
 2017-06-27 08:52:53 +10:00
dgarske
06fa3de31c Merge pull request #980 from SparkiDev/tls13_0rtt 
TLS v1.3 0-RTT
 2017-06-22 09:44:41 -07:00
Sean Parkinson
08a0b98f52 Updates from code review 2017-06-22 12:40:41 +10:00
Sean Parkinson
350ce5fcef TLS v1.3 0-RTT 2017-06-21 08:35:28 +10:00
David Garske
3c173ba366 Enhancement to support different sized Curve/Ed math library implementations for FE/GE. Remains backwards compatible with CURVED25519_SMALL define. Adds new defines CURVE25519_SMALL and ED25519_SMALL to allow individual enabling of math library choice (_low_mem or _operations). Example: ./configure --enable-ed25519=small --enable-curve25519. 2017-06-16 09:41:10 -07:00
David Garske
adf819458c Fixes for TLS 1.3 without ECC or RSA. Fix for building without ECC where HAVE_SUPPORTED_CURVES was getting defined because of ENABLED_TLSX. 2017-06-13 09:44:14 -07:00
Sean Parkinson
4134073c8d Initial revision of SHA-3 2017-05-25 09:09:50 +10:00
toddouska
6b09a7c6e1 Merge pull request #922 from SparkiDev/tls_pss 
TLS v1.2 and v1.3 RSA PSS
 2017-05-23 14:57:10 -07:00
toddouska
0e860b0d55 Merge pull request #925 from dgarske/enable_all 
Added new `./configure --enable-all` option to enable all features
 2017-05-22 09:22:50 -07:00
Jacob Barthelmeh
b6c2e2acf9 require using wolfSSL memory when enabling trackmemory 2017-05-19 15:24:38 -06:00
David Garske
0a28b76e8b Refactor of the ./configure help to use AS_HELP_STRING. 2017-05-19 10:54:13 -07:00
Sean Parkinson
4390f4c711 TLS v1.2 and PSS 
Cleanup the TLS v1.3 PSS code as well.
Added RSA API wc_RsaPSS_CheckPadding() to check the padding - no longer
a simple memcmp with the digest.
 2017-05-19 11:49:43 +10:00
Jacob Barthelmeh
4737b97503 add trackmemory enable option 2017-05-18 16:46:56 -06:00
David Garske
7bd1e0b80a Added new ./configure --enable-all option to enable all features. Allows building all features without using the --enable-distro option, which only allows shared build and does not generate an options.h file. 2017-05-18 10:57:28 -07:00
David Garske
7c7503449f Removed the -Wimplicit-fallthrough=5 from autogen.sh, since older GCC throws “error: unknown warning option”. 2017-05-11 15:28:49 -07:00
David Garske
562db08c3d Implemented strict switch fall-through handling using new macro FALL_THROUGH. 2017-05-11 15:15:19 -07:00
David Garske
c0c98c8f64 Fixes to address build warnings for GCC 7. Used -Wimplicit-fallthrough=0 to suppress all switch fall-through warnings. 2017-05-11 15:12:16 -07:00