mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
1,745 Commits 5 Branches 162 Tags 807 MiB
e873d7998b
Commit Graph

781 Commits

Author SHA1 Message Date
Moisés Guimarães
95bc954273 Boundaries check for server hello parsing. 
-- added totalSz to the function parameters
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.
 2014-02-24 11:10:54 -03:00
John Safranek
77403c7ee2 Sniffer should ignore MATCH_SUITE_ERRORs when processing old client 
hello messages.
 2014-02-21 16:33:47 -08:00
Takashi Kojo
5d5a8dbabd client.c for LwIP native socket, v0.2 2014-02-20 15:38:35 +09:00
Takashi Kojo
2e69313eb3 Multiple callbacks, fixed initialize ssl->lwipCtx, io.c 2014-02-17 17:40:42 +09:00
Chris Conlon
85a47b4596 add NO_STDIO_FILESYSTEM to exclude FILE usage from non standard filesystems 2014-02-14 14:57:43 -07:00
Chris Conlon
bc3fc658bb move filesystem abstraction to port.h 2014-02-14 14:46:49 -07:00
Moisés Guimarães
2ff78b7fda Boundaries check for client hello parsing. 
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.

TLS extensions return codes fixed.
 2014-02-11 18:10:52 -03:00
toddouska
1cf884dccc add enable-certservice, ease of use 2014-02-11 13:08:12 -08:00
toddouska
fd44cb056f allow badly reassembled sniffer packets to try on full length vs zero length 2014-02-10 16:27:44 -08:00
John Safranek
4a0afa19bf Reinitialize the index when processing stored DTLS handshake messages. 2014-02-04 07:36:59 -08:00
Takashi Kojo
78b897a07c LwIP, native tcp socket, user sent callback 2014-02-04 23:15:34 +09:00
Takashi Kojo
23bc584caf LwIP, native TCP socket, ver 2 2014-02-04 16:37:50 +09:00
Takashi Kojo
52e661df05 Clean ups 2014-02-04 10:07:01 +09:00
Moisés Guimarães
468e26a3a2 fixed error catching on TLSX_EllipticCurve_Parse 
fixed unsupported curves handling
 2014-02-03 21:54:31 -03:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
Takashi Kojo
168985ed9f LwIP native TCP Socket 2014-02-02 18:09:25 +09:00
toddouska
51b3b1cb6c fix pkCurveOID c files, doesn't require openssl extra 2014-02-01 12:14:41 -08:00
John Safranek
909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães
5616450a4b fixed return codes 
added protection for missing HAVE_TLS_EXTENSIONS
 2014-01-31 16:52:15 -03:00
Moisés Guimarães
30e2b4aa11 writing curves in the right order. (reverse) 
improved curve validation.
 2014-01-31 16:52:14 -03:00
Moisés Guimarães
9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães
7d2a6800f7 added Elliptic Curves Extensions implementation and configuration. 2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
John Safranek
cfa9007199 1. Bumped release version in configure.ac. 
2. Added enable option for SCEP. Enables prereqs.
3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
 2014-01-27 11:35:43 -08:00
Moisés Guimarães
8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
Moisés Guimarães
d58add7e97 added protection to test_CyaSSL_client_server 
fixed min macro
 2014-01-15 10:56:49 -03:00
toddouska
8a1971d52b add CyaSSL_CertPemToDer for certs, ca certs, and cert reqs 2014-01-14 15:13:43 -08:00
Chris Conlon
1d67d9217e initial PKCS#7 stubs, tie into ./configure 2014-01-10 15:17:03 -07:00
John Safranek
7b04b7ab84 DTLS IO and cookie callbacks are IPv4/IPv6 agnostic. 2013-12-30 10:39:12 -08:00
John Safranek
420ca9e6e3 Merge branch 'ocsp' 2013-12-27 16:14:47 -08:00
John Safranek
896b16a7df Fixed off-by-one error in OCSP 2013-12-27 16:13:52 -08:00
John Safranek
d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
Moisés Guimarães
3e24a446b9 fixing SNI_GetFromBuffer return code on success. 2013-12-24 15:34:17 -03:00
John Safranek
4ce2e59adf For Atomic user: 
1. Added a getter for the session's IV size.
2. The HMAC size getter should return 0 for AEAD ciphers
   and the hash length for the others.
 2013-12-23 22:32:08 -08:00
John Safranek
14aa114854 Trimmed unused includes and defines from OCSP source. 2013-12-23 14:33:44 -08:00
Chris Conlon
64912b37f6 adjust key buffer length when using ToTraditional() or ToTraditionalEnc() 2013-12-23 14:07:58 -07:00
toddouska
29c41da818 do size check on user password input 2013-12-23 12:24:03 -08:00
toddouska
3c706b4645 only set up tmp ctx if using password 2013-12-23 12:15:55 -08:00
toddouska
db71460bb8 add password functionality to CyaSSL_KeyPemToDer() 2013-12-23 12:07:20 -08:00
John Safranek
fe4f10418f OCSP lookups are IPv4/IPv6 agnostic. 2013-12-17 18:30:42 -08:00
Moisés Guimarães
ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
John Safranek
9d6182d279 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-12 11:06:21 -08:00
John Safranek
26a26fa19d 1. Fixed a build warning. 
2. Fixed an initialization bug when decoding old-style client hellos.
 2013-12-12 10:45:19 -08:00
Chris Conlon
5909f5c2c0 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-11 16:20:43 -08:00
Chris Conlon
8c7f5817ac NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file 2013-12-11 16:19:09 -08:00
toddouska
ba95c33ed4 more clang warnings 2013-12-11 15:47:40 -08:00
toddouska
b41d09b1a2 fix newer clang warnings 2013-12-11 12:03:09 -08:00
toddouska
9e56ad262c fix snifftest pcap frees on file mode, close TraceFile on ssl_Free 2013-12-10 16:17:43 -08:00
toddouska
3051c8e900 make sure Arrays elemets all set to 0 2013-12-09 18:21:43 -08:00
John Safranek
9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
 2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães
384cc9d3da adding truncated_hmac to tlsx 2013-12-02 16:19:51 -03:00
Moisés Guimarães
f8b30b3379 changing variable names to build on Ubuntu. 2013-12-02 15:50:21 -03:