John Safranek
20e6ac7104
Added public key type to PKEY copy
2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5
Added X.509 accessor for signature.
2013-11-06 11:49:49 -08:00
John Safranek
913e200cd0
X.509 Additions:
...
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
2013-11-04 11:02:17 -08:00
toddouska
8c7715ee33
remove CBC naming from HC-128 suites
2013-10-24 12:10:09 -07:00
toddouska
f833674171
remove CBC from RABBIT suite naming
2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714
add AES Blake2b 256 basic suites for speed tests
2013-10-24 11:30:51 -07:00
toddouska
c039b0106a
add HC-128 Blake2b 256 cipher suite for speed test
2013-10-23 17:13:54 -07:00
toddouska
a14af5f0b0
move mutex to port layer at crypto level
2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76
centralizing MAX_DIGEST_SIZE definition in hmac.h
2013-09-06 15:53:46 -03:00
toddouska
e8fcf35098
add Rsa Public/Private client key exchange callbacks, examples
2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
toddouska
e98f5f95c2
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
toddouska
54a2f8b9aa
add useratomic DecryptVerify Callbacks, example
2013-08-21 16:55:34 -07:00
John Safranek
442886a207
Added x509 accessors for the SEP build certificate additions.
2013-08-17 09:01:15 -07:00
toddouska
65f0e9f6b9
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
John Safranek
831d9cf640
SEP Profile
...
1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
a CYASSL_SESSION record.
2013-08-02 16:03:41 -07:00
John Safranek
1357cdb0e4
SEP Profile
...
1. Add session cache index to CYASSL structure.
2. Add accessor for cache index in CYASSL structure.
3. Add copy function for session cache item.
2013-07-28 17:11:22 -07:00
Moisés Guimarães
55401c13dd
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
toddouska
87eb94b7c4
Merge branch 'master' of github.com:cyassl/cyassl
2013-06-24 14:02:40 -07:00
toddouska
b51d6f3b8f
add NetX default IO context handling
2013-06-24 14:00:48 -07:00
John Safranek
e0a84521c5
Make alert description and level enumerations public.
2013-06-21 14:56:42 -07:00
Moisés Guimarães
5f3ee80407
added:
...
- max fragment length extension;
- CyaSSL_SNI_GetRequest() to get client's request at server side;
- Automated tests for SNI;
2013-06-19 15:45:06 -03:00
Moisés Guimarães
f1d1898ddf
Added new option to SNI: CYASSL_SNI_ANSWER_ON_MISMATCH
...
Added new function to SNI API: CyaSSL_SNI_Matched()
2013-06-03 17:55:06 -03:00
Moisés Guimarães
5c665fe614
Added options to SNI (now it is possible to choose whether or not to abort on a SNI Host Name mismatch)
...
Exposed SNI Type at ssl.h
2013-05-30 15:26:41 -03:00
toddouska
d2003bb8b7
merge in sni
2013-05-21 14:37:50 -07:00
John Safranek
b347df8d9a
DTLS rx size check, ssn10
...
Allows for receiving datagrams larger than the MTU that are reassembled
by the IP stack.
2013-05-21 13:52:22 -07:00
toddouska
7693b4282a
turn on large static buffers for callbacks, easier for user
2013-05-20 12:46:54 -07:00
toddouska
cfdfa7b2b3
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
John Safranek
ac716c96d3
Output buffer size check when sending transmit pool.
...
1. Added a call to CheckAvailableSize() when sending the DTLS transmit pool.
2. Rename CheckAvailableSize().
2013-05-13 12:32:47 -07:00
toddouska
8f0b695249
fix leanpsk build with keep cert / session cert
2013-05-09 15:29:25 -07:00
toddouska
47b468d14f
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
toddouska
8cb5f6d5d4
add user setting for dtls recv timeout init value
2013-05-07 16:14:26 -07:00
toddouska
a0c630b4ee
add cert cache persistence
2013-05-02 11:34:26 -07:00
toddouska
5a1886656a
Merge branch 'master' of github.com:cyassl/cyassl
2013-04-29 14:23:22 -07:00
toddouska
5c4fdb30ad
add client session table lookup based on serverID, use CyaSSL_SetServerID to set/store with serverid
2013-04-29 14:22:32 -07:00
John Safranek
87048698e5
use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes.
