mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,469 Commits 5 Branches 162 Tags 807 MiB
87431aa744
Commit Graph

1113 Commits

Author SHA1 Message Date
toddouska
52c2c126c1 turncate hashSigAlgoSz to max buffer size 2014-12-01 15:53:59 -08:00
toddouska
09aeda2162 fix SetCipherList() possible 1 byte overrun 2014-12-01 14:34:48 -08:00
toddouska
295e65ca02 add sanity size check to iv fill in case block size is bad 2014-12-01 14:23:10 -08:00
toddouska
4954043def release lock on client side cache bad hash 2014-12-01 14:11:32 -08:00
John Safranek
1742e0ddb6 Merge in the ADH-AES128-SHA changes and add a check for it during the 
packet order sanity checking.
 2014-12-01 11:44:32 -08:00
toddouska
fe81c2855d sanity size check on handshake headers 2014-12-01 08:58:52 -08:00
toddouska
f1ab188949 disallow client to fast forward handshake messages 2014-11-18 16:27:39 -08:00
toddouska
59e62b7c49 Merge pull request #131 from lchristina26/master 
add braces around empty if statements
 2014-11-17 15:30:14 -08:00
toddouska
57522d217b disallow basic server fast forwards during handshake 2014-11-17 15:25:49 -08:00
toddouska
31858d2a34 move gotChangeCipher from options into msgsReceived 2014-11-17 13:11:45 -08:00
toddouska
5318b243ba add messages received framework, disallow duplicates 2014-11-17 12:55:07 -08:00
lchristina26
b3b0c8d1fc Add braces around empty if statements 2014-11-17 11:10:23 -07:00
John Safranek
eb59597fed fix bug in sniffer when using old client hellos where large hello message may 
be ignored
 2014-11-07 17:11:38 -08:00
John Safranek
00965d44dc fix sniffer bug with detecting old client hello 2014-11-07 15:35:36 -08:00
John Safranek
a45a8f2cd8 Merge branch 'master' of github.com:cyassl/cyassl 2014-11-07 14:40:21 -08:00
John Safranek
d829b5f93b Allow sniffer to follow ports using STARTTLS. 2014-11-07 14:37:00 -08:00
toddouska
b36f823da5 only do fips verify core check on fips files 2014-11-07 13:09:32 -08:00
John Safranek
3130145213 Added note to SSL_ResourceFree() 2014-11-06 16:07:05 -08:00
John Safranek
580289375c Fix memory leak in CyaSSL when using Hash DRBG 2014-11-06 15:44:24 -08:00
toddouska
202a1a152d fix jenkins report for smallstack derive tls keys 2014-11-04 15:39:54 -08:00
toddouska
322f79f521 allow user to set minimum downgrade version with v23 methods() 2014-11-03 15:12:48 -08:00
toddouska
d9f5ada772 add external wrappers for TLS Master Secret generation and Key Expansion 2014-11-03 09:56:40 -08:00
toddouska
02f7c71222 Merge branch 'master' of github.com:cyassl/cyassl 2014-10-31 13:24:29 -07:00
toddouska
0f641e07a2 remove old client hello processing by default, can turn on with OLD_HELLO_ALLOWED, add sanity checks before size front alloc 2014-10-31 13:23:50 -07:00
John Safranek
bb8853aa50 fix memory leak when resetting the peer address on a DTLS session 2014-10-30 16:23:25 -07:00
John Safranek
56c12c9716 For sniffer with SNI, refactored ssl_SetPrivateKey and 
ssl_SetNamedPrivateKey so they can be called in any order
for a particular server.
 2014-10-30 14:08:45 -07:00
toddouska
1e7b579777 sniffer signals got change cipher 2014-10-29 14:14:32 -07:00
toddouska
7fed36b09d explicit check for change cipher before finished instead of encryptionOn implicit 2014-10-29 14:07:41 -07:00
toddouska
c982dd2281 allow aes gcm fips wrappers, no void returns 2014-10-27 15:52:22 -07:00
John Safranek
bf718a7d51 Added a callback function to set the master secret on the client 2014-10-24 15:26:47 -07:00
Moisés Guimarães
6138ce720c internal.c: refactoring SendServerKeyExchange to reduce stack usage: 
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable hash moved to the heap (36 bytes saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable hash256 moved to the heap (32 bytes saved)
--- variable sha384 moved to the heap (sizeof(sha384) saved)
--- variable hash256 moved to the heap (48 bytes saved)
--- variable encodedSig moved to the heap (512 bytes saved)
*** the variables above appear twice in the code
 2014-10-24 13:51:58 -03:00
Moisés Guimarães
dc90935fc7 internal.c: refactoring SendServerKeyExchange to reduce stack usage: 
--- variable exportBuf moved to the heap (256 bytes saved)
--- indentation fixes
 2014-10-24 13:29:18 -03:00
Moisés Guimarães
0e43240180 trims trailing white spaces. 2014-10-24 10:33:24 -03:00
Moisés Guimarães
a60332d9a3 internal.c: refactoring DoServerKeyExchange to reduce stack usage: 
--- using goto to centralize resources deallocation.
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
5056ebe829 internal.c: refactoring DoServerKeyExchange to reduce stack usage: 
--- variable hash256 moved to the heap (32 bytes saved)
--- variable hash384 moved to the heap (48 bytes saved)
--- variable hash moved to the heap (36 bytes saved)
--- variable messageVerify moved to the heap (612 bytes saved)
--- variable encodedSig moved to the heap (512 bytes saved)
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
0447bf7551 internal.c: refactoring DoServerKeyExchange to reduce stack usage: 
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable sha384 moved to the heap (sizeof(Sha384) saved)
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
7f836cd6b3 internal.c: refactoring SendClientKeyExchange to reduce stack usage: 
--- variable encSecret moved to the heap (1027 bytes saved)
--- variables priv moved to the heap (1024 bytes saved)
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
949094cfbc internal.c: refactoring DoCertificateVerify to reduce stack usage: 
--- variable encodedSig moved to the heap (512 bytes saved)
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
9368c8d1e8 internal.c: refactoring SendCertificateVerify to reduce stack usage: 
--- variable encodedSig moved to the heap (512 bytes saved)
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
845e49781f internal.c: refactoring DoServerHello to reduce stack usage: 
--- variable clSuites removed (sizeof(Suites) saved)

