mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,031 Commits 5 Branches 162 Tags 807 MiB
c20fdb037e
Commit Graph

879 Commits

Author SHA1 Message Date
toddouska
7e9be23628 fix item 5 from report by Ivan Fratric of the Google Security Team 2014-03-26 13:54:16 -07:00
toddouska
717f3adb47 fix item 9 from report by Ivan Fratric of the Google Security Team 2014-03-26 13:28:19 -07:00
toddouska
86ebc48032 fix for item 7 report by Ivan Fratric of the Google Security Team 2014-03-26 13:16:43 -07:00
toddouska
23300a201f Merge branch 'master' of github.com:cyassl/cyassl 2014-03-26 12:15:04 -07:00
toddouska
43909ac725 fix sslv3 verify mac pad check, item 6 by report from Ivan Fratric of the Google Security Team 2014-03-26 12:14:18 -07:00
John Safranek
dd61daef70 When saving the signature from a DecodedCert to a CYASSL_X509 only copy 
the signature if it exists.
 2014-03-26 12:01:26 -07:00
toddouska
d5be4c4663 SHA-256 fips mode 2014-03-25 17:11:15 -07:00
toddouska
b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska
3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
toddouska
fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska
8c5d958a8b add Aes SetIV fips mode 2014-03-24 14:01:36 -07:00
toddouska
0ea10a4388 add 3DES fips mode 2014-03-24 13:37:52 -07:00
toddouska
9fe9276236 finish fips aes w/ tests 2014-03-21 14:49:49 -07:00
toddouska
58885b36eb add AesCbc fips mode 2014-03-19 16:43:52 -07:00
toddouska
388436c53e add AesSetKey fips mode 2014-03-19 13:56:11 -07:00
toddouska
8bbc30f3e1 add fips enable switch 2014-03-19 09:43:57 -07:00
Chris Conlon
5a1d420652 move CyaSSL_dtls() and CyaSSL_get_using_nonblock() out of #ifndef CYASSL_LEANPSK for use of leanPSK with standard I/O 2014-03-14 15:33:49 -06:00
Moisés Guimarães
0a5b758de3 Boundaries check for DoCertificate . 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
 2014-03-13 19:15:26 -03:00
Moisés Guimarães
2d2d1341cf Boundaries check for DoCertificateVerify. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
eba36226dc Boundaries check for DoCertificateRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
7630b1d222 Boundaries check for DoHelloVerifyRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
881de67196 Boundaries check for DoHelloRequest. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable mac;
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81 Boundaries check for DoFinished. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
4821b5d5fe Boundaries check for DoCertificateVerify. 
-- switched from totalSz to size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables;
-- removed unnecessary #ifdef HAVE_ECC and #ifndef NO_RSA.
 2014-03-13 19:14:13 -03:00
John Safranek
65475fdfe3 Merge branch 'PIC32MZ' of github.com:kojo1/cyassl-test into kojo1-PIC32MZ 
Conflicts:
	ctaocrypt/benchmark/benchmark.c
 2014-03-11 09:54:36 -07:00
John Safranek
6f55549fed fixes for Xcode 5.1, clang 503.0.38 stricter with some warnings 2014-03-11 09:38:36 -07:00
Takashi Kojo
6235c949b3 PIC32MZ 2014-03-11 11:32:16 +09:00
Takashi Kojo
a9ca608030 Sync with CyaSSL master 2014-03-11 11:22:39 +09:00
Takashi Kojo
6463d34fe7 Roll back native LwIP 2014-03-11 10:59:09 +09:00
Takashi Kojo
3e41d8cecb Merge branch 'PIC32MZ-HWCrypt' 
Conflicts:
	configure.ac
	ctaocrypt/benchmark/benchmark.c
	ctaocrypt/src/asn.c
	ctaocrypt/src/coding.c
	ctaocrypt/src/des3.c
	ctaocrypt/src/md5.c
	ctaocrypt/src/random.c
	ctaocrypt/src/sha.c
	ctaocrypt/src/sha256.c
	cyassl/ctaocrypt/aes.h
	cyassl/ctaocrypt/settings.h
	cyassl/ssl.h
	cyassl/version.h
	examples/server/server.c
	m4/ax_debug.m4
	m4/ax_tls.m4
	mplabx/benchmark_main.c
	mplabx/ctaocrypt_test.X/nbproject/configurations.xml
	mplabx/test_main.c
	src/io.c
	src/ocsp.c
	src/ssl.c
	src/tls.c
	testsuite/testsuite.c
 2014-03-11 10:11:36 +09:00
Takashi Kojo
8ea2eec773 Merge https://github.com/cyassl/cyassl 2014-03-11 09:55:57 +09:00
John Safranek
