toddouska
|
5c4fdb30ad
|
add client session table lookup based on serverID, use CyaSSL_SetServerID to set/store with serverid
|
2013-04-29 14:22:32 -07:00 |
|
John Safranek
|
87048698e5
|
use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes.
|
2013-04-29 12:08:16 -07:00 |
|
toddouska
|
05dd84598b
|
turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11
|
2013-04-25 15:36:33 -07:00 |
|
toddouska
|
bad1c32df2
|
add session cert conversion to x509, and free x509 for dynamic variety
|
2013-04-23 11:50:06 -07:00 |
|
toddouska
|
11d81b86de
|
change windows low res timer return
|
2013-04-22 10:52:38 -07:00 |
|
toddouska
|
d665e16bd8
|
add user ctx to verify callback with CyaSSL_SetCertCbCtx
|
2013-04-18 10:37:10 -07:00 |
|
John Safranek
|
fe13b4b6c6
|
moved and renamed the CBIO error codes so they are publically available
|
2013-04-16 12:32:55 -07:00 |
|
toddouska
|
a2bd6e786d
|
fix leanpsk NO_SHA build
|
2013-04-10 12:42:51 -07:00 |
|
John Safranek
|
9b0ffa0249
|
brought CYASSL_CALLBACK code up to current standard
|
2013-04-08 15:34:54 -07:00 |
|
John Safranek
|
e9bc868dbb
|
AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks
|
2013-04-01 14:25:20 -07:00 |
|
toddouska
|
82e3c00075
|
add CYASSL_GENERAL_ALIGNMENT detection and setting for TLS alignment attempt
|
2013-03-27 15:11:49 -07:00 |
|
John Safranek
|
f65f86bb88
|
improvements to CCM, ssn6
|
2013-03-22 11:30:12 -07:00 |
|
toddouska
|
4f9e915bc1
|
add KEEP_PEER_CERT flag for non opensslextra peer cert storage, ssn3
|
2013-03-19 12:18:52 -07:00 |
|
toddouska
|
31b03c8a2d
|
dtls defaults to no static buffers now, fix valgrind errors with dtls
|
2013-03-15 14:21:36 -07:00 |
|
toddouska
|
e515638503
|
make EmbedGenerateCookie a callback, USER_IO can install their own or default to ours
|
2013-03-13 16:41:50 -07:00 |
|
toddouska
|
7914938e60
|
--enable-md5 and build, needs NO_OLD_TLS, suite test version check
|
2013-03-11 17:37:08 -07:00 |
|
toddouska
|
49e62f0858
|
fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples
|
2013-03-11 16:07:46 -07:00 |
|
toddouska
|
7ce9315173
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2013-03-11 11:00:47 -07:00 |
|
toddouska
|
47e7e27bb2
|
add cipher suite check to suite tests to make adding test cases easier
|
2013-03-11 10:59:08 -07:00 |
|
John Safranek
|
20e4889092
|
Merge branch 'dtls'
Conflicts:
src/ssl.c
|
2013-03-08 17:45:35 -08:00 |
|
toddouska
|
6b3a80366f
|
NO_RSA with ecc build fixes
|
2013-03-07 18:10:18 -08:00 |
|
toddouska
|
85b3346bbf
|
NO_RSA build, cipher suite tests need work for this build optoin, ssn2
|
2013-03-07 17:44:40 -08:00 |
|
John Safranek
|
591e1fc772
|
DTLSv1.2, fixed DTLS socket timeout
|
2013-03-06 23:02:33 -08:00 |
|
John Safranek
|
d52fe96063
|
added AES-CBC-SHA256 and SHA384 cipher suites.
|
2013-03-04 13:25:46 -08:00 |
|
toddouska
|
cc9ac1846d
|
fix ecc w/ no rsa send cert verify and server flag for missing cert verify
|
2013-02-26 22:24:34 -08:00 |
|
John Safranek
|
6ff39cffe4
|
Merge branch 'dtls'
Conflicts:
cyassl/ctaocrypt/types.h
|
2013-02-20 17:08:22 -08:00 |
|
John Safranek
|
2c1ed7c11c
|
removed old defragmentation code. fixed new defragment code.