ps.: TLSX_Parse() does not requires the suites parameter at client side.
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
a7e585b63d internal.c: refactoring BuildMessage to reduce stack usage: 
--- variable hmac moved to the heap (up to 64 bytes saved)
 2014-10-21 20:23:50 -03:00
Moisés Guimarães
5ef9a21eaa internal.c: refactoring DoCertificate to reduce stack usage: 
--- variable domain moved to the heap (256 bytes saved)
--- variable dCert moved to the heap (sizeof(DecodedCert) saved)
--- variable store moved to the heap (sizeof(CYASSL_X509_STORE_CTX) saved)
 2014-10-21 20:23:49 -03:00
Moisés Guimarães
37c1627234 internal.c: refactoring BuildFinished to reduce stack usage: 
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable sha384 moved to the heap (sizeof(Sha384) saved)
 2014-10-21 20:23:49 -03:00
Chris Conlon
50a00d4ff0 add PicoTCP support 2014-10-21 15:43:43 -06:00
John Safranek
e35e02a283 Added SNI named keys to the sniffer. 2014-10-21 12:22:12 -07:00
John Safranek
35bcc98948 Added a callback when receiving a NewSessionTicket handshake message. 2014-10-20 09:25:14 -07:00
John Safranek
60790ee4ae Merge branch 'master' of github.com:cyassl/cyassl 2014-10-16 22:01:55 -07:00
John Safranek
b2f25cd91c 1. Added accessors for session tickets. 
2. Fixed client case when server doesn't want to resume session with ticket.
 2014-10-16 22:00:13 -07:00
Moisés Guimarães
c2ade678e1 Adds use of ssl->session.sessionIDSz during SendClientHello(). 2014-10-13 23:16:11 -03:00
Moisés Guimarães
b10fdbf1f0 Adds storage of ssl->arrays->sessionIDSz in SessionCache at AddSession(); 
Adds storage of ssl->arrays->sessionIDSz in ssl->session at FreeArrays();
 2014-10-13 23:16:11 -03:00
Moisés Guimarães
6956d146d1 Adds capture of ssl->arrays->sessionIDSz at DoServerHello. 2014-10-13 23:16:11 -03:00
toddouska
159abadd73 add NO_FORCE_SCR_SAME_SUITE flag for scr 2014-10-09 11:10:40 -07:00
Moisés Guimarães
557f19db0b Adds support to session IDs of size 1 to 31 bytes. 
Only session IDs of size 0 or 32 bytes was allowed before, now the session ID size may be from 0 to 32 bytes.
A size of zero bytes means that is no session ID provided by the server.
 2014-10-07 13:02:59 -03:00
toddouska
c65b14a891 add scr check against subject hash, only allow explicit session ticket resupmtion during scr 2014-10-06 16:12:45 -07:00
toddouska
214eba0325 fix session ticket get size 2014-10-06 14:52:05 -07:00
John Safranek
7c67a9261c trimmed some unused code for session tickets 2014-10-06 12:44:52 -07:00
John Safranek
954740e2a8 Added check for expected session ticket 2014-10-04 12:41:51 -07:00
John Safranek
b95b2a8463 Merge branch 'master' of github.com:cyassl/cyassl 2014-10-03 13:27:22 -07:00
John Safranek
80a474ebad 1. Fixed encoding of session ticket hello extension. 
2. Session tickets used as alternative resumption.