ad93bc3510 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-05 13:24:46 -08:00
toddouska
b0d255ed40 fix IE session tickets, they don't have sessionIDs like Chrome, Safari, and Firefox do 2014-03-05 13:12:42 -08:00
Takashi Kojo
f5922255b0 Catching up 2.9.0 2014-03-04 22:09:38 +09:00
toddouska
f1597c86b1 fix clang -Wconversion except -Wsign-conversion 2014-03-03 16:46:48 -08:00
John Safranek
1bb09fb97a Added epoch to sequence number for AES-CCM with DTLS encrypt/decrypt. 2014-03-03 14:51:57 -08:00
toddouska
1fd6245600 fix all clang warnings except Wpadded (diagnostic), Wconversion which inludes Wsign-conversion (implicit conversions part of standard) 2014-03-03 13:27:52 -08:00
toddouska
c39cdbea54 make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined 2014-03-03 12:18:26 -08:00
John Safranek
ec7c79c12e fix a couple more uninitialized variables 2014-03-02 18:38:12 -08:00
toddouska
f0f6497526 fix -Wconditional-uninitialized 2014-03-02 11:11:39 -08:00
toddouska
7b00374930 fix -Wmissing-variable-declarations 2014-03-02 11:06:41 -08:00
toddouska
9c5ee66c8c fix -Wunused-macros 2014-03-02 10:59:03 -08:00
toddouska
c4fd159860 Merge branch 'master' of github.com:cyassl/cyassl 2014-02-25 14:37:00 -08:00
toddouska
ac7cb3c8aa add -Wunreachable-code 2014-02-24 11:15:22 -08:00
Moisés Guimarães
d26b3bb445 Boundaries check for DoClientKeyExchange. 
-- switched from totalSz to size in the function parameters
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
 2014-02-24 12:41:50 -03:00
Moisés Guimarães
78bab91615 removed duplicated check for INCOMPLETE_DATA 
added new size enums
 2014-02-24 11:26:55 -03:00
Moisés Guimarães
76c8146bf1 moving available data length check to DoHandShakeMsgType 2014-02-24 11:10:54 -03:00
Moisés Guimarães
95bc954273 Boundaries check for server hello parsing. 
-- added totalSz to the function parameters
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.
 2014-02-24 11:10:54 -03:00
John Safranek
77403c7ee2 Sniffer should ignore MATCH_SUITE_ERRORs when processing old client 
hello messages.
 2014-02-21 16:33:47 -08:00
Takashi Kojo
5d5a8dbabd client.c for LwIP native socket, v0.2 2014-02-20 15:38:35 +09:00
Takashi Kojo
2e69313eb3 Multiple callbacks, fixed initialize ssl->lwipCtx, io.c 2014-02-17 17:40:42 +09:00
Chris Conlon
85a47b4596 add NO_STDIO_FILESYSTEM to exclude FILE usage from non standard filesystems 2014-02-14 14:57:43 -07:00
Chris Conlon
bc3fc658bb move filesystem abstraction to port.h 2014-02-14 14:46:49 -07:00
Moisés Guimarães
2ff78b7fda Boundaries check for client hello parsing. 
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.

TLS extensions return codes fixed.
 2014-02-11 18:10:52 -03:00
toddouska
1cf884dccc add enable-certservice, ease of use 2014-02-11 13:08:12 -08:00
toddouska
fd44cb056f allow badly reassembled sniffer packets to try on full length vs zero length 2014-02-10 16:27:44 -08:00
John Safranek
4a0afa19bf Reinitialize the index when processing stored DTLS handshake messages. 2014-02-04 07:36:59 -08:00
Takashi Kojo
78b897a07c LwIP, native tcp socket, user sent callback 2014-02-04 23:15:34 +09:00
Takashi Kojo
23bc584caf LwIP, native TCP socket, ver 2 2014-02-04 16:37:50 +09:00
Takashi Kojo
52e661df05 Clean ups 2014-02-04 10:07:01 +09:00
Moisés Guimarães
468e26a3a2 fixed error catching on TLSX_EllipticCurve_Parse 
fixed unsupported curves handling
 2014-02-03 21:54:31 -03:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
Takashi Kojo
168985ed9f LwIP native TCP Socket 2014-02-02 18:09:25 +09:00
toddouska
51b3b1cb6c fix pkCurveOID c files, doesn't require openssl extra 2014-02-01 12:14:41 -08:00
John Safranek
909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães
5616450a4b fixed return codes 
added protection for missing HAVE_TLS_EXTENSIONS
 2014-01-31 16:52:15 -03:00
Moisés Guimarães
30e2b4aa11 writing curves in the right order. (reverse) 
improved curve validation.
