Commit Graph

784 Commits

Author SHA1 Message Date
Vikram Adiga
5146f3dd94 Initial commit of CyaSSL port for TI-RTOS 2014-05-08 15:50:55 -07:00
John Safranek
72e9ea8e4b added Hash DRBG as configure option 2014-05-07 11:54:12 -07:00
Takashi Kojo
eeb2e28f54 Sync with 3.0.0 2014-05-05 09:45:25 +09:00
John Safranek
fd707ebafb Hash_DRBG refactoring
1. Renamed everything that had DBRG with the correct DRBG
2. Changed word64 reseed_ctr to word32 reseedCtr
3. Changed reseed interval to 0xFFFFFFFF
2014-05-02 15:35:10 -07:00
Takashi Kojo
35d5b66d2c Merge remote-tracking branch 'CyaSSL-master/master' into IAR 2014-05-02 09:32:55 +09:00
Takashi Kojo
b680e62832 set up Simulator 2014-05-02 09:31:22 +09:00
toddouska
5ff0336491 add custom kqueue event for crl monitor shutdown 2014-05-01 09:28:33 -07:00
Takashi Kojo
fb00110b77 CyaSSL library project and README 2014-05-01 17:03:01 +09:00
Takashi Kojo
3de36b106e Merge remote-tracking branch 'CyaSSL-master/master' into IAR 2014-05-01 14:33:49 +09:00
Takashi Kojo
169c0eee20 IAR EWARM project: test, benchmark 2014-05-01 14:29:09 +09:00
John Safranek
838d9ea780 bump dev version, update README for v3.0.0 2014-04-29 10:45:01 -07:00
John Safranek
70dee7e190 Added the directoryName comparison to the name constraint checks. 2014-04-28 13:29:44 -07:00
John Safranek
618d282d94 Decodes the Name Constraints certificate extension on the CA cert
and checks the names on the peer cert, rejecting it if invalid
based on the name.
2014-04-28 11:03:24 -07:00
Takashi Kojo
6e3bbd135e des3.h 2014-04-25 14:21:28 +09:00
Takashi Kojo
2460679718 des3.h 2014-04-25 14:11:56 +09:00
Takashi Kojo
41199a480d ColdFire SEC, fix cache control in aes, des3 driver 2014-04-23 16:56:37 +09:00
Moisés Guimarães
8d8fca67c3 SHA256, SHA384 and SHA512 error propagation. Major impact on random functions with error propagation. 2014-04-14 21:39:14 -03:00
Moisés Guimarães
32e2d7016f SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation. 2014-04-14 21:36:04 -03:00
Chris Conlon
be65f5d518 update FSF address, wolfSSL copyright 2014-04-11 15:58:58 -06:00
John Safranek
421c08fc61 Merge branch 'frankencert' 2014-04-11 10:01:03 -07:00
Takashi Kojo
b712380a60 Sync MDK5 Software Pack with 2.9.4 2014-04-11 16:20:12 +09:00
John Safranek
603192f153 Removed an incorrect key use check. 2014-04-10 23:31:43 -07:00
John Safranek
e79ce42ef4 Added checking of the key usage and extended key usage extensions in the
certificates.
2014-04-10 16:50:14 -07:00
toddouska
5de34bf987 add client suite verify, detect mismatch early 2014-04-10 14:11:30 -07:00
toddouska
78ebc49bd2 bump dev version 2014-04-10 13:53:01 -07:00
toddouska
a44fb0596a update ecc ccm8 suites to approved cipher suite numbers 2014-04-10 13:18:31 -07:00
toddouska
06faa47001 version bump 2014-04-09 09:51:11 -07:00
Chris Conlon
e84487d121 fix SHA384 define 2014-04-07 10:29:16 -06:00
toddouska
6be3094494 remove debug logging macro left in 2014-04-06 12:45:41 -07:00
toddouska
562b017776 user settings, custom rand gen, by tyto diff 2014-04-04 15:10:08 -07:00
Chris Conlon
9e02937389 minor EROAD settings adjustments 2014-04-04 12:35:41 -06:00
toddouska
c210600d93 RSA fips mode 2014-04-01 13:08:48 -07:00
toddouska
348f50b4b1 bump dev version 2014-04-01 12:08:18 -07:00
toddouska
4ba587b18a Merge branch 'master' of github.com:cyassl/cyassl 2014-04-01 12:06:48 -07:00
Moisés Guimarães
6b9f711de0 DesSetKey refactory to reduce stack usage:
--- buffer variable moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error.