 2014-10-03 13:19:59 -07:00
toddouska
24bfade874 catch user error with write() after WANT_WRITE with short size 2014-10-03 12:03:20 -07:00
toddouska
3f01f097e7 allow scr sessoin ticket 2014-10-02 10:43:06 -07:00
toddouska
668fed4796 don't allow scr and fake indication together 2014-10-02 10:18:11 -07:00
John Safranek
9dbc1d2d00 Parse the NewSessionTicket handshake message 2014-10-01 16:28:01 -07:00
toddouska
2f5520d14c fix potential resource leaks with scr and normal math on key reuse 2014-10-01 11:15:36 -07:00
toddouska
8e96234513 Merge branch 'master' of github.com:cyassl/cyassl 2014-10-01 09:45:57 -07:00
toddouska
41647e441a preview scr 2014-10-01 09:44:24 -07:00
Moisés Guimarães
ee68797cf1 Adds a flag to tell the handshake framework to expect a session ticket. 2014-09-30 18:50:19 -03:00
toddouska
eb42494ddd check scr cipher suite for changes 2014-09-30 12:55:15 -07:00
toddouska
29d4148637 handle bunlded scr messages 2014-09-30 11:52:21 -07:00
Moisés Guimarães
a937040087 Adds Session Ticket TLS Extension handling. 
New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
 2014-09-30 09:30:23 -03:00
Moisés Guimarães
6a75c8d144 fix TURN_ON mask 
adds --enable-session-ticket configure option
 2014-09-30 09:30:23 -03:00
toddouska
dcde28db51 add server initiated scr 2014-09-29 14:48:49 -07:00
toddouska
d3db4546ec allow client auth with scr 2014-09-29 13:38:56 -07:00
Moisés Guimarães
c340d78c93 adds SESSION_TICKET extension id. 
adds HAVE_TLS_EXTENSIONS as a dependency to HAVE_SECURE_RENEGOTIATION
reduces tlsx semaphore from 16 to 8 bytes (128 flags to 64 flags).
refactors ConvertExtType() to TLSX_ToSemaphore() for a better name and behavior. Now the overflowing flags are set backwards from the end of the flags to avoid collisions.
 2014-09-26 16:01:50 -03:00
toddouska
95585e93df scr session resumption example 2014-09-26 10:47:57 -07:00
toddouska
a260171e23 add scr for ephemeral keys 2014-09-26 10:27:14 -07:00
Jacob Barthelmeh
f5a95a9f62 struct for one time authentication ciphers 2014-09-25 16:19:50 -06:00
toddouska
0c20584ed3 add client side initiated secure r, same specs 2014-09-24 18:48:23 -07:00
toddouska
74c6f35766 new handShakeDone flag to allow app data during scr 2014-09-24 13:10:01 -07:00
toddouska
21f46373f3 delay SetKeys() with SetKeysSide() until last possible moment, needed for scr 2014-09-24 11:27:13 -07:00
toddouska
ed1beafdfc allow SetKeys() to be called with encrypt or decrypt, or both 2014-09-24 10:12:22 -07:00
Moisés Guimarães
596148840d adds braces requested by commit_tests.sh on linux 2014-09-22 13:17:05 -03:00
Moisés Guimarães
613337cf89 ssl: refactoring PemToDer to reduce stack usage: 
--- variable header moved to the heap (80 bytes saved)
--- variable footer moved to the heap (80 bytes saved)
--- variable password moved to the heap (80 bytes saved)