 2014-01-31 16:52:14 -03:00
Moisés Guimarães
9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães
7d2a6800f7 added Elliptic Curves Extensions implementation and configuration. 2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
John Safranek
cfa9007199 1. Bumped release version in configure.ac. 
2. Added enable option for SCEP. Enables prereqs.
3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
 2014-01-27 11:35:43 -08:00
Moisés Guimarães
8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
Moisés Guimarães
d58add7e97 added protection to test_CyaSSL_client_server 
fixed min macro
 2014-01-15 10:56:49 -03:00
toddouska
8a1971d52b add CyaSSL_CertPemToDer for certs, ca certs, and cert reqs 2014-01-14 15:13:43 -08:00
Chris Conlon
1d67d9217e initial PKCS#7 stubs, tie into ./configure 2014-01-10 15:17:03 -07:00
John Safranek
7b04b7ab84 DTLS IO and cookie callbacks are IPv4/IPv6 agnostic. 2013-12-30 10:39:12 -08:00
John Safranek
420ca9e6e3 Merge branch 'ocsp' 2013-12-27 16:14:47 -08:00
John Safranek
896b16a7df Fixed off-by-one error in OCSP 2013-12-27 16:13:52 -08:00
John Safranek
d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
Moisés Guimarães
3e24a446b9 fixing SNI_GetFromBuffer return code on success. 2013-12-24 15:34:17 -03:00
John Safranek
4ce2e59adf For Atomic user: 
1. Added a getter for the session's IV size.
2. The HMAC size getter should return 0 for AEAD ciphers
   and the hash length for the others.
 2013-12-23 22:32:08 -08:00
John Safranek
14aa114854 Trimmed unused includes and defines from OCSP source. 2013-12-23 14:33:44 -08:00
Chris Conlon
64912b37f6 adjust key buffer length when using ToTraditional() or ToTraditionalEnc() 2013-12-23 14:07:58 -07:00
toddouska
29c41da818 do size check on user password input 2013-12-23 12:24:03 -08:00
toddouska
3c706b4645 only set up tmp ctx if using password 2013-12-23 12:15:55 -08:00
toddouska
db71460bb8 add password functionality to CyaSSL_KeyPemToDer() 2013-12-23 12:07:20 -08:00
rofl0r
a36c18c27f implement CyaSSL_ERR_reason_error_string 
this has several advantages:
- we can provide a replacement for openssl's ERR_reason_error_string,
  which makes porting simpler,
- code shrink due to removal of excessive strcpy call
- all error strings are const anyway so there's no point to force the
  user to supply storage for them and copying them around.
 2013-12-19 19:40:48 +01:00
John Safranek
fe4f10418f OCSP lookups are IPv4/IPv6 agnostic. 2013-12-17 18:30:42 -08:00
Moisés Guimarães
ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
John Safranek
9d6182d279 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-12 11:06:21 -08:00
John Safranek
26a26fa19d 1. Fixed a build warning. 
2. Fixed an initialization bug when decoding old-style client hellos.
 2013-12-12 10:45:19 -08:00
Chris Conlon
5909f5c2c0 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-11 16:20:43 -08:00
Chris Conlon
8c7f5817ac NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file 2013-12-11 16:19:09 -08:00
toddouska
ba95c33ed4 more clang warnings 2013-12-11 15:47:40 -08:00
toddouska
b41d09b1a2 fix newer clang warnings 2013-12-11 12:03:09 -08:00
toddouska
9e56ad262c fix snifftest pcap frees on file mode, close TraceFile on ssl_Free 2013-12-10 16:17:43 -08:00
toddouska
3051c8e900 make sure Arrays elemets all set to 0 2013-12-09 18:21:43 -08:00
John Safranek
9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
 2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães
384cc9d3da adding truncated_hmac to tlsx 2013-12-02 16:19:51 -03:00
Moisés Guimarães
f8b30b3379 changing variable names to build on Ubuntu. 2013-12-02 15:50:21 -03:00
toddouska
6294102760 fix wrong NO_DES flags for requirements 2013-11-27 11:59:23 -08:00
Moisés Guimarães
7dfb3c6b29 Fixing length adjustment on both while loops 
added test for client hello without SNI extension
 2013-11-25 21:05:40 -03:00
Moisés Guimarães
0f2f9b6982 added more tests with code refactoring. 2013-11-21 21:25:43 -03:00
Moisés Guimarães
ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
John Safranek
dda5413ae2 moved some #defines around to fix sessioncerts-only build 2013-11-21 10:48:45 -08:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
toddouska
a7bcca84c3 add ecdsa cert signing 2013-11-14 15:00:22 -08:00
John Safranek
8c20ff2d97 Merge branch 'master' of github.com:cyassl/cyassl 2013-11-11 11:31:35 -08:00
John Safranek
dabb8058c4 1. Updated README Note 2. The error code described for no signer 
errors is -188. (The error code -155 is for the signature
   confirmation failing.)