2014-03-28 12:59:39 -03:00
toddouska
05b132ce1c HMAC fips mode 2014-03-27 15:43:54 -07:00
toddouska
7dd265cf2e SHA384 fips mode 2014-03-27 14:37:37 -07:00
toddouska
e873d7998b SHA512 fips mode 2014-03-27 14:03:12 -07:00
Chris Conlon
59c1adaf0e version 2.9.2 release 2014-03-27 10:35:57 -06:00
John Safranek
dd61daef70 When saving the signature from a DecodedCert to a CYASSL_X509 only copy
the signature if it exists.
2014-03-26 12:01:26 -07:00
toddouska
d5be4c4663 SHA-256 fips mode 2014-03-25 17:11:15 -07:00
toddouska
18d178f325 add ShaFinal fips mode 2014-03-25 16:20:03 -07:00
toddouska
b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska
3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
toddouska
0fd8ca5409 NO_MAIN_DRIVER for settings 2014-03-25 14:10:07 -07:00
toddouska
b6fc109c1d add ecc_ctx_reset() so user can reuse ctx w/o init/free 2014-03-25 12:48:25 -07:00
toddouska
43c6ae3691 no C++ comments 2014-03-25 11:44:00 -07:00
toddouska
fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska
8c5d958a8b add Aes SetIV fips mode 2014-03-24 14:01:36 -07:00
toddouska
0ea10a4388 add 3DES fips mode 2014-03-24 13:37:52 -07:00
toddouska
8889e17489 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-21 14:50:52 -07:00
toddouska
9fe9276236 finish fips aes w/ tests 2014-03-21 14:49:49 -07:00
John Safranek
e19e2a801d Ext Key Usage
1. Store reference to raw EKU OIDs in the DecodedCert.
2. Fixed usage of the anyEKU.
2014-03-21 09:37:10 -07:00
John Safranek
08ae775406 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-21 09:34:08 -07:00
toddouska
98c6e3f3af have Base16 Decode on for FIPS tests 2014-03-20 11:38:14 -07:00
toddouska
8bc6bf9424 add lower case support to Base16 decode for better known answer test support, export 2014-03-20 10:31:52 -07:00
John Safranek
1e041abf04 decode Extended Key Usage extension 2014-03-20 10:07:47 -07:00
toddouska
58885b36eb add AesCbc fips mode 2014-03-19 16:43:52 -07:00
toddouska
388436c53e add AesSetKey fips mode 2014-03-19 13:56:11 -07:00
John Safranek
1ea620cece Merge branch 'master' of github.com:cyassl/cyassl 2014-03-14 16:02:38 -07:00
John Safranek
bcd7f03495 X.509
1. Added stubs for the Extended Key Usage and Inhibit anyPolicy
   extensions.
2. Key Usage extension is decoded normally.
3. Certificate Policy extension is noted normally.
2014-03-14 15:48:33 -07:00
Chris Conlon
a28d0dd276 add EROAD settings 2014-03-14 15:54:21 -06:00
toddouska
4ac70de055 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-13 18:56:07 -07:00
toddouska
b56ecd1842 add enable-iopool , simple I/O pool example using memory overrides 2014-03-13 18:54:51 -07:00
Moisés Guimarães
eba36226dc Boundaries check for DoCertificateRequest.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81 Boundaries check for DoFinished.
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
2014-03-13 19:14:13 -03:00
toddouska
2b8ee45a18 change default static buffer size to record header size to prevent memory fragmentation, only adds 8 bytes to SSL 2014-03-13 11:35:14 -07:00
John Safranek
1c35e5929a Merge branch 'master' of github.com:cyassl/cyassl 2014-03-12 15:41:40 -07:00
John Safranek
92c31d81f9 X.509 with unsupported critical extensions should be rejected 2014-03-11 11:50:45 -07:00
Takashi Kojo
5a6e2482da Eliminate unused file. 2014-03-11 12:00:53 +09:00
Takashi Kojo
6235c949b3 PIC32MZ 2014-03-11 11:32:16 +09:00
Takashi Kojo
a9ca608030 Sync with CyaSSL master 2014-03-11 11:22:39 +09:00
Takashi Kojo
6463d34fe7 Roll back native LwIP 2014-03-11 10:59:09 +09:00
Takashi Kojo
3e41d8cecb Merge branch 'PIC32MZ-HWCrypt'
Conflicts:
	configure.ac
	ctaocrypt/benchmark/benchmark.c
	ctaocrypt/src/asn.c
	ctaocrypt/src/coding.c
	ctaocrypt/src/des3.c
	ctaocrypt/src/md5.c
	ctaocrypt/src/random.c
	ctaocrypt/src/sha.c
	ctaocrypt/src/sha256.c
	cyassl/ctaocrypt/aes.h
	cyassl/ctaocrypt/settings.h
	cyassl/ssl.h
