Commit Graph

1935 Commits

Author SHA1 Message Date
toddouska
43909ac725 fix sslv3 verify mac pad check, item 6 by report from Ivan Fratric of the Google Security Team 2014-03-26 12:14:18 -07:00
John Safranek
dd61daef70 When saving the signature from a DecodedCert to a CYASSL_X509 only copy
the signature if it exists.
2014-03-26 12:01:26 -07:00
toddouska
d5be4c4663 SHA-256 fips mode 2014-03-25 17:11:15 -07:00
toddouska
18d178f325 add ShaFinal fips mode 2014-03-25 16:20:03 -07:00
toddouska
b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska
3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
Chris Conlon
67672171c1 udpate .gitignore, ignore MPLABX generated files 2014-03-25 16:20:24 -06:00
Chris Conlon
0d25d6f11d update MCAPI projects to use zlib 1.2.8 2014-03-25 16:18:55 -06:00
Chris Conlon
746fd7d74d increase MCAPI CRYPT_AES_CTX to hold Aes 2014-03-25 16:16:44 -06:00
Chris Conlon
73e0ef76f7 fix unclosed MPLABX ifdef 2014-03-25 15:39:37 -06:00
toddouska
0fd8ca5409 NO_MAIN_DRIVER for settings 2014-03-25 14:10:07 -07:00
toddouska
b6fc109c1d add ecc_ctx_reset() so user can reuse ctx w/o init/free 2014-03-25 12:48:25 -07:00
toddouska
43c6ae3691 no C++ comments 2014-03-25 11:44:00 -07:00
toddouska
fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska
8c5d958a8b add Aes SetIV fips mode 2014-03-24 14:01:36 -07:00
toddouska
0ea10a4388 add 3DES fips mode 2014-03-24 13:37:52 -07:00
toddouska
8889e17489 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-21 14:50:52 -07:00
toddouska
9fe9276236 finish fips aes w/ tests 2014-03-21 14:49:49 -07:00
John Safranek
e19e2a801d Ext Key Usage
1. Store reference to raw EKU OIDs in the DecodedCert.
2. Fixed usage of the anyEKU.
2014-03-21 09:37:10 -07:00
John Safranek
08ae775406 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-21 09:34:08 -07:00
toddouska
a0d4c34900 allow snifftest to handle jumbo frames + potential partial 16k record from previous data packet on the stack 2014-03-20 15:34:20 -07:00
toddouska
98c6e3f3af have Base16 Decode on for FIPS tests 2014-03-20 11:38:14 -07:00
toddouska
c934f6b4b5 linux doesn't suport -o ping, -i 0.2 is more compatible 2014-03-20 11:05:03 -07:00
toddouska
ef8458f754 return right away after valid ping response, use TLSv1.2 for google 2014-03-20 10:37:53 -07:00
toddouska
0e9f2b5996 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-20 10:32:50 -07:00
toddouska
8bc6bf9424 add lower case support to Base16 decode for better known answer test support, export 2014-03-20 10:31:52 -07:00
John Safranek
1e041abf04 decode Extended Key Usage extension 2014-03-20 10:07:47 -07:00
John Safranek
5c41acb6be Merge branch 'master' of github.com:cyassl/cyassl 2014-03-19 21:31:15 -07:00
John Safranek
acfa8fb966 Added a test script to perform a client/webserver connection. 2014-03-19 21:20:43 -07:00
toddouska
58885b36eb add AesCbc fips mode 2014-03-19 16:43:52 -07:00
toddouska
388436c53e add AesSetKey fips mode 2014-03-19 13:56:11 -07:00
toddouska
faecf7f849 require thread local storage for power on self thread check 2014-03-19 10:19:08 -07:00
toddouska
be9451fbc5 rm --cahced didn't work to stop tracking 2014-03-19 09:55:20 -07:00
toddouska
8bbc30f3e1 add fips enable switch 2014-03-19 09:43:57 -07:00
toddouska
90b08761c4 fix benchmark output with 3 decimals 2014-03-18 12:28:54 -07:00
John Safranek
ac452eebdc in DecodeAltNames, skip unknown name types, don't treat as error 2014-03-18 09:24:07 -07:00
John Safranek
1ea620cece Merge branch 'master' of github.com:cyassl/cyassl 2014-03-14 16:02:38 -07:00
John Safranek
bcd7f03495 X.509
1. Added stubs for the Extended Key Usage and Inhibit anyPolicy
   extensions.
2. Key Usage extension is decoded normally.
3. Certificate Policy extension is noted normally.
2014-03-14 15:48:33 -07:00
Chris Conlon
a28d0dd276 add EROAD settings 2014-03-14 15:54:21 -06:00
Chris Conlon
5a1d420652 move CyaSSL_dtls() and CyaSSL_get_using_nonblock() out of #ifndef CYASSL_LEANPSK for use of leanPSK with standard I/O 2014-03-14 15:33:49 -06:00
toddouska
692cbf111f remove -Wunreachable becuase older clang is buggy and gcc always was when it had it 2014-03-14 11:47:39 -07:00
toddouska
4ac70de055 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-13 18:56:07 -07:00
toddouska
b56ecd1842 add enable-iopool , simple I/O pool example using memory overrides 2014-03-13 18:54:51 -07:00
Moisés Guimarães
0a5b758de3 Boundaries check for DoCertificate .
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
2014-03-13 19:15:26 -03:00
Moisés Guimarães
2d2d1341cf Boundaries check for DoCertificateVerify.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
eba36226dc Boundaries check for DoCertificateRequest.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
7630b1d222 Boundaries check for DoHelloVerifyRequest.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
881de67196 Boundaries check for DoHelloRequest.
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable mac;
2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81 Boundaries check for DoFinished.
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
4821b5d5fe Boundaries check for DoCertificateVerify.
-- switched from totalSz to size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables;
-- removed unnecessary #ifdef HAVE_ECC and #ifndef NO_RSA.
2014-03-13 19:14:13 -03:00