Commit Graph

217 Commits

Author SHA1 Message Date
John Safranek
b60a61fa94 DHE-PSK cipher suites
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 * TLS_DHE_PSK_WITH_NULL_SHA256
 * TLS_DHE_PSK_WITH_NULL_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CCM
 * TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
2014-05-30 11:26:48 -07:00
John Safranek
12841e6093 fix integration bugs with new suites 2014-05-20 14:07:08 -07:00
John Safranek
74712b4e71 1. Added the following cipher suites:
* TLS_PSK_WITH_AES_128_GCM_SHA256
 * TLS_PSK_WITH_AES_256_GCM_SHA384
 * TLS_PSK_WITH_AES_256_CBC_SHA384
 * TLS_PSK_WITH_NULL_SHA384
2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites.
2014-05-19 21:44:04 -07:00
toddouska
5ff0336491 add custom kqueue event for crl monitor shutdown 2014-05-01 09:28:33 -07:00
Chris Conlon
be65f5d518 update FSF address, wolfSSL copyright 2014-04-11 15:58:58 -06:00
toddouska
5de34bf987 add client suite verify, detect mismatch early 2014-04-10 14:11:30 -07:00
toddouska
a44fb0596a update ecc ccm8 suites to approved cipher suite numbers 2014-04-10 13:18:31 -07:00
Chris Conlon
e84487d121 fix SHA384 define 2014-04-07 10:29:16 -06:00
toddouska
05b132ce1c HMAC fips mode 2014-03-27 15:43:54 -07:00
toddouska
b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska
3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
toddouska
fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska
4ac70de055 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-13 18:56:07 -07:00
toddouska
b56ecd1842 add enable-iopool , simple I/O pool example using memory overrides 2014-03-13 18:54:51 -07:00
Moisés Guimarães
eba36226dc Boundaries check for DoCertificateRequest.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81 Boundaries check for DoFinished.
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
2014-03-13 19:14:13 -03:00
toddouska
2b8ee45a18 change default static buffer size to record header size to prevent memory fragmentation, only adds 8 bytes to SSL 2014-03-13 11:35:14 -07:00
Moisés Guimarães
78bab91615 removed duplicated check for INCOMPLETE_DATA
added new size enums
2014-02-24 11:26:55 -03:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
John Safranek
909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães
9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães
70e3d6ddb0 removing missing extensions 2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
Moisés Guimarães
8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
John Safranek
d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
Moisés Guimarães
ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
John Safranek
9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code.
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães
ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
Takashi Kojo
16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
John Safranek
20e6ac7104 Added public key type to PKEY copy 2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5 Added X.509 accessor for signature. 2013-11-06 11:49:49 -08:00
John Safranek
913e200cd0 X.509 Additions:
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
2013-11-04 11:02:17 -08:00
toddouska
8c7715ee33 remove CBC naming from HC-128 suites 2013-10-24 12:10:09 -07:00
toddouska
f833674171 remove CBC from RABBIT suite naming 2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714 add AES Blake2b 256 basic suites for speed tests 2013-10-24 11:30:51 -07:00
toddouska
c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
toddouska
a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
toddouska
e8fcf35098 add Rsa Public/Private client key exchange callbacks, examples 2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e add Rsa Sign/Verify callbacks, client/server examples 2013-08-26 16:27:29 -07:00
toddouska
e98f5f95c2 add public key callbacks for ecc sign/verify, examples 2013-08-22 18:19:39 -07:00
toddouska
54a2f8b9aa add useratomic DecryptVerify Callbacks, example 2013-08-21 16:55:34 -07:00
John Safranek
442886a207 Added x509 accessors for the SEP build certificate additions. 2013-08-17 09:01:15 -07:00
toddouska
65f0e9f6b9 add atomic user macencrypt cb 2013-08-09 17:27:15 -07:00
John Safranek
831d9cf640 SEP Profile
1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
   a CYASSL_SESSION record.
2013-08-02 16:03:41 -07:00