2013-04-29 12:08:16 -07:00
toddouska
05dd84598b
turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11
2013-04-25 15:36:33 -07:00
toddouska
bad1c32df2
add session cert conversion to x509, and free x509 for dynamic variety
2013-04-23 11:50:06 -07:00
toddouska
11d81b86de
change windows low res timer return
2013-04-22 10:52:38 -07:00
toddouska
d665e16bd8
add user ctx to verify callback with CyaSSL_SetCertCbCtx
2013-04-18 10:37:10 -07:00
John Safranek
fe13b4b6c6
moved and renamed the CBIO error codes so they are publically available
2013-04-16 12:32:55 -07:00
toddouska
a2bd6e786d
fix leanpsk NO_SHA build
2013-04-10 12:42:51 -07:00
John Safranek
9b0ffa0249
brought CYASSL_CALLBACK code up to current standard
2013-04-08 15:34:54 -07:00
John Safranek
e9bc868dbb
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
2013-04-01 14:25:20 -07:00
toddouska
82e3c00075
add CYASSL_GENERAL_ALIGNMENT detection and setting for TLS alignment attempt
2013-03-27 15:11:49 -07:00
John Safranek
f65f86bb88
improvements to CCM, ssn6
2013-03-22 11:30:12 -07:00
toddouska
4f9e915bc1
add KEEP_PEER_CERT flag for non opensslextra peer cert storage, ssn3
2013-03-19 12:18:52 -07:00
toddouska
31b03c8a2d
dtls defaults to no static buffers now, fix valgrind errors with dtls
2013-03-15 14:21:36 -07:00
toddouska
e515638503
make EmbedGenerateCookie a callback, USER_IO can install their own or default to ours
2013-03-13 16:41:50 -07:00
toddouska
7914938e60
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
2013-03-11 17:37:08 -07:00
toddouska
49e62f0858
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
2013-03-11 16:07:46 -07:00
toddouska
7ce9315173
Merge branch 'master' of github.com:cyassl/cyassl
2013-03-11 11:00:47 -07:00
toddouska
47e7e27bb2
add cipher suite check to suite tests to make adding test cases easier
2013-03-11 10:59:08 -07:00
John Safranek
20e4889092
Merge branch 'dtls'
...
Conflicts:
src/ssl.c
2013-03-08 17:45:35 -08:00
toddouska
6b3a80366f
NO_RSA with ecc build fixes
2013-03-07 18:10:18 -08:00
toddouska
85b3346bbf
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
2013-03-07 17:44:40 -08:00
John Safranek
591e1fc772
DTLSv1.2, fixed DTLS socket timeout
2013-03-06 23:02:33 -08:00
John Safranek
d52fe96063
added AES-CBC-SHA256 and SHA384 cipher suites.
2013-03-04 13:25:46 -08:00
toddouska
cc9ac1846d
fix ecc w/ no rsa send cert verify and server flag for missing cert verify
2013-02-26 22:24:34 -08:00
John Safranek
6ff39cffe4
Merge branch 'dtls'
...
Conflicts:
cyassl/ctaocrypt/types.h
2013-02-20 17:08:22 -08:00
John Safranek
2c1ed7c11c
removed old defragmentation code. fixed new defragment code.
2013-02-20 08:35:33 -08:00
John Safranek
bdadeab342
added storing of out-of-order and fragmented message, missing processing of the stored list
2013-02-19 16:06:02 -08:00
John Safranek
116f2403d0
updated the list for storing out of order messages
2013-02-19 12:51:02 -08:00
John Safranek
87cad7a966
merge branch tls12 into master
2013-02-18 14:36:50 -08:00
toddouska
9ea3371079
2nd round scan build
2013-02-14 16:00:45 -08:00
John Safranek
982b72796e
added list for DTLS handshake datagram reordering
2013-02-07 11:26:02 -08:00
toddouska
44e0d7543c
change copyright name with name change
2013-02-05 12:44:17 -08:00
toddouska
f4f13371f9
update copyright date
2013-02-04 14:51:41 -08:00
Todd Ouska
44b6593fe5
add cavium ciphers to SSL, and example client
2013-02-01 12:21:38 -08:00
John Safranek
6616975f81
added AES-CCM-8 ECC cipher suites, and more test cases
2013-01-21 15:19:45 -08:00
John Safranek
a453ccba57
Added TLS support for Camellia
2013-01-21 10:53:42 -08:00
John Safranek
ccff37f4b1
added TLS support for AES-CCM-8
2013-01-15 15:20:30 -08:00
John Safranek
eb221238c2
separated TLS-AEAD and AES-GCM so TLS-AEAD can also use AES-CCM
2013-01-14 15:59:53 -08:00
John Safranek
f756573401
Merge branch 'ocsp-test'
2013-01-04 14:11:47 -08:00
John Safranek
ac227910f1
modify OCSP to use a replacable callback to perform the OCSP transaction
2013-01-03 17:19:56 -08:00
toddouska
53e4c2ed72
fix pvs studio warnings
2013-01-02 11:39:12 -08:00
toddouska
6d3728fe61
fix ripemd compression round
2012-12-28 14:19:28 -08:00
toddouska
561906cffd
Merge branch 'master' of github.com:cyassl/cyassl
2012-12-27 16:36:48 -08:00
toddouska
f0bc61a5d3
add more robust pad/verify checks
2012-12-27 16:35:43 -08:00
John Safranek
cf114b92df
made the ecc keys in the CYASSL struct dynamic
2012-12-26 16:39:19 -08:00
John Safranek
831c760edc
Merge branch 'ocsp'
...
