Commit Graph

249 Commits

Author SHA1 Message Date
toddouska
5c4fdb30ad add client session table lookup based on serverID, use CyaSSL_SetServerID to set/store with serverid 2013-04-29 14:22:32 -07:00
John Safranek
87048698e5 use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes. 2013-04-29 12:08:16 -07:00
toddouska
05dd84598b turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11 2013-04-25 15:36:33 -07:00
toddouska
bad1c32df2 add session cert conversion to x509, and free x509 for dynamic variety 2013-04-23 11:50:06 -07:00
toddouska
11d81b86de change windows low res timer return 2013-04-22 10:52:38 -07:00
toddouska
d665e16bd8 add user ctx to verify callback with CyaSSL_SetCertCbCtx 2013-04-18 10:37:10 -07:00
John Safranek
fe13b4b6c6 moved and renamed the CBIO error codes so they are publically available 2013-04-16 12:32:55 -07:00
toddouska
a2bd6e786d fix leanpsk NO_SHA build 2013-04-10 12:42:51 -07:00
John Safranek
9b0ffa0249 brought CYASSL_CALLBACK code up to current standard 2013-04-08 15:34:54 -07:00
John Safranek
e9bc868dbb AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks 2013-04-01 14:25:20 -07:00
toddouska
82e3c00075 add CYASSL_GENERAL_ALIGNMENT detection and setting for TLS alignment attempt 2013-03-27 15:11:49 -07:00
John Safranek
f65f86bb88 improvements to CCM, ssn6 2013-03-22 11:30:12 -07:00
toddouska
4f9e915bc1 add KEEP_PEER_CERT flag for non opensslextra peer cert storage, ssn3 2013-03-19 12:18:52 -07:00
toddouska
31b03c8a2d dtls defaults to no static buffers now, fix valgrind errors with dtls 2013-03-15 14:21:36 -07:00
toddouska
e515638503 make EmbedGenerateCookie a callback, USER_IO can install their own or default to ours 2013-03-13 16:41:50 -07:00
toddouska
7914938e60 --enable-md5 and build, needs NO_OLD_TLS, suite test version check 2013-03-11 17:37:08 -07:00
toddouska
49e62f0858 fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples 2013-03-11 16:07:46 -07:00
toddouska
7ce9315173 Merge branch 'master' of github.com:cyassl/cyassl 2013-03-11 11:00:47 -07:00
toddouska
47e7e27bb2 add cipher suite check to suite tests to make adding test cases easier 2013-03-11 10:59:08 -07:00
John Safranek
20e4889092 Merge branch 'dtls'
Conflicts:
	src/ssl.c
2013-03-08 17:45:35 -08:00
toddouska
6b3a80366f NO_RSA with ecc build fixes 2013-03-07 18:10:18 -08:00
toddouska
85b3346bbf NO_RSA build, cipher suite tests need work for this build optoin, ssn2 2013-03-07 17:44:40 -08:00
John Safranek
591e1fc772 DTLSv1.2, fixed DTLS socket timeout 2013-03-06 23:02:33 -08:00
John Safranek
d52fe96063 added AES-CBC-SHA256 and SHA384 cipher suites. 2013-03-04 13:25:46 -08:00
toddouska
cc9ac1846d fix ecc w/ no rsa send cert verify and server flag for missing cert verify 2013-02-26 22:24:34 -08:00
John Safranek
6ff39cffe4 Merge branch 'dtls'
Conflicts:
	cyassl/ctaocrypt/types.h
2013-02-20 17:08:22 -08:00
John Safranek
2c1ed7c11c removed old defragmentation code. fixed new defragment code. 2013-02-20 08:35:33 -08:00
John Safranek
bdadeab342 added storing of out-of-order and fragmented message, missing processing of the stored list 2013-02-19 16:06:02 -08:00
John Safranek
116f2403d0 updated the list for storing out of order messages 2013-02-19 12:51:02 -08:00
John Safranek
87cad7a966 merge branch tls12 into master 2013-02-18 14:36:50 -08:00
toddouska
9ea3371079 2nd round scan build 2013-02-14 16:00:45 -08:00
John Safranek
982b72796e added list for DTLS handshake datagram reordering 2013-02-07 11:26:02 -08:00
toddouska
44e0d7543c change copyright name with name change 2013-02-05 12:44:17 -08:00
toddouska
f4f13371f9 update copyright date 2013-02-04 14:51:41 -08:00
Todd Ouska
44b6593fe5 add cavium ciphers to SSL, and example client 2013-02-01 12:21:38 -08:00
John Safranek
6616975f81 added AES-CCM-8 ECC cipher suites, and more test cases 2013-01-21 15:19:45 -08:00
John Safranek
a453ccba57 Added TLS support for Camellia 2013-01-21 10:53:42 -08:00
John Safranek
ccff37f4b1 added TLS support for AES-CCM-8 2013-01-15 15:20:30 -08:00
John Safranek
eb221238c2 separated TLS-AEAD and AES-GCM so TLS-AEAD can also use AES-CCM 2013-01-14 15:59:53 -08:00
John Safranek
f756573401 Merge branch 'ocsp-test' 2013-01-04 14:11:47 -08:00
John Safranek
ac227910f1 modify OCSP to use a replacable callback to perform the OCSP transaction 2013-01-03 17:19:56 -08:00
toddouska
53e4c2ed72 fix pvs studio warnings 2013-01-02 11:39:12 -08:00
toddouska
6d3728fe61 fix ripemd compression round 2012-12-28 14:19:28 -08:00
toddouska
561906cffd Merge branch 'master' of github.com:cyassl/cyassl 2012-12-27 16:36:48 -08:00
toddouska
f0bc61a5d3 add more robust pad/verify checks 2012-12-27 16:35:43 -08:00
John Safranek
cf114b92df made the ecc keys in the CYASSL struct dynamic 2012-12-26 16:39:19 -08:00
John Safranek
831c760edc Merge branch 'ocsp'
Fixes some bugs in the ocsp code, and adds a new option to skip nonces.