|
2013-02-20 08:35:33 -08:00 |
|
John Safranek
|
bdadeab342
|
added storing of out-of-order and fragmented message, missing processing of the stored list
|
2013-02-19 16:06:02 -08:00 |
|
John Safranek
|
116f2403d0
|
updated the list for storing out of order messages
|
2013-02-19 12:51:02 -08:00 |
|
John Safranek
|
87cad7a966
|
merge branch tls12 into master
|
2013-02-18 14:36:50 -08:00 |
|
toddouska
|
9ea3371079
|
2nd round scan build
|
2013-02-14 16:00:45 -08:00 |
|
John Safranek
|
982b72796e
|
added list for DTLS handshake datagram reordering
|
2013-02-07 11:26:02 -08:00 |
|
toddouska
|
44e0d7543c
|
change copyright name with name change
|
2013-02-05 12:44:17 -08:00 |
|
toddouska
|
f4f13371f9
|
update copyright date
|
2013-02-04 14:51:41 -08:00 |
|
Todd Ouska
|
44b6593fe5
|
add cavium ciphers to SSL, and example client
|
2013-02-01 12:21:38 -08:00 |
|
John Safranek
|
6616975f81
|
added AES-CCM-8 ECC cipher suites, and more test cases
|
2013-01-21 15:19:45 -08:00 |
|
John Safranek
|
a453ccba57
|
Added TLS support for Camellia
|
2013-01-21 10:53:42 -08:00 |
|
John Safranek
|
ccff37f4b1
|
added TLS support for AES-CCM-8
|
2013-01-15 15:20:30 -08:00 |
|
John Safranek
|
eb221238c2
|
separated TLS-AEAD and AES-GCM so TLS-AEAD can also use AES-CCM
|
2013-01-14 15:59:53 -08:00 |
|
John Safranek
|
f756573401
|
Merge branch 'ocsp-test'
|
2013-01-04 14:11:47 -08:00 |
|
John Safranek
|
ac227910f1
|
modify OCSP to use a replacable callback to perform the OCSP transaction
|
2013-01-03 17:19:56 -08:00 |
|
toddouska
|
53e4c2ed72
|
fix pvs studio warnings
|
2013-01-02 11:39:12 -08:00 |
|
toddouska
|
6d3728fe61
|
fix ripemd compression round
|
2012-12-28 14:19:28 -08:00 |
|
toddouska
|
561906cffd
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-12-27 16:36:48 -08:00 |
|
toddouska
|
f0bc61a5d3
|
add more robust pad/verify checks
|
2012-12-27 16:35:43 -08:00 |
|
John Safranek
|
cf114b92df
|
made the ecc keys in the CYASSL struct dynamic
|
2012-12-26 16:39:19 -08:00 |
|
John Safranek
|
831c760edc
|
Merge branch 'ocsp'
Fixes some bugs in the ocsp code, and adds a new option to skip nonces.
|
2012-12-20 16:26:49 -08:00 |
|
John Safranek
|
4e657debfc
|
added the ability to disable OCSP nonces
|
2012-12-19 10:18:11 -08:00 |
|
toddouska
|
96cc05b7b1
|
fix shadow warning
|
2012-12-18 11:40:45 -08:00 |
|
toddouska
|
6e4d33eb00
|
move ProtocolVersion struct members directly into RecordLayerHeader
|
2012-11-28 16:34:41 -08:00 |
|
John Safranek
|
66a3ce2ec1
|
added SHA-256 based RNG when setting NO_RC4 compile flag
|
2012-11-27 22:17:25 -08:00 |
|
John Safranek
|
f8f7f69f48
|
compile option to leave out MD5 and SSL code
|
2012-11-26 18:40:43 -08:00 |
|
John Safranek
|
a89398fdbc
|
added the cipher suites PSK-NULL-SHA256 and PSK-AES128-CBC-SHA256
|
2012-11-20 14:52:17 -08:00 |
|
toddouska
|
dd259b12c7
|
add CyaSSL_peek()
|
2012-11-16 12:16:00 -08:00 |
|
toddouska
|
4a007a2fa0
|
make MAX_CHAIN_DEPTH a build time define and default to 9
|
2012-11-05 10:40:06 -08:00 |
|
John Safranek
|
9aa8b71525
|
Merge branch 'nocerts'
|
2012-11-01 15:47:02 -07:00 |
|
John Safranek
|
134c6b8b1b
|
cleaning warnings in OCSP build
|
2012-11-01 15:03:29 -07:00 |
|
John Safranek
|
85e8f1988a
|
leanpsk build removes cert code, moved ctaocrypt error strings to own file
|
2012-11-01 12:36:47 -07:00 |
|
Chris Conlon
|
f6304ae37a
|
add support for Freescale MQX
|
2012-11-01 11:23:42 -06:00 |
|
John Safranek
|
174618ebfb
|
added build option for leanPSK
|
2012-10-29 15:39:42 -07:00 |
|
toddouska
|
d4d5243f4d
|
add user ability to set IO read/write flags
|
2012-10-25 14:17:11 -07:00 |
|
toddouska
|
0bbbea20be
|
switch sniffer buffers to dynamic, reduce holding memory if large number of sessions cached