Fixes some bugs in the ocsp code, and adds a new option to skip nonces.
2012-12-20 16:26:49 -08:00
John Safranek
4e657debfc
added the ability to disable OCSP nonces
2012-12-19 10:18:11 -08:00
toddouska
96cc05b7b1
fix shadow warning
2012-12-18 11:40:45 -08:00
toddouska
6e4d33eb00
move ProtocolVersion struct members directly into RecordLayerHeader
2012-11-28 16:34:41 -08:00
John Safranek
66a3ce2ec1
added SHA-256 based RNG when setting NO_RC4 compile flag
2012-11-27 22:17:25 -08:00
John Safranek
f8f7f69f48
compile option to leave out MD5 and SSL code
2012-11-26 18:40:43 -08:00
John Safranek
a89398fdbc
added the cipher suites PSK-NULL-SHA256 and PSK-AES128-CBC-SHA256
2012-11-20 14:52:17 -08:00
toddouska
dd259b12c7
add CyaSSL_peek()
2012-11-16 12:16:00 -08:00
toddouska
4a007a2fa0
make MAX_CHAIN_DEPTH a build time define and default to 9
2012-11-05 10:40:06 -08:00
John Safranek
9aa8b71525
Merge branch 'nocerts'
2012-11-01 15:47:02 -07:00
John Safranek
134c6b8b1b
cleaning warnings in OCSP build
2012-11-01 15:03:29 -07:00
John Safranek
85e8f1988a
leanpsk build removes cert code, moved ctaocrypt error strings to own file
2012-11-01 12:36:47 -07:00
Chris Conlon
f6304ae37a
add support for Freescale MQX
2012-11-01 11:23:42 -06:00
John Safranek
174618ebfb
added build option for leanPSK
2012-10-29 15:39:42 -07:00
toddouska
d4d5243f4d
add user ability to set IO read/write flags
2012-10-25 14:17:11 -07:00
toddouska
0bbbea20be
switch sniffer buffers to dynamic, reduce holding memory if large number of sessions cached
2012-10-24 17:37:57 -07:00
John Safranek
a92b639155
add optional null cipher support for RSA
2012-10-19 20:52:22 -07:00
John Safranek
346a52a58c
add optional null cipher support for PSK
2012-10-19 10:37:21 -07:00
John Safranek
e673b1852a
fixed windows build warnings
2012-10-09 16:13:05 -07:00
John Safranek
397fbb743f
Merge branch 'master' of github.com:cyassl/cyassl
2012-10-03 15:33:23 -07:00
toddouska
e970cdfbc0
init cipher specs, check client key exchange state b4 process
2012-10-03 11:57:20 -07:00
John Safranek
9bbca6acfb
Merge branch 'master' of github.com:cyassl/cyassl
2012-10-02 14:42:06 -07:00
John Safranek
6d1e485ef4
DTLS to use recvfrom and sendto in embed recv and send callbacks. Added support for storing dtls peer address.
2012-10-02 09:15:50 -07:00
toddouska
e0413df92a
add key setup flag for malicious or misbehaving handshake messages with new memory system
2012-10-01 11:32:05 -07:00
John Safranek
40eb5b3cc5
DTLS resend allocates only enough buffer when needed
2012-09-17 09:52:20 -07:00
John Safranek
40972868ce
fix merge conflicts
2012-09-14 21:19:06 -07:00
John Safranek
7899252104
dtls handshake improvement
2012-09-14 19:30:50 -07:00
John Safranek
56ee2eaba8
added dtls message retry
2012-09-14 09:35:34 -07:00
John Safranek
97ca8439a4
Merge branch 'master' of github.com:cyassl/cyassl
2012-09-07 08:30:03 -07:00
John Safranek
407397e8be
adding DTLS retry timeout, added CYASSL pointer to recv/send callbacks
2012-09-06 22:41:55 -07:00
toddouska
8c32a5a2ed
make RNG in ssl dynamic, release after hs if stream or < tls1.1
2012-09-05 16:18:29 -07:00
toddouska
9ddf43268d
use dynamic memory for ssl ciphers, only use what needed
2012-09-05 12:30:51 -07:00
toddouska
c47afaf84f
make suites object dynamic, only use during handshake
2012-09-05 10:17:48 -07:00
toddouska
6943229f87
reduce client key exchange stack use in non NTRU mode
2012-09-04 15:56:52 -07:00
toddouska
1ba8aff525
don't allow corrupted change cipher (fix by antoxa), don't allow multiple decryptions of corrupted messages
2012-09-04 11:37:47 -07:00
John Safranek
561a7fc35d
drop out of order dtls packets