2012-12-20 16:26:49 -08:00
John Safranek
4e657debfc added the ability to disable OCSP nonces 2012-12-19 10:18:11 -08:00
toddouska
96cc05b7b1 fix shadow warning 2012-12-18 11:40:45 -08:00
toddouska
6e4d33eb00 move ProtocolVersion struct members directly into RecordLayerHeader 2012-11-28 16:34:41 -08:00
John Safranek
66a3ce2ec1 added SHA-256 based RNG when setting NO_RC4 compile flag 2012-11-27 22:17:25 -08:00
John Safranek
f8f7f69f48 compile option to leave out MD5 and SSL code 2012-11-26 18:40:43 -08:00
John Safranek
a89398fdbc added the cipher suites PSK-NULL-SHA256 and PSK-AES128-CBC-SHA256 2012-11-20 14:52:17 -08:00
toddouska
dd259b12c7 add CyaSSL_peek() 2012-11-16 12:16:00 -08:00
toddouska
4a007a2fa0 make MAX_CHAIN_DEPTH a build time define and default to 9 2012-11-05 10:40:06 -08:00
John Safranek
9aa8b71525 Merge branch 'nocerts' 2012-11-01 15:47:02 -07:00
John Safranek
134c6b8b1b cleaning warnings in OCSP build 2012-11-01 15:03:29 -07:00
John Safranek
85e8f1988a leanpsk build removes cert code, moved ctaocrypt error strings to own file 2012-11-01 12:36:47 -07:00
Chris Conlon
f6304ae37a add support for Freescale MQX 2012-11-01 11:23:42 -06:00
John Safranek
174618ebfb added build option for leanPSK 2012-10-29 15:39:42 -07:00
toddouska
d4d5243f4d add user ability to set IO read/write flags 2012-10-25 14:17:11 -07:00
toddouska
0bbbea20be switch sniffer buffers to dynamic, reduce holding memory if large number of sessions cached 2012-10-24 17:37:57 -07:00
John Safranek
a92b639155 add optional null cipher support for RSA 2012-10-19 20:52:22 -07:00
John Safranek
346a52a58c add optional null cipher support for PSK 2012-10-19 10:37:21 -07:00
John Safranek
e673b1852a fixed windows build warnings 2012-10-09 16:13:05 -07:00
John Safranek
397fbb743f Merge branch 'master' of github.com:cyassl/cyassl 2012-10-03 15:33:23 -07:00
toddouska
e970cdfbc0 init cipher specs, check client key exchange state b4 process 2012-10-03 11:57:20 -07:00
John Safranek
9bbca6acfb Merge branch 'master' of github.com:cyassl/cyassl 2012-10-02 14:42:06 -07:00
John Safranek
6d1e485ef4 DTLS to use recvfrom and sendto in embed recv and send callbacks. Added support for storing dtls peer address. 2012-10-02 09:15:50 -07:00
toddouska
e0413df92a add key setup flag for malicious or misbehaving handshake messages with new memory system 2012-10-01 11:32:05 -07:00
John Safranek
40eb5b3cc5 DTLS resend allocates only enough buffer when needed 2012-09-17 09:52:20 -07:00
John Safranek
40972868ce fix merge conflicts 2012-09-14 21:19:06 -07:00
John Safranek
7899252104 dtls handshake improvement 2012-09-14 19:30:50 -07:00
John Safranek
56ee2eaba8 added dtls message retry 2012-09-14 09:35:34 -07:00
John Safranek
97ca8439a4 Merge branch 'master' of github.com:cyassl/cyassl 2012-09-07 08:30:03 -07:00
John Safranek
407397e8be adding DTLS retry timeout, added CYASSL pointer to recv/send callbacks 2012-09-06 22:41:55 -07:00
toddouska
8c32a5a2ed make RNG in ssl dynamic, release after hs if stream or < tls1.1 2012-09-05 16:18:29 -07:00
toddouska
9ddf43268d use dynamic memory for ssl ciphers, only use what needed 2012-09-05 12:30:51 -07:00
toddouska
c47afaf84f make suites object dynamic, only use during handshake 2012-09-05 10:17:48 -07:00
toddouska
6943229f87 reduce client key exchange stack use in non NTRU mode 2012-09-04 15:56:52 -07:00
toddouska
