Commit Graph

11142 Commits

Author SHA1 Message Date
toddouska d869279ad5 Merge branch 'custom-seed' 2015-11-06 15:37:26 -08:00
David Garske 099b6bc3df Updated the Rowley Crossworks example so it builds due to new user-crypto. Tested and verified new "CUSTOM_RAND_TYPE" using 8, 16 and 32 bit values. 2015-11-06 09:41:16 -08:00
David Garske 05f4c83b98 Optimizations to improve random number generation performance and provide additional ways to implement custom versions of custom random handlers. Added new "CUSTOM_RAND_TYPE" to define the datatype for the "CUSTOM_RAND_GENERATE" function. Added new "CUSTOM_RAND_GENERATE_SEED" option for anyone who wants to implement their own equivalent "wc_GenerateSeed()" function. Added generic FREESCALE_RNGA and FREESCALE_RNGB options. 2015-11-05 22:20:11 -08:00
Moisés Guimarães dccbc1cdd4 fixes ocsp nonce extension decoding;
enables use of ocsp nonce extension in the client example.
2015-11-05 11:45:42 -03:00
Moisés Guimarães 62210186c7 fix code logic to single if 2015-11-05 11:45:41 -03:00
toddouska 17c9494a2d fix gfmul intel calling convention 2015-11-04 13:26:38 -08:00
toddouska 124f1f8ce7 switch gfmul to intel syntax in aes_asm.asm 2015-11-04 11:55:04 -08:00
John Safranek 3b102862b1 exclude new AES-GCM test when in FIPS mode 2015-11-03 16:57:38 -08:00
John Safranek 23ba31cbdd 1. Fixed bug where AES-GCM IVs had to only be 12 bytes. Now
accepts any length.
2. Added test case for AES-GCM using an 60 byte IV.
3. AesGcmSetKey doesn't calculate H value in AES-NI mode.
2015-11-03 16:47:42 -08:00
toddouska 427405fff9 Merge branch 'timediff' 2015-11-03 14:21:55 -08:00
toddouska 44165371bc timediff fixup 2015-11-03 14:15:15 -08:00
toddouska 69d5f2e43c Merge branch 'DateFormat' of https://github.com/kojo1/wolfssl into timediff 2015-11-03 14:04:14 -08:00
toddouska 5c9089651a fix github issue #174 , disable des3 with (else if) logic broken 2015-11-03 12:03:35 -08:00
toddouska 8d4d9ebe12 fix jenkins ec 56 2015-11-03 11:30:56 -08:00
toddouska 37f4fbc000 Merge branch 'openssl-script' 2015-11-02 13:27:20 -08:00
toddouska fbd4f8a6ed fix merge conflict 2015-11-02 13:26:46 -08:00
toddouska 54a0a3370a fix wolfSSL_Init to only call new wolfCrypt_Init() once 2015-11-02 12:35:43 -08:00
toddouska a1d1155b0c add missing error strings 2015-11-02 12:18:12 -08:00
toddouska b13ae543ec bump dev version v3.7.1 2015-11-02 11:15:21 -08:00
Moisés Guimarães 3db5a5f2c2 Merge branch csr into 'master' 2015-11-02 15:54:41 -03:00
Moisés Guimarães 21d70636dc Merge branch csr into 'master' 2015-11-02 15:51:01 -03:00
toddouska 1d32ff2c59 Merge branch 'aes-ni-gcm' 2015-11-02 09:42:10 -08:00
toddouska 28dcef2d71 gcm benchmark results format alignment 2015-11-02 09:39:34 -08:00
John Safranek f8aeac608c 1. Add C NI-intrinsic AES-GCM encrypt and decrypt.
2. Fix error string for wolfcrypt test of GMAC.
3. Add AES-GCM Decrypt to benchmark.
2015-10-30 16:03:26 -07:00
toddouska 5d2d249673 turn on OpenSSL public key type decodes unless explicitly turned off 2015-10-30 13:40:05 -07:00
Takashi Kojo d741d4cddc Adding UTC Time Differential in ValidateDate 2015-10-30 11:26:54 +09:00
toddouska e76f95465d Merge pull request #170 from dgarske/master
Fixes initialization of the Crypto HW protection, which could leak a …
2015-10-29 13:56:18 -07:00
Leah 8dfa1af9e9 Merge pull request #169 from lchristina26/master
updates for VxWorks