|
2012-10-24 17:37:57 -07:00 |
|
John Safranek
|
a92b639155
|
add optional null cipher support for RSA
|
2012-10-19 20:52:22 -07:00 |
|
John Safranek
|
346a52a58c
|
add optional null cipher support for PSK
|
2012-10-19 10:37:21 -07:00 |
|
John Safranek
|
e673b1852a
|
fixed windows build warnings
|
2012-10-09 16:13:05 -07:00 |
|
John Safranek
|
397fbb743f
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-10-03 15:33:23 -07:00 |
|
toddouska
|
e970cdfbc0
|
init cipher specs, check client key exchange state b4 process
|
2012-10-03 11:57:20 -07:00 |
|
John Safranek
|
9bbca6acfb
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-10-02 14:42:06 -07:00 |
|
John Safranek
|
6d1e485ef4
|
DTLS to use recvfrom and sendto in embed recv and send callbacks. Added support for storing dtls peer address.
|
2012-10-02 09:15:50 -07:00 |
|
toddouska
|
e0413df92a
|
add key setup flag for malicious or misbehaving handshake messages with new memory system
|
2012-10-01 11:32:05 -07:00 |
|
John Safranek
|
40eb5b3cc5
|
DTLS resend allocates only enough buffer when needed
|
2012-09-17 09:52:20 -07:00 |
|
John Safranek
|
40972868ce
|
fix merge conflicts
|
2012-09-14 21:19:06 -07:00 |
|
John Safranek
|
7899252104
|
dtls handshake improvement
|
2012-09-14 19:30:50 -07:00 |
|
John Safranek
|
56ee2eaba8
|
added dtls message retry
|
2012-09-14 09:35:34 -07:00 |
|
John Safranek
|
97ca8439a4
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-09-07 08:30:03 -07:00 |
|
John Safranek
|
407397e8be
|
adding DTLS retry timeout, added CYASSL pointer to recv/send callbacks
|
2012-09-06 22:41:55 -07:00 |
|
toddouska
|
8c32a5a2ed
|
make RNG in ssl dynamic, release after hs if stream or < tls1.1
|
2012-09-05 16:18:29 -07:00 |
|
toddouska
|
9ddf43268d
|
use dynamic memory for ssl ciphers, only use what needed
|
2012-09-05 12:30:51 -07:00 |
|
toddouska
|
c47afaf84f
|
make suites object dynamic, only use during handshake
|
2012-09-05 10:17:48 -07:00 |
|
toddouska
|
6943229f87
|
reduce client key exchange stack use in non NTRU mode
|
2012-09-04 15:56:52 -07:00 |
|
toddouska
|
1ba8aff525
|
don't allow corrupted change cipher (fix by antoxa), don't allow multiple decryptions of corrupted messages
|
2012-09-04 11:37:47 -07:00 |
|
John Safranek
|
561a7fc35d
|
drop out of order dtls packets
|
2012-08-23 15:50:56 -07:00 |
|
John Safranek
|
c20eb88d3d
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-08-17 14:21:17 -07:00 |
|
toddouska
|
925ddb6626
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-08-15 17:00:34 -07:00 |
|
toddouska
|
05692e1d6a
|
IAR fixes, SafeRTOS port, better LWIP support
|
2012-08-15 17:00:11 -07:00 |
|
John Safranek
|
c42792e0f1
|
fix compiler warnings
|
2012-08-14 13:51:56 -07:00 |
|
John Safranek
|
9d912970c8
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-08-13 17:33:20 -07:00 |
|
Chris Conlon
|
7ec04c16b6
|
EBSnet RTIP support
|
2012-08-13 17:10:05 -06:00 |
|
John Safranek
|
70552ef8e1
|
added DTLS handshake message defragmentation
|
2012-08-10 10:24:31 -07:00 |
|
John Safranek
|
11df1d25d4
|
fixed the dtls handshake header handling
|
2012-08-09 13:27:30 -07:00 |
|
toddouska
|
08ff33894f
|
add ECDH static cipher suite tests including RSA signed ECDH, clean up code with haveECDSA -> haveECDSAsig
|
2012-08-08 15:09:26 -07:00 |
|
John Safranek
|
3747246133
|
added the generation, verification, and client usage of DTLS handshake cookies
|
2012-08-08 10:38:12 -07:00 |
|
Chris Conlon
|
afa27f0021
|
FreeRTOS threads support, windows simulator support
|
2012-08-02 09:54:41 -06:00 |
|
John Safranek
|
b8b5e7b873
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-07-31 18:42:44 -07:00 |
|
toddouska
|