1ba8aff525 don't allow corrupted change cipher (fix by antoxa), don't allow multiple decryptions of corrupted messages 2012-09-04 11:37:47 -07:00
John Safranek
561a7fc35d drop out of order dtls packets 2012-08-23 15:50:56 -07:00
John Safranek
c20eb88d3d Merge branch 'master' of github.com:cyassl/cyassl 2012-08-17 14:21:17 -07:00
toddouska
925ddb6626 Merge branch 'master' of github.com:cyassl/cyassl 2012-08-15 17:00:34 -07:00
toddouska
05692e1d6a IAR fixes, SafeRTOS port, better LWIP support 2012-08-15 17:00:11 -07:00
John Safranek
c42792e0f1 fix compiler warnings 2012-08-14 13:51:56 -07:00
John Safranek
9d912970c8 Merge branch 'master' of github.com:cyassl/cyassl 2012-08-13 17:33:20 -07:00
Chris Conlon
7ec04c16b6 EBSnet RTIP support 2012-08-13 17:10:05 -06:00
John Safranek
70552ef8e1 added DTLS handshake message defragmentation 2012-08-10 10:24:31 -07:00
John Safranek
11df1d25d4 fixed the dtls handshake header handling 2012-08-09 13:27:30 -07:00
toddouska
08ff33894f add ECDH static cipher suite tests including RSA signed ECDH, clean up code with haveECDSA -> haveECDSAsig 2012-08-08 15:09:26 -07:00
John Safranek
3747246133 added the generation, verification, and client usage of DTLS handshake cookies 2012-08-08 10:38:12 -07:00
Chris Conlon
afa27f0021 FreeRTOS threads support, windows simulator support 2012-08-02 09:54:41 -06:00
John Safranek
b8b5e7b873 Merge branch 'master' of github.com:cyassl/cyassl 2012-07-31 18:42:44 -07:00
toddouska
a5af2e3d51 add altname retrieval from peer cert 2012-07-31 17:45:48 -07:00
John Safranek
368afbb815 Merge branch 'master' of github.com:cyassl/cyassl 2012-07-31 10:11:21 -07:00
John Safranek
e716380bad fixed a bug where aes-gcm required opensslExtra at build configure 2012-07-31 10:07:33 -07:00
toddouska
e2eb1b78cc Merge branch 'master' of github.com:cyassl/cyassl 2012-07-27 12:32:42 -07:00
toddouska
6e84ab1271 add max chain depth unique error, increase depth to 6 2012-07-27 12:32:22 -07:00
John Safranek
3cd231bdfc Merge branch 'master' of github.com:cyassl/cyassl 2012-07-24 15:04:16 -07:00
toddouska
6d3c7d8c59 allow bigger MTU record for sniffer 2012-07-20 13:04:03 -07:00
John Safranek
489fbf17fe Merge branch 'master' of github.com:cyassl/cyassl 2012-07-19 17:22:16 -07:00
toddouska
d607ffaf02 fix MAX_MSG_EXTRA for SHA-256 digest with IV with dynamic buffers 2012-07-17 11:52:13 -07:00
John Safranek
ac79d3b145 replaced magic numbers with named constants, renamed some constants 2012-07-17 10:00:45 -07:00
John Safranek
aaad893804 fixed merge conflict 2012-07-12 08:39:57 -07:00
toddouska
1f0a32a7e3 use internal enum for cipher requires, move external enums back to starting at zero 2012-07-11 17:00:16 -07:00
John Safranek
1ac6db9d1d added basic hello extension support for TLSv1.2, renumbered the algorithm enumerations to match RFC 2012-07-09 10:02:34 -07:00
John Safranek
eb302b91b0 Merge branch 'master' of github.com:cyassl/cyassl 2012-06-30 16:29:10 -07:00
toddouska
22cb11f304 add hello_request and session_ticket handling to sniffer 2012-06-28 13:37:19 -07:00
John Safranek
3a9a195683 Initial draft of AES GCM cipher suites. Missing SHA-384 support. 2012-06-26 09:30:48 -07:00
John Safranek
918ea3a074 added the library framework for handling aes-gcm in TLS 2012-06-18 15:57:37 -07:00
John Safranek
ca7bf0d01e Merge branch 'master' of github.com:cyassl/cyassl 2012-05-31 17:29:41 -07:00
John Safranek
6d76b2f247 dynamic allocation of OCSP responses, response signature check 2012-05-31 17:29:32 -07:00
toddouska