2012-08-23 15:50:56 -07:00
John Safranek
c20eb88d3d
Merge branch 'master' of github.com:cyassl/cyassl
2012-08-17 14:21:17 -07:00
toddouska
925ddb6626
Merge branch 'master' of github.com:cyassl/cyassl
2012-08-15 17:00:34 -07:00
toddouska
05692e1d6a
IAR fixes, SafeRTOS port, better LWIP support
2012-08-15 17:00:11 -07:00
John Safranek
c42792e0f1
fix compiler warnings
2012-08-14 13:51:56 -07:00
John Safranek
9d912970c8
Merge branch 'master' of github.com:cyassl/cyassl
2012-08-13 17:33:20 -07:00
Chris Conlon
7ec04c16b6
EBSnet RTIP support
2012-08-13 17:10:05 -06:00
John Safranek
70552ef8e1
added DTLS handshake message defragmentation
2012-08-10 10:24:31 -07:00
John Safranek
11df1d25d4
fixed the dtls handshake header handling
2012-08-09 13:27:30 -07:00
toddouska
08ff33894f
add ECDH static cipher suite tests including RSA signed ECDH, clean up code with haveECDSA -> haveECDSAsig
2012-08-08 15:09:26 -07:00
John Safranek
3747246133
added the generation, verification, and client usage of DTLS handshake cookies
2012-08-08 10:38:12 -07:00
Chris Conlon
afa27f0021
FreeRTOS threads support, windows simulator support
2012-08-02 09:54:41 -06:00
John Safranek
b8b5e7b873
Merge branch 'master' of github.com:cyassl/cyassl
2012-07-31 18:42:44 -07:00
toddouska
a5af2e3d51
add altname retrieval from peer cert
2012-07-31 17:45:48 -07:00
John Safranek
368afbb815
Merge branch 'master' of github.com:cyassl/cyassl
2012-07-31 10:11:21 -07:00
John Safranek
e716380bad
fixed a bug where aes-gcm required opensslExtra at build configure
2012-07-31 10:07:33 -07:00
toddouska
e2eb1b78cc
Merge branch 'master' of github.com:cyassl/cyassl
2012-07-27 12:32:42 -07:00
toddouska
6e84ab1271
add max chain depth unique error, increase depth to 6
2012-07-27 12:32:22 -07:00
John Safranek
3cd231bdfc
Merge branch 'master' of github.com:cyassl/cyassl
2012-07-24 15:04:16 -07:00
toddouska
6d3c7d8c59
allow bigger MTU record for sniffer
2012-07-20 13:04:03 -07:00
John Safranek
489fbf17fe
Merge branch 'master' of github.com:cyassl/cyassl
2012-07-19 17:22:16 -07:00
toddouska
d607ffaf02
fix MAX_MSG_EXTRA for SHA-256 digest with IV with dynamic buffers
2012-07-17 11:52:13 -07:00
John Safranek
ac79d3b145
replaced magic numbers with named constants, renamed some constants
2012-07-17 10:00:45 -07:00
John Safranek
aaad893804
fixed merge conflict
2012-07-12 08:39:57 -07:00
toddouska
1f0a32a7e3
use internal enum for cipher requires, move external enums back to starting at zero
2012-07-11 17:00:16 -07:00
John Safranek
1ac6db9d1d
added basic hello extension support for TLSv1.2, renumbered the algorithm enumerations to match RFC
2012-07-09 10:02:34 -07:00
John Safranek
eb302b91b0
Merge branch 'master' of github.com:cyassl/cyassl
2012-06-30 16:29:10 -07:00
toddouska
22cb11f304
add hello_request and session_ticket handling to sniffer
2012-06-28 13:37:19 -07:00
John Safranek
3a9a195683
Initial draft of AES GCM cipher suites. Missing SHA-384 support.
2012-06-26 09:30:48 -07:00
John Safranek
918ea3a074
added the library framework for handling aes-gcm in TLS
2012-06-18 15:57:37 -07:00
John Safranek
ca7bf0d01e
Merge branch 'master' of github.com:cyassl/cyassl
2012-05-31 17:29:41 -07:00
John Safranek
6d76b2f247
dynamic allocation of OCSP responses, response signature check
2012-05-31 17:29:32 -07:00
toddouska
fbc5c8d6dc
add SSL set version, different from ctx version
2012-05-31 15:24:25 -07:00
John Safranek
4b8bb6cdfe
fixed merge conflicts
2012-05-29 09:19:53 -07:00
John Safranek
9818fe4f55
changed DN hashing to cover the whole DER encoding per OCSP-RFC, OCSP changes towards dynamic storage of responses
2012-05-29 09:11:37 -07:00