a5af2e3d51
|
add altname retrieval from peer cert
|
2012-07-31 17:45:48 -07:00 |
|
John Safranek
|
368afbb815
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-07-31 10:11:21 -07:00 |
|
John Safranek
|
e716380bad
|
fixed a bug where aes-gcm required opensslExtra at build configure
|
2012-07-31 10:07:33 -07:00 |
|
toddouska
|
e2eb1b78cc
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-07-27 12:32:42 -07:00 |
|
toddouska
|
6e84ab1271
|
add max chain depth unique error, increase depth to 6
|
2012-07-27 12:32:22 -07:00 |
|
John Safranek
|
3cd231bdfc
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-07-24 15:04:16 -07:00 |
|
toddouska
|
6d3c7d8c59
|
allow bigger MTU record for sniffer
|
2012-07-20 13:04:03 -07:00 |
|
John Safranek
|
489fbf17fe
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-07-19 17:22:16 -07:00 |
|
toddouska
|
d607ffaf02
|
fix MAX_MSG_EXTRA for SHA-256 digest with IV with dynamic buffers
|
2012-07-17 11:52:13 -07:00 |
|
John Safranek
|
ac79d3b145
|
replaced magic numbers with named constants, renamed some constants
|
2012-07-17 10:00:45 -07:00 |
|
John Safranek
|
aaad893804
|
fixed merge conflict
|
2012-07-12 08:39:57 -07:00 |
|
toddouska
|
1f0a32a7e3
|
use internal enum for cipher requires, move external enums back to starting at zero
|
2012-07-11 17:00:16 -07:00 |
|
John Safranek
|
1ac6db9d1d
|
added basic hello extension support for TLSv1.2, renumbered the algorithm enumerations to match RFC
|
2012-07-09 10:02:34 -07:00 |
|
John Safranek
|
eb302b91b0
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-06-30 16:29:10 -07:00 |
|
toddouska
|
22cb11f304
|
add hello_request and session_ticket handling to sniffer
|
2012-06-28 13:37:19 -07:00 |
|
John Safranek
|
3a9a195683
|
Initial draft of AES GCM cipher suites. Missing SHA-384 support.
|
2012-06-26 09:30:48 -07:00 |
|
John Safranek
|
918ea3a074
|
added the library framework for handling aes-gcm in TLS
|
2012-06-18 15:57:37 -07:00 |
|
John Safranek
|
ca7bf0d01e
|
Merge branch 'master' of github.com:cyassl/cyassl
|
2012-05-31 17:29:41 -07:00 |
|
John Safranek
|
6d76b2f247
|
dynamic allocation of OCSP responses, response signature check
|
2012-05-31 17:29:32 -07:00 |
|
toddouska
|
fbc5c8d6dc
|
add SSL set version, different from ctx version
|
2012-05-31 15:24:25 -07:00 |
|
John Safranek
|
4b8bb6cdfe
|
fixed merge conflicts
|
2012-05-29 09:19:53 -07:00 |
|
John Safranek
|
9818fe4f55
|
changed DN hashing to cover the whole DER encoding per OCSP-RFC, OCSP changes towards dynamic storage of responses
|
2012-05-29 09:11:37 -07:00 |
|
toddouska
|
6a62623c64
|
verify suite validity before server picks
|
2012-05-25 12:18:18 -07:00 |
|
toddouska
|
baddc07300
|
check next crl date status
|
2012-05-24 14:07:59 -07:00 |
|
toddouska
|
2b48f248c4
|
crl dir monitoring for linux and mac
|
2012-05-22 17:25:15 -07:00 |
|
toddouska
|
4b8ab62bd1
|
don't retrieve or cache null sessions
|
2012-05-17 10:55:42 -07:00 |
|
toddouska
|
3ec2b9dbbc
|
crl stage 2
|
2012-05-16 17:04:56 -07:00 |
|
John Safranek
|
f9985f5399
|
merge fix
|
2012-05-05 14:49:17 -07:00 |
|
toddouska
|
4fe81df45c
|
basic extneral cert manager added
|
2012-05-03 18:07:31 -07:00 |
|
toddouska
|
97e6a637e6
|
rest of ECDH suites
|
2012-05-03 09:57:17 -07:00 |
|
toddouska
|
a54f51d886
|
first static ECDH suite
|
2012-05-03 08:18:59 -07:00 |
|
John Safranek
|
9c5bcca1ab
|
updates to OCSP
|
2012-05-02 14:45:30 -07:00 |
|
toddouska
|
81be167ee2
|
init ssh changes
|
2012-04-26 16:27:27 -07:00 |
|
John Safranek
|
d3efce71c9
|
allows one to set the cyassl ex_data to null
|
2012-03-23 14:39:37 -07:00 |
|
John Safranek
|
c4e91a831f
|
Fixed unit test case. Updated a constant list to be ANSI-C compliant.