	cyassl/version.h
	examples/server/server.c
	m4/ax_debug.m4
	m4/ax_tls.m4
	mplabx/benchmark_main.c
	mplabx/ctaocrypt_test.X/nbproject/configurations.xml
	mplabx/test_main.c
	src/io.c
	src/ocsp.c
	src/ssl.c
	src/tls.c
	testsuite/testsuite.c
2014-03-11 10:11:36 +09:00
Takashi Kojo
8ea2eec773 Merge https://github.com/cyassl/cyassl 2014-03-11 09:55:57 +09:00
Takashi Kojo
65dc202356 settings.h for Harmony 2014-03-04 22:57:51 +09:00
Takashi Kojo
e5a51ca516 PIC32MZ Crypt Engine 2014-03-04 22:10:19 +09:00
Takashi Kojo
f5922255b0 Catching up 2.9.0 2014-03-04 22:09:38 +09:00
toddouska
f1597c86b1 fix clang -Wconversion except -Wsign-conversion 2014-03-03 16:46:48 -08:00
toddouska
c39cdbea54 make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined 2014-03-03 12:18:26 -08:00
toddouska
a50d2e1e21 fix -Wcast-align 2014-03-02 11:47:43 -08:00
Moisés Guimarães
78bab91615 removed duplicated check for INCOMPLETE_DATA
added new size enums
2014-02-24 11:26:55 -03:00
Takashi Kojo
5d5a8dbabd client.c for LwIP native socket, v0.2 2014-02-20 15:38:35 +09:00
toddouska
12a1b2faed more settings 2014-02-18 17:46:08 -08:00
toddouska
5421990c80 add ARM to settings 2014-02-18 17:01:27 -08:00
Chris Conlon
85a47b4596 add NO_STDIO_FILESYSTEM to exclude FILE usage from non standard filesystems 2014-02-14 14:57:43 -07:00
Chris Conlon
bc3fc658bb move filesystem abstraction to port.h 2014-02-14 14:46:49 -07:00
toddouska
7959239fb0 bump dev version 2014-02-13 15:15:49 -08:00
Chris Conlon
e3f8b74181 update tyto settings.h 2014-02-12 14:18:23 -07:00
Chris Conlon
cf6eaf219a tyto build - add GenerateSeed, exclude ctype.h, test.h 2014-02-12 13:39:38 -07:00
toddouska
1cf884dccc add enable-certservice, ease of use 2014-02-11 13:08:12 -08:00
John Safranek
594feec68b v2.9.0 release 2014-02-07 12:28:41 -08:00
Takashi Kojo
23bc584caf LwIP, native TCP socket, ver 2 2014-02-04 16:37:50 +09:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
John Safranek
2758f40a09 For OCSP, when decoding X.509 Auth Info Access record, find the first
OCSP responder, rather than only looking at the first item.
2014-02-03 14:39:41 -08:00
Moisés Guimarães
36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
Takashi Kojo
168985ed9f LwIP native TCP Socket 2014-02-02 18:09:25 +09:00
toddouska
c14bc1a45c fix ecc w/o openssl extra 2014-02-01 11:37:08 -08:00
John Safranek
909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães
9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães
70e3d6ddb0 removing missing extensions 2014-01-31 16:52:13 -03:00
Moisés Guimarães
afd38d11cd removing unused curve names. 2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
Chris Conlon
42ad70591a prevent XFREE from freeing NULL pointer under Freescale MQX 2014-01-28 10:28:19 -07:00
toddouska
e040e0ba7a fix scep 32 2014-01-27 12:50:29 -08:00
John Safranek
cfa9007199 1. Bumped release version in configure.ac.
2. Added enable option for SCEP. Enables prereqs.
3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 11:35:43 -08:00
Chris Conlon
43199cd573 PKCS7_DecodeEnvelopedData, only do ParseCert once in PKCS7_InitWithCert 2014-01-23 14:48:18 -07:00
toddouska
45c05ffd30 add non block size AesCtr support 2014-01-23 12:34:27 -08:00
John Safranek
15f94b2f98 1. Resized sample PKCS7 signed data attribute.
2. Removed unnecessary PKCS7 signed data attribute.
2014-01-21 11:45:15 -08:00
Moisés Guimarães
8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
John Safranek
c35a635fd7 Added initial PKCS7_VerifySignedData(). Only saves
the first included certificate if available.
2014-01-20 15:52:41 -08:00
John Safranek
28f3a2dc21 Added deallocator function for PKCS7 initializer data. 2014-01-20 10:51:26 -08:00
John Safranek
c4eb5642b1 1. Sign the PKCS#7 with a supplied private key, not
the single cert's public key.
2. Rename PKCS7 Envelope Data function as
   `PKCS7_EncodeEnvelopedData()`.