2. Fixed bug in copying the signature from a DecodedCert to a
   CYASSL_X509 record.
 2013-11-11 11:19:35 -08:00
Takashi Kojo
23cada35ba Catch up master 2013-11-10 21:06:34 +09:00
Takashi Kojo
16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
John Safranek
42f82ce9cc Merge branch 'master' of github.com:cyassl/cyassl 2013-11-06 15:54:01 -08:00
John Safranek
20e6ac7104 Added public key type to PKEY copy 2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5 Added X.509 accessor for signature. 2013-11-06 11:49:49 -08:00
Takashi Kojo
f26cf50ff2 Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5 2013-11-06 10:22:21 +09:00
Chris Conlon
fb8c3e0c75 fix gcc warning with enable-ocsp 2013-11-04 15:36:08 -07:00
John Safranek
913e200cd0 X.509 Additions: 
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
 2013-11-04 11:02:17 -08:00
toddouska
12b074fbe9 add worst case estimate to ecc_sign_size() 2013-10-30 13:33:23 -07:00
toddouska
de6b9bc6be fix sniffer with new decrypt/verify code 2013-10-28 17:18:41 -07:00
Takashi Kojo
33ccf62ff5 MDK5 support 2013-10-25 15:49:39 +09:00
toddouska
8c7715ee33 remove CBC naming from HC-128 suites 2013-10-24 12:10:09 -07:00
toddouska
f833674171 remove CBC from RABBIT suite naming 2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714 add AES Blake2b 256 basic suites for speed tests 2013-10-24 11:30:51 -07:00
Takashi Kojo
2f98233825 For MDK5 2013-10-24 18:50:26 +09:00
Takashi Kojo
e4a3599a6b cyassl/src file updates for MDK5 2013-10-24 16:52:17 +09:00
toddouska
c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
Chris Conlon
f45d0709b3 case insensitivity fix for domain name check 2013-10-18 15:17:19 -06:00
Chris Conlon
dba488ba70 add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB 2013-10-14 15:04:26 -06:00
toddouska
6c654bba3d fix camellia memory leak 2013-10-10 16:50:35 -07:00
John Safranek
51c485f523 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
 2013-10-08 14:59:59 -07:00
John Safranek
33bcc76a07 Merge branch 'master' of github.com:cyassl/cyassl 2013-10-02 15:27:10 -07:00
Chris Conlon
17b220e9c7 add Freescale MQX time functionality 2013-09-24 20:12:48 -06:00
John Safranek
5e4ca53496 clean up Windows build issues with OCSP 2013-09-18 14:47:51 -07:00
John Safranek
c5f3eace7d DTLS timeout init wasn't initializing the timeout until after the first timeout. 2013-09-11 14:28:01 -07:00
toddouska
44ba0af192 free fp ecc resources on cleanup 2013-09-06 17:08:57 -07:00
toddouska
a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
John Safranek
f2c75a9e87 ECDSA signatures need a zero padding for the ASN.1 storage of the R and S values 2013-09-05 15:00:01 -07:00
toddouska
b9540bf579 check NULL to match docs 2013-08-29 08:25:14 -07:00
John Safranek
78b8da9949 Initialize the AEAD explicit IV to 0. 2013-08-27 10:44:04 -07:00
toddouska
e8fcf35098 add Rsa Public/Private client key exchange callbacks, examples 2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e add Rsa Sign/Verify callbacks, client/server examples 2013-08-26 16:27:29 -07:00
toddouska
664c6de5d5 send blank cert on client if TLS instead of TLSv1.2, more accept this now and some even incorrectly require it 2013-08-26 12:34:39 -07:00
John Safranek
081a3a57d4 move variable declaration before function code 2013-08-23 10:26:42 -07:00
John Safranek
33a7a7f762 initialize return variable 2013-08-23 10:20:39 -07:00
John Safranek
0002ba4ee8 Merge branch 'master' of github.com:cyassl/cyassl 2013-08-23 10:12:17 -07:00