fbc5c8d6dc add SSL set version, different from ctx version 2012-05-31 15:24:25 -07:00
John Safranek
4b8bb6cdfe fixed merge conflicts 2012-05-29 09:19:53 -07:00
John Safranek
9818fe4f55 changed DN hashing to cover the whole DER encoding per OCSP-RFC, OCSP changes towards dynamic storage of responses 2012-05-29 09:11:37 -07:00
toddouska
6a62623c64 verify suite validity before server picks 2012-05-25 12:18:18 -07:00
toddouska
baddc07300 check next crl date status 2012-05-24 14:07:59 -07:00
toddouska
2b48f248c4 crl dir monitoring for linux and mac 2012-05-22 17:25:15 -07:00
toddouska
4b8ab62bd1 don't retrieve or cache null sessions 2012-05-17 10:55:42 -07:00
toddouska
3ec2b9dbbc crl stage 2 2012-05-16 17:04:56 -07:00
John Safranek
f9985f5399 merge fix 2012-05-05 14:49:17 -07:00
toddouska
4fe81df45c basic extneral cert manager added 2012-05-03 18:07:31 -07:00
toddouska
97e6a637e6 rest of ECDH suites 2012-05-03 09:57:17 -07:00
toddouska
a54f51d886 first static ECDH suite 2012-05-03 08:18:59 -07:00
John Safranek
9c5bcca1ab updates to OCSP 2012-05-02 14:45:30 -07:00
toddouska
81be167ee2 init ssh changes 2012-04-26 16:27:27 -07:00
John Safranek
d3efce71c9 allows one to set the cyassl ex_data to null 2012-03-23 14:39:37 -07:00
John Safranek
c4e91a831f Fixed unit test case. Updated a constant list to be ANSI-C compliant. 2012-03-19 11:30:48 -07:00
John Safranek
fc2f329acb added: ex data for CYASSL object, cert cmp function, verify callback call in success case 2012-03-16 10:50:04 -07:00
John Safranek
d7ef83d1b3 Added new session cache size. Added options for Fortress build. 2012-03-12 10:31:45 -07:00
toddouska
ec85d47a73 allow changing session timeout for ctx and ssl 2012-02-14 17:46:04 -08:00
toddouska
f8e610493c add ability to set Temp EC-DHE key size in octets for ctx or ssl, 20 - 66 allowed for 160bit - 521bit 2012-02-14 12:46:32 -08:00
toddouska
84614da13e increase copyright date 2012 2012-02-13 11:54:10 -08:00
toddouska
bce2508878 add path handling (basic) for load_verify_locations() 2012-02-08 18:07:20 -08:00
toddouska
9b5ab7c914 respond to negotiation attempt with alert warning no_renegotiation to try graceful continue if possible 2012-02-01 17:18:40 -08:00
toddouska
ee46bcce4a allow ca cache addition callback 2012-01-26 12:43:48 -08:00
toddouska
bb53240fdf add CyaSSL_X509_get_der(cert) with EXTRA 2012-01-25 14:13:05 -08:00
toddouska
b32bc2ce9f add ability to group handshake messages on send with xxx_set_group_messages() 2012-01-24 13:19:03 -08:00
toddouska
0254194e20 lean and mean windows fix 2011-12-15 11:42:31 -08:00
toddouska
2bc14ce69d add CTX reference count, can free by CTX or SSL 2011-12-07 16:32:18 -08:00
toddouska
247d5b5609 some root CAs loaded by user won't have basic constraint, allow 2011-12-06 15:17:10 -08:00
toddouska
11d15f32b9 check basic contsraint CA flag before adding as signer even if explicit add 2011-11-02 14:57:14 -07:00
toddouska
948a901cfc add DH param setting by file and buffer, by ctx too 2011-11-01 14:05:14 -07:00
toddouska
cb90900920 wpa adds 2011-10-28 18:43:07 -07:00
toddouska
290f94c8ad add get_subjectCN 2011-10-04 09:29:10 -07:00
toddouska
27d35d50cc lots o warning fixes for rc3 2011-09-28 13:19:05 -07:00
Todd A Ouska
efe6f80e77 allow an app to link with cyassl and openssl, whew 2011-08-26 14:40:51 -07:00
Todd A Ouska
5619fa81fa remove ctc_ prefix and cyassl_ prefix since all includes now specify dir 2011-08-25 12:41:19 -07:00