JacobBarthelmeh
fb25db9c28
progress on suite
2014-07-09 15:48:40 -06:00
toddouska
61e989ed99
Merge branch 'master' into ti
2014-07-03 11:34:15 -07:00
toddouska
2d63c559cc
dh now disabled by default but can be enabled w/o opensslextra
2014-07-03 11:32:24 -07:00
JacobBarthelmeh
5bf411f345
progress on suite
2014-07-01 14:16:44 -06:00
toddouska
1122f2a399
master merge resolve
2014-07-01 11:58:33 -07:00
toddouska
c957e9a909
make default I/O callbacks external for user to base/wrap if desired
2014-07-01 09:27:31 -07:00
toddouska
f2de04ae46
Merge branch 'master' into ti
2014-06-26 08:57:35 -06:00
Moisés Guimarães
9339d7d5b1
add support to TLS extensions in DTLS
2014-06-25 13:26:42 -03:00
toddouska
a6ea32461d
Merge branch 'master' into ti
2014-06-20 14:48:53 -07:00
toddouska
e6d9151f47
add user cert chain functionality at SSL level instead of just CTX
2014-06-20 10:49:21 -07:00
toddouska
a319354e92
Merge branch 'master' into ti
2014-06-20 09:24:11 -07:00
toddouska
6371b3c262
send ecdsa_sign for client cert request type is sig algo ecdsa
2014-06-20 09:22:40 -07:00
toddouska
9a180b0ec8
Merge branch 'master' into ti
2014-06-16 11:05:20 -07:00
John Safranek
33fb679334
fix small config bug between AES-GCM and AES-CCM
2014-06-15 13:59:33 -07:00
toddouska
a920795665
Merge branch 'master' into ti
2014-05-30 16:57:15 -07:00
John Safranek
b60a61fa94
DHE-PSK cipher suites
...
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_DHE_PSK_WITH_AES_128_CCM
* TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
2014-05-30 11:26:48 -07:00
toddouska
e373b083bf
Merge branch 'master' into ti
2014-05-20 14:33:14 -07:00
John Safranek
12841e6093
fix integration bugs with new suites
2014-05-20 14:07:08 -07:00
John Safranek
74712b4e71
1. Added the following cipher suites:
...
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_NULL_SHA384
2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites.
2014-05-19 21:44:04 -07:00
Vikram Adiga
5146f3dd94
Initial commit of CyaSSL port for TI-RTOS
2014-05-08 15:50:55 -07:00
toddouska
5ff0336491
add custom kqueue event for crl monitor shutdown
2014-05-01 09:28:33 -07:00
Chris Conlon
be65f5d518
update FSF address, wolfSSL copyright
2014-04-11 15:58:58 -06:00
toddouska
5de34bf987
add client suite verify, detect mismatch early
2014-04-10 14:11:30 -07:00
toddouska
a44fb0596a
update ecc ccm8 suites to approved cipher suite numbers
2014-04-10 13:18:31 -07:00
Chris Conlon
e84487d121
fix SHA384 define
2014-04-07 10:29:16 -06:00
toddouska
05b132ce1c
HMAC fips mode
2014-03-27 15:43:54 -07:00
toddouska
b41186a6dd
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-25 16:02:12 -07:00
toddouska
3607db9077
add SHA1 fips mode
2014-03-25 16:01:17 -07:00
toddouska
fb6d671629
resolve pull request merge conflict
2014-03-25 11:39:07 -07:00
toddouska
4ac70de055
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-13 18:56:07 -07:00
toddouska
b56ecd1842
add enable-iopool , simple I/O pool example using memory overrides
2014-03-13 18:54:51 -07:00
Moisés Guimarães
eba36226dc
Boundaries check for DoCertificateRequest.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81
Boundaries check for DoFinished.
...