fixes memory leak in CyaSSL_RAND_bytes
 2014-09-22 11:37:36 -03:00
Moisés Guimarães
d9472d65da ssl: refactoring ProcessBuffer to reduce stack usage: 
--- variable password moved to the heap (80 bytes saved)
--- variable key moved to the heap (32 bytes saved)
--- variable iv moved to the heap (16 bytes saved)
--- variable Des moved to the heap (sizeof(Des) saved)
--- variable Des3 moved to the heap (sizeof(Des3) saved)
--- variable Aes moved to the heap (sizeof(Aes) saved)
--- variable RsaKey moved to the heap (sizeof(RsaKey) saved)

Utility functions added to Des, Des3 and Aes for easier decryption.
 2014-09-22 11:37:36 -03:00
Moisés Guimarães
df3ea53494 replaces tabs with spaces. 2014-09-22 11:37:35 -03:00
Moisés Guimarães
e9af29e3e3 ssl: refactoring CyaSSL_CTX_load_verify_locations to reduce stack usage: 
--- variable name moved to the heap (256 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
cb9dafca26 ssl: refactoring CyaSSL_SetTmpDH_buffer_wrapper to reduce stack usage: 
--- variable p moved to the heap (513 bytes saved)
--- variable p moved to the heap (513 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
3281e0dfcf ssl: refactoring CyaSSL_RAND_bytes to reduce stack usage: 
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
7cafb11791 ssl: refactoring CyaSSL_BN_rand to reduce stack usage: 
--- variable decoded moved to the heap (1024 bytes saved)
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
68063874dc ssl: refactoring CyaSSL_BN_hex2bn to reduce stack usage: 
--- variable decoded moved to the heap (1024 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
4b783b3d80 ssl: refactoring SetDhInternal to reduce stack usage: 
--- variable p moved to the heap (1024 bytes saved)
--- variable g moved to the heap (1024 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
5605a24e4f ssl: refactoring CyaSSL_DH_generate_key to reduce stack usage: 
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
--- variable pub moved to the heap (1024 bytes saved)
--- variable priv moved to the heap (1024 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
6b7dbb9f2a ssl: refactoring CyaSSL_DH_compute_key to reduce stack usage: 
--- variable pub moved to the heap (1024 bytes saved)
--- variable priv moved to the heap (1024 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
cab23472be ssl: refactoring CyaSSL_RSA_generate_key_ex to reduce stack usage: 
--- variable rng moved to the heap (sizeof(RNG) saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
c325504de7 ssl: refactoring CyaSSL_DSA_do_sign to reduce stack usage: 
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
3f459591c6 ssl: refactoring CyaSSL_RSA_sign to reduce stack usage: 
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
--- variable encodedSig moved to the heap (512 bytes saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
961bf710bc Removes unnecessary indentation. Since we use 80 characters line wrap, every space is important. 2014-09-22 11:37:35 -03:00
Moisés Guimarães
79dfb3a3c3 ssl: refactoring CyaSSL_HMAC to reduce stack usage: 
--- variable hmac moved to the heap (sizeof(Hmac) saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
8eeadc01b9 ssl: refactoring HashSession to reduce stack usage: 
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)

ssl: refactoring CyaSSL_EVP_BytesToKey to reduce stack usage:
--- variable md5 moved to the heap (sizeof(Md5) saved)
 2014-09-22 11:37:35 -03:00
Moisés Guimarães
19516cf5fd ssl: refactoring AddCA to reduce stack usage: 
--- variable cert moved to the heap (sizeof(DecodedCert) saved)

ssl: refactoring ProcessBuffer to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)

ssl: refactoring CyaSSL_CertManagerCheckOCSP to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)

ssl: refactoring CyaSSL_CertManagerCheckCRL to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)

ssl: refactoring CyaSSL_X509_d2i to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)

ssl: refactoring CyaSSL_X509_load_certificate_file to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)

ssl: refactoring CyaSSL_get_chain_X509 to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
 2014-09-22 11:37:35 -03:00