John Safranek
0ee7d7cc17
1. Add DES3 enable to full commit test.
...
2. Added DES3 to the list of FIPS prereqs.
2016-09-15 12:19:32 -07:00
John Safranek
e3bb4c29e2
Fix openssl.test with the lean-TLS option
...
1. Make new CA cert for test that is both client-cert.pem andr
client-ecc-cert.pem.
2. Use the new client-ca.pem cert in the test script.
3. Update renewcerts script to generate client-ca.pem.
2016-09-15 11:39:30 -07:00
John Safranek
2d4757b446
Disable DES3 by default. Force it enabled when it is a prereq for
...
another option. (SCEP and PKCS7)
2016-09-15 11:23:36 -07:00
JacobBarthelmeh
01be5cdc07
Merge pull request #550 from toddouska/rsainit
...
make sure rsa rng is null on init
2016-09-14 16:31:07 -06:00
toddouska
dc337946d5
make sure rsa rng is null on init
2016-09-14 14:33:08 -07:00
John Safranek
7410b5784f
Merge pull request #548 from toddouska/nocache
...
add WC_NO_CACHE_RESISTANT option for old code paths
2016-09-14 10:24:29 -07:00
toddouska
e039fcefc0
Merge pull request #549 from JacobBarthelmeh/master
...
aes.c : check ILP32 macro defined
2016-09-14 09:58:19 -07:00
Jacob Barthelmeh
109642fef4
aes.c : check ILP32 macro defined
2016-09-14 09:33:48 -06:00
toddouska
b6937626b4
don't require uneeded temp with WC_NO_CACHE_RESISTANT
2016-09-13 17:01:50 -07:00
toddouska
7b3fc558ec
add WC_NO_CACHE_RESISTANT option for old code path
2016-09-13 16:45:15 -07:00
John Safranek
b77c350153
Merge pull request #547 from toddouska/mathca
...
Remove timing resistant cache key bit monitor leaks
2016-09-13 14:34:23 -07:00
toddouska
05d78dc2ce
Merge pull request #544 from cconlon/rsafix
...
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
2016-09-13 11:24:03 -07:00
toddouska
46a0ee8e69
switch ecc timising resistant mulmod double to use temp instead of leaking key bit to cache monitor
2016-09-13 11:10:10 -07:00
John Safranek
0477d5379e
Merge pull request #546 from toddouska/aesca
...
AES T table cache preload.
2016-09-13 11:05:28 -07:00
toddouska
6ef9e79ff5
switch timing resistant exptmod to use temp for square instead of leaking key bit to cache monitor
2016-09-13 09:13:39 -07:00
toddouska
6ae1a14c9f
do aes cache line stride by bytes, not word32s
2016-09-12 21:09:08 -07:00
toddouska
c6256211d6
compress aes last round decrypt table, prefetch Td tables before aes decrypt rounds, prefecth compressed table before last round
2016-09-12 13:04:30 -07:00
toddouska
97a64bcc7c
remove unique aes last round Te table, pre fetch Te tables during software aes encrypt
2016-09-12 12:03:37 -07:00
Chris Conlon
a149d83bff
include MAX_RSA_INT_SZ in wc_RsaKeyToPublicDer(), for 4096-bit keys
2016-09-09 16:11:56 -06:00
John Safranek
68e48e84fd
Merge pull request #541 from toddouska/comp
...
detect server forcing compression on client w/o support
2016-09-09 13:00:22 -07:00
toddouska
fc54c53f38
Merge pull request #543 from JacobBarthelmeh/ARMv8
...
ARMv8 : increase performance with SHA256
2016-09-09 10:23:44 -07:00
Jacob Barthelmeh
3ec66dd662
ARMv8 : sanity checks and change constraint type
2016-09-09 00:27:40 +00:00
dgarske
bd3e40d2fc
Merge pull request #542 from JacobBarthelmeh/master
...
verify case with unexpected input
2016-09-08 16:07:28 -07:00
Jacob Barthelmeh
f4e604dec3
verify case with unexpected input
2016-09-08 15:32:09 -06:00
toddouska
0c21d76ce3
detect client not sending any compression types
2016-09-08 12:06:22 -07:00
Jacob Barthelmeh
79af4d30e0
ARMv8 : increase performance with SHA256
2016-09-08 18:00:24 +00:00
toddouska
3e80d966d2
Merge pull request #540 from dgarske/fix_noprng_nosha2
...
Fix to allow disabling P-RNG and SHA256 with CUSTOM_RAND_GENERATE_BLOCK
2016-09-07 16:33:32 -07:00
toddouska
3aefc42f04
have TLS server side verify no compression is in list if not using compression
2016-09-07 15:28:30 -07:00
David Garske
f6b786cfb5
Updated the random.h source inline comments to clarify SHA256 and RC4.