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
2014-03-13 19:14:13 -03:00
toddouska
2b8ee45a18
change default static buffer size to record header size to prevent memory fragmentation, only adds 8 bytes to SSL
2014-03-13 11:35:14 -07:00
Moisés Guimarães
78bab91615
removed duplicated check for INCOMPLETE_DATA
...
added new size enums
2014-02-24 11:26:55 -03:00
John Safranek
f669e73c8d
Merge branch 'master' of github.com:cyassl/cyassl
2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1
Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion.
2014-02-03 16:14:35 -03:00
John Safranek
909b9258d6
Thread safe OCSP.
2014-01-31 16:59:13 -08:00
Moisés Guimarães
9490c0dbaf
validating curves
2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896
exporting pkCurve info to ctx and ssl
2014-01-31 16:52:14 -03:00
Moisés Guimarães
70e3d6ddb0
removing missing extensions
2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973
added external api for Elliptic Curves Extension.
2014-01-31 16:52:13 -03:00
Moisés Guimarães
8541c2cc97
added renegotiation indication SCSV sending on client hello.
2014-01-21 11:38:59 -03:00
John Safranek
d46c68ba10
Moved OCSP into the CertManager like the CRL.
2013-12-27 12:11:47 -08:00
Moisés Guimarães
ffd58e27ef
removing deprecated TRUNCATED_HMAC_SIZE
2013-12-12 21:05:31 -03:00
John Safranek
9fe165e8f8
1. Added a couple missing checks for NULL pointers in DTLS code.
...
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0
added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage
2013-12-02 16:19:52 -03:00
Moisés Guimarães
ba18f8b03e
added new function to retrieve SNI from a buffer.
2013-11-21 21:25:42 -03:00
John Safranek
4377996d87
Saved original SKID and AKID from certificate for later use with X.509 functions.
2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6
Save more decoded data from certificate for later use with X.509 functions.
2013-11-19 14:44:55 -08:00
Takashi Kojo
16bda74536
For MDK5 Pack
2013-11-07 10:29:01 +09:00
John Safranek
20e6ac7104
Added public key type to PKEY copy
2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5
Added X.509 accessor for signature.
2013-11-06 11:49:49 -08:00
John Safranek
913e200cd0
X.509 Additions:
...
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
2013-11-04 11:02:17 -08:00
toddouska
8c7715ee33
remove CBC naming from HC-128 suites
2013-10-24 12:10:09 -07:00
toddouska
f833674171
remove CBC from RABBIT suite naming
2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714
add AES Blake2b 256 basic suites for speed tests
2013-10-24 11:30:51 -07:00
toddouska
c039b0106a
add HC-128 Blake2b 256 cipher suite for speed test
2013-10-23 17:13:54 -07:00
toddouska
a14af5f0b0
move mutex to port layer at crypto level
2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76
centralizing MAX_DIGEST_SIZE definition in hmac.h
2013-09-06 15:53:46 -03:00
toddouska
e8fcf35098
add Rsa Public/Private client key exchange callbacks, examples
2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
toddouska
e98f5f95c2
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
toddouska
54a2f8b9aa
add useratomic DecryptVerify Callbacks, example
2013-08-21 16:55:34 -07:00
John Safranek
442886a207
Added x509 accessors for the SEP build certificate additions.
2013-08-17 09:01:15 -07:00
toddouska
65f0e9f6b9
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
John Safranek
831d9cf640
SEP Profile
...
1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
a CYASSL_SESSION record.
2013-08-02 16:03:41 -07:00
John Safranek
1357cdb0e4
SEP Profile
...
1. Add session cache index to CYASSL structure.
2. Add accessor for cache index in CYASSL structure.
3. Add copy function for session cache item.
2013-07-28 17:11:22 -07:00
Moisés Guimarães
55401c13dd
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
toddouska
87eb94b7c4
Merge branch 'master' of github.com:cyassl/cyassl
2013-06-24 14:02:40 -07:00
toddouska
b51d6f3b8f
add NetX default IO context handling
2013-06-24 14:00:48 -07:00
John Safranek
e0a84521c5
Make alert description and level enumerations public.
2013-06-21 14:56:42 -07:00
Moisés Guimarães
5f3ee80407
added:
...