3. Encode signed data to check input parameters.
2014-01-17 14:07:40 -08:00
John Safranek
cf22e49117 Merge branch 'master' of github.com:cyassl/cyassl 2014-01-16 16:19:34 -08:00
John Safranek
264ce75041 1. Split SetTagged into SetExplicit and SetImplicit.
2. Updated code using SetTagged to use new functions.
2014-01-16 16:17:17 -08:00
Chris Conlon
a75b95facc more comments to PKCS#7 files 2014-01-16 13:29:37 -07:00
John Safranek
85c5c29e7a Merge branch 'master' of github.com:cyassl/cyassl
Conflicts:
	ctaocrypt/test/test.c
	cyassl/ctaocrypt/pkcs7.h
2014-01-15 13:23:26 -08:00
John Safranek
c33a8a890e Added encoding PKCS#7 signed data messages. 2014-01-15 12:31:51 -08:00
Chris Conlon
9f7e33e7e1 add PKCS7_DecodeEnvelopedData() 2014-01-14 22:57:55 -07:00
Chris Conlon
d63c58864f expose more ASN.1 helper functions with CYASSL_LOCAL 2014-01-14 22:48:55 -07:00
Chris Conlon
80c19aaf33 add PKCS7 error codes 2014-01-14 22:46:54 -07:00
toddouska
8a1971d52b add CyaSSL_CertPemToDer for certs, ca certs, and cert reqs 2014-01-14 15:13:43 -08:00
Chris Conlon
f072d92ed8 Merge branch 'master' of github.com:cyassl/cyassl 2014-01-13 13:20:29 -07:00
Chris Conlon
69ffa3a481 add PKCS7_EncodeEnvelopeData() 2014-01-13 13:19:44 -07:00
toddouska
bb6b2e86c6 add base64 encode with esacped line ending, keep existing api intact 2014-01-13 12:17:12 -08:00
John Safranek
ef9cfc2172 Added method to encode PKCS7 data type messages. 2014-01-13 10:58:01 -08:00
Chris Conlon
3a984990c2 update pkcs7.h 2014-01-10 16:17:02 -07:00
Chris Conlon
71e13a3c3a expose ASN.1 helper fns, add blkType 2014-01-10 16:13:56 -07:00
Chris Conlon
1d67d9217e initial PKCS#7 stubs, tie into ./configure 2014-01-10 15:17:03 -07:00
John Safranek
f9e73a8aeb Added setting the cert req challenge password. 2014-01-09 14:17:55 -08:00
John Safranek
f545a33e77 Cert Req
1. Added support for the cert req attributes.
2. Added setting the Basic Constraints extenstion request.
3. Added error checking for the cert req attribs.
2014-01-08 16:26:42 -08:00
John Safranek
4de6a6d902 Cert Request
1. Added function to make simple DER format cert reqs.
2. Added cert req type to DerToPem.
2014-01-07 17:25:46 -08:00
Chris Conlon
99ac08cf3d lower case mp_sqr() parameters, missed in previous commit 2014-01-02 13:37:11 -07:00
Chris Conlon
9f4ea7d059 update TYTO settings, FREESCALE_MMCAU AES check for NULL 2014-01-02 13:13:18 -07:00
Chris Conlon
7cc9ab3d6f use lower case variables, prevent conflict with some toolchain defines 2014-01-02 13:11:27 -07:00
John Safranek
d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
John Safranek
4ce2e59adf For Atomic user:
1. Added a getter for the session's IV size.
2. The HMAC size getter should return 0 for AEAD ciphers
   and the hash length for the others.
2013-12-23 22:32:08 -08:00
rofl0r
a36c18c27f implement CyaSSL_ERR_reason_error_string
this has several advantages:
- we can provide a replacement for openssl's ERR_reason_error_string,
  which makes porting simpler,
- code shrink due to removal of excessive strcpy call
- all error strings are const anyway so there's no point to force the
  user to supply storage for them and copying them around.
2013-12-19 19:40:48 +01:00
John Safranek
75e6ac534e Force Cygwin to use function tolower() rather than macro version 2013-12-18 10:58:10 -08:00
toddouska
9db9f52c9c don't install internal.h, not for public consumption 2013-12-16 15:24:02 -08:00
Moisés Guimarães
ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
Chris Conlon
5909f5c2c0 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-11 16:20:43 -08:00
Chris Conlon
8c7f5817ac NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file 2013-12-11 16:19:09 -08:00
John Safranek
0d85a85d59 Bumped version for point release. 2013-12-10 12:05:55 -08:00
John Safranek
9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code.
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães
f8b30b3379 changing variable names to build on Ubuntu. 2013-12-02 15:50:21 -03:00
Moisés Guimarães
ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
toddouska
7585e92fee allow cert signing w/o Cert object, buffer only 2013-11-19 16:56:49 -08:00