|
2012-03-19 11:30:48 -07:00 |
|
John Safranek
|
fc2f329acb
|
added: ex data for CYASSL object, cert cmp function, verify callback call in success case
|
2012-03-16 10:50:04 -07:00 |
|
John Safranek
|
d7ef83d1b3
|
Added new session cache size. Added options for Fortress build.
|
2012-03-12 10:31:45 -07:00 |
|
toddouska
|
ec85d47a73
|
allow changing session timeout for ctx and ssl
|
2012-02-14 17:46:04 -08:00 |
|
toddouska
|
f8e610493c
|
add ability to set Temp EC-DHE key size in octets for ctx or ssl, 20 - 66 allowed for 160bit - 521bit
|
2012-02-14 12:46:32 -08:00 |
|
toddouska
|
84614da13e
|
increase copyright date 2012
|
2012-02-13 11:54:10 -08:00 |
|
toddouska
|
bce2508878
|
add path handling (basic) for load_verify_locations()
|
2012-02-08 18:07:20 -08:00 |
|
toddouska
|
9b5ab7c914
|
respond to negotiation attempt with alert warning no_renegotiation to try graceful continue if possible
|
2012-02-01 17:18:40 -08:00 |
|
toddouska
|
ee46bcce4a
|
allow ca cache addition callback
|
2012-01-26 12:43:48 -08:00 |
|
toddouska
|
bb53240fdf
|
add CyaSSL_X509_get_der(cert) with EXTRA
|
2012-01-25 14:13:05 -08:00 |
|
toddouska
|
b32bc2ce9f
|
add ability to group handshake messages on send with xxx_set_group_messages()
|
2012-01-24 13:19:03 -08:00 |
|
toddouska
|
0254194e20
|
lean and mean windows fix
|
2011-12-15 11:42:31 -08:00 |
|
toddouska
|
2bc14ce69d
|
add CTX reference count, can free by CTX or SSL
|
2011-12-07 16:32:18 -08:00 |
|
toddouska
|
247d5b5609
|
some root CAs loaded by user won't have basic constraint, allow
|
2011-12-06 15:17:10 -08:00 |
|
toddouska
|
11d15f32b9
|
check basic contsraint CA flag before adding as signer even if explicit add
|
2011-11-02 14:57:14 -07:00 |
|
toddouska
|
948a901cfc
|
add DH param setting by file and buffer, by ctx too
|
2011-11-01 14:05:14 -07:00 |
|
toddouska
|
cb90900920
|
wpa adds
|
2011-10-28 18:43:07 -07:00 |
|
toddouska
|
290f94c8ad
|
add get_subjectCN
|
2011-10-04 09:29:10 -07:00 |
|
toddouska
|
27d35d50cc
|
lots o warning fixes for rc3
|
2011-09-28 13:19:05 -07:00 |
|
Todd A Ouska
|
efe6f80e77
|
allow an app to link with cyassl and openssl, whew
|
2011-08-26 14:40:51 -07:00 |
|
Todd A Ouska
|
5619fa81fa
|
remove ctc_ prefix and cyassl_ prefix since all includes now specify dir
|
2011-08-25 12:41:19 -07:00 |
|