- max fragment length extension;
- CyaSSL_SNI_GetRequest() to get client's request at server side;
- Automated tests for SNI;
2013-06-19 15:45:06 -03:00
Moisés Guimarães
f1d1898ddf
Added new option to SNI: CYASSL_SNI_ANSWER_ON_MISMATCH
...
Added new function to SNI API: CyaSSL_SNI_Matched()
2013-06-03 17:55:06 -03:00
Moisés Guimarães
5c665fe614
Added options to SNI (now it is possible to choose whether or not to abort on a SNI Host Name mismatch)
...
Exposed SNI Type at ssl.h
2013-05-30 15:26:41 -03:00
toddouska
d2003bb8b7
merge in sni
2013-05-21 14:37:50 -07:00
John Safranek
b347df8d9a
DTLS rx size check, ssn10
...
Allows for receiving datagrams larger than the MTU that are reassembled
by the IP stack.
2013-05-21 13:52:22 -07:00
toddouska
7693b4282a
turn on large static buffers for callbacks, easier for user
2013-05-20 12:46:54 -07:00
toddouska
cfdfa7b2b3
pull in Kojo MDK-ARM projects, changes
2013-05-16 09:47:27 -07:00
John Safranek
ac716c96d3
Output buffer size check when sending transmit pool.
...
1. Added a call to CheckAvailableSize() when sending the DTLS transmit pool.
2. Rename CheckAvailableSize().
2013-05-13 12:32:47 -07:00
toddouska
8f0b695249
fix leanpsk build with keep cert / session cert
2013-05-09 15:29:25 -07:00
toddouska
47b468d14f
add dtls recv timeout max user setting too
2013-05-08 12:49:55 -07:00
toddouska
8cb5f6d5d4
add user setting for dtls recv timeout init value
2013-05-07 16:14:26 -07:00
toddouska
a0c630b4ee
add cert cache persistence
2013-05-02 11:34:26 -07:00
toddouska
5a1886656a
Merge branch 'master' of github.com:cyassl/cyassl
2013-04-29 14:23:22 -07:00
toddouska
5c4fdb30ad
add client session table lookup based on serverID, use CyaSSL_SetServerID to set/store with serverid
2013-04-29 14:22:32 -07:00
John Safranek
87048698e5
use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes.
2013-04-29 12:08:16 -07:00
toddouska
05dd84598b
turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11
2013-04-25 15:36:33 -07:00
toddouska
bad1c32df2
add session cert conversion to x509, and free x509 for dynamic variety
2013-04-23 11:50:06 -07:00
toddouska
11d81b86de
change windows low res timer return
2013-04-22 10:52:38 -07:00
toddouska
d665e16bd8
add user ctx to verify callback with CyaSSL_SetCertCbCtx
2013-04-18 10:37:10 -07:00
John Safranek
fe13b4b6c6
moved and renamed the CBIO error codes so they are publically available
2013-04-16 12:32:55 -07:00
toddouska
a2bd6e786d
fix leanpsk NO_SHA build
2013-04-10 12:42:51 -07:00
John Safranek
9b0ffa0249
brought CYASSL_CALLBACK code up to current standard
2013-04-08 15:34:54 -07:00
John Safranek
e9bc868dbb
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
2013-04-01 14:25:20 -07:00
toddouska
82e3c00075
add CYASSL_GENERAL_ALIGNMENT detection and setting for TLS alignment attempt
2013-03-27 15:11:49 -07:00
John Safranek
f65f86bb88
improvements to CCM, ssn6
2013-03-22 11:30:12 -07:00
toddouska
4f9e915bc1
add KEEP_PEER_CERT flag for non opensslextra peer cert storage, ssn3
2013-03-19 12:18:52 -07:00
toddouska
31b03c8a2d
dtls defaults to no static buffers now, fix valgrind errors with dtls
2013-03-15 14:21:36 -07:00
toddouska
e515638503
make EmbedGenerateCookie a callback, USER_IO can install their own or default to ours
2013-03-13 16:41:50 -07:00