2016-09-07 09:23:43 -07:00
toddouska
baebec4ca4
Merge pull request #538 from JacobBarthelmeh/ARMv8
...
initial ARMv8 instructions
2016-09-07 09:20:14 -07:00
toddouska
a5db13cd01
detect server forcing compression on client w/o support
2016-09-07 09:17:14 -07:00
David Garske
8d6ea61a4f
Fix to allow disabling P-RNG and SHA256 when CUSTOM_RAND_GENERATE_BLOCK is used. Added inline documentation to describe RNG source options. Example: ./configure --enable-cryptonly --disable-hashdrbg CFLAGS="-DNO_SHA256 -DCUSTOM_RAND_GENERATE_BLOCK"
2016-09-06 16:42:53 -07:00
Jacob Barthelmeh
09b29cb1d4
ARMv8 AES: remove extra memcpy during encrypt/decrypt
2016-09-02 22:55:17 +00:00
JacobBarthelmeh
33f24ebaa8
Merge pull request #537 from ejohnstown/ocsp-issuerKeyHash
...
OCSP Fixes
2016-09-02 14:57:07 -06:00
Jacob Barthelmeh
8e4ccd355c
refactor ALIGN16 macro to types.h
2016-09-01 21:24:03 +00:00
Jacob Barthelmeh
41912b92c6
initial ARMv8 instructions
2016-09-01 18:10:06 +00:00
John Safranek
963b9d4c4d
OCSP Fixes
...
1. When using Cert Manager OCSP lookup, the issuer key hash wasn't
being set correctly. This could lead to unknown responses from lookup.
2. Default OCSP lookup callback could get blocked waiting for server
to close socket.
2016-09-01 09:58:34 -07:00
Chris Conlon
a0b02236b8
Merge pull request #527 from danielinux/master
...
Support for Frosted OS
2016-08-31 10:07:25 -06:00
toddouska
092916c253
Merge pull request #536 from ejohnstown/dtls-sctp
...
DTLS over SCTP
2016-08-30 13:09:40 -07:00
John Safranek
e0a035a063
DTLS-SCTP Tests
...
1. Added a check to configure for SCTP availablility.
2. Added DTLS-SCTP to the cipher suite test.
2016-08-29 15:24:51 -07:00
JacobBarthelmeh
de3f66b946
Merge pull request #515 from dgarske/cryptonly_static_mem
...
Added support for static memory with wolfCrypt
2016-08-29 15:23:28 -06:00
David Garske
ddff90ea26
Fix duplicate declaration of "wolfSSL_init_memory_heap" (errors after rebase).
2016-08-29 11:50:43 -07:00
David Garske
6a70403547
Fix for "not used" devId in benchmark.
2016-08-29 11:01:16 -07:00
David Garske
2ecd80ce23
Added support for static memory with wolfCrypt. Adds new "wc_LoadStaticMemory" function and moves "wolfSSL_init_memory_heap" into wolfCrypt layer. Enhanced wolfCrypt test and benchmark to use the static memory tool if enabled. Added support for static memory with "WOLFSSL_DEBUG_MEMORY" defined. Fixed issue with have-iopool and XMALLOC/XFREE. Added check to prevent using WOLFSSL_STATIC_MEMORY with HAVE_IO_POOL, XMALLOC_USER or NO_WOLFSSL_MEMORY defined.
2016-08-29 10:38:06 -07:00
John Safranek
05a35a8332
fix scan-build warning on the simple SCTP example server
2016-08-26 20:33:05 -07:00
John Safranek
aed68e1c69
1. Needed to tell the client to use sctp.
...
2. Creating the example sockets needed the IPPROTO type.
2016-08-26 19:58:36 -07:00
John Safranek
46e92e0211
DTLS-SCTP example client and server
...
1. Update the example client and server to test DTLS-SCTP.
2. Modify the test.h functions for setting up connections to allow
for a SCTP option.
3. Update other examples to use the new test.h functions.
4. Removed some prototypes in the client header file were some functions
that should have been static to the client.c file and made them static.
2016-08-26 19:58:36 -07:00
John Safranek
6d5df3928f
SCTP-DTLS examples
...
1. Added the set SCTP mode command to client and server.
2. Added a 4K buffer test case.
2016-08-26 19:58:36 -07:00
John Safranek
bab071f961
1. Implemented the SCTP MTU size changes for transmit.
...
2. Simplified the MAX_FRAGMENT size when calling SendData().
2016-08-26 19:58:36 -07:00
John Safranek
a6c0d4fed7
1. Added missing -DWOLFSSL_SCTP to configure.ac.
...
2. Don't do hello verify requests in SCTP mode.
3. Implemented the SCTP MTU size changes.
4. Simplified the MAX_FRAGMENT size when calling ReceiveData().
2016-08-26 19:58:36 -07:00