Update example client/server to be compatible with VxWorks builds
2015-10-29 13:50:13 -06:00
lchristina26 5bcb7e98cb readme updates 2015-10-29 13:47:40 -06:00
lchristina26 1a96ff6766 readme updates 2015-10-29 13:45:58 -06:00
lchristina26 4061346f77 more readme updates 2015-10-29 13:44:22 -06:00
lchristina26 dd99948bcd Workbench readme update 2015-10-29 13:41:17 -06:00
lchristina26 723fc3761b Example client/server compatible with VxWorks 2015-10-29 13:39:02 -06:00
David Garske dacfd84bea Enhanced "ChangeToWolfRoot" to report error if the root was not found. Also fixed the depth limit. 2015-10-29 10:45:37 -07:00
David Garske f977caa492 Cleanup of the test code that looks for the WolfSSL root directory. Now it tries to open the certs/ntru-cert.pem file in each directory up (limited to 5) until it opens it. 2015-10-28 23:54:08 -07:00
David Garske d31cec0df0 Fixes initialization of the Crypto HW protection, which could leak a mutex if two calls to "wolfSSL_CryptHwMutexLock()" occurred at the same time prior to calling "wolfSSL_CryptHwMutexInit()". Fixes #164. 2015-10-28 23:07:52 -07:00
Jacob Barthelmeh 2c41a5b961 adjust wolfssl lib value in rpm spec.in v3.7.0 2015-10-28 17:33:31 -06:00
Jacob Barthelmeh 55a56cac05 Release 3.7.0 2015-10-28 15:07:22 -06:00
Moisés Guimarães 3e9fd1c542 Merge branch 'master' into csr
Conflicts:
	configure.ac
	wolfssl/wolfcrypt/types.h
2015-10-28 14:34:15 -03:00
Moisés Guimarães 071a452bec fix indentation and enum conflict 2015-10-28 12:20:20 -03:00
lchristina26 a914ca74f2 updates for VxWorks 2015-10-27 21:24:21 -06:00
toddouska 542b59d90a Merge pull request #150 from JacobBarthelmeh/master
Intel RSA IPP plug in
2015-10-27 16:57:32 -07:00
Jacob Barthelmeh 8bd228a391 remove libusercrypto.dylib and adjust gitignore 2015-10-27 17:11:31 -06:00
toddouska 5b2fbd9747 Merge pull request #168 from NickolasLapp/uninitWarn
Fixed gcc variable-mayble-uninitialized warning
2015-10-27 16:07:12 -07:00
Nickolas Lapp b7848481a3 Fixed gcc variable-mayble-uninitialized warning 2015-10-27 16:42:19 -06:00
Moisés Guimarães cddebfa941 changes --enable-statusrequest to --enable-ocspstapling 2015-10-27 19:27:56 -03:00
toddouska f477168cf7 make it easier for user to define custom bigint types 2015-10-27 14:52:07 -07:00
Jacob Barthelmeh fa1a356888 add DYNAMIC_TYPE_USER_CRYPTO tag for malloced memory 2015-10-27 13:26:32 -06:00
Moisés Guimarães 8dc154ff71 adds support for TLS downgrading against buggy TLS servers.
reference: RFC 5246 - TLS 1.2 - Appendix E.1:

   Note: some server implementations are known to implement version
   negotiation incorrectly.  For example, there are buggy TLS 1.0
   servers that simply close the connection when the client offers a
   version newer than TLS 1.0.  Also, it is known that some servers will
   refuse the connection if any TLS extensions are included in
   ClientHello.  Interoperability with such buggy servers is a complex
   topic beyond the scope of this document, and may require multiple
   connection attempts by the client.

   Earlier versions of the TLS specification were not fully clear on
   what the record layer version number (TLSPlaintext.version) should
   contain when sending ClientHello (i.e., before it is known which
   version of the protocol will be employed).  Thus, TLS servers
   compliant with this specification MUST accept any value {03,XX} as
   the record layer version number for ClientHello.

   TLS clients that wish to negotiate with older servers MAY send any
   value {03,XX} as the record layer version number.  Typical values
   would be {03,00}, the lowest version number supported by the client,
   and the value of ClientHello.client_version.  No single value will
   guarantee interoperability with all old servers, but this is a
   complex topic beyond the scope of this document.
2015-10-27 16:10:23 -03:00
Moisés Guimarães f37ea955ec improves OCSP response signature verification;
reference: RFC 2560 -  Section 4.2.2.2  Authorized Responders:

   The key that signs a certificate’s status information need not be the
   same key that signed the certificate. It is necessary however to
   ensure that the entity signing this information is authorized to do
   so.  Therefore, a certificate’s issuer MUST either sign the OCSP
   responses itself or it MUST explicitly designate this authority to
   another entity.
2015-10-26 19:33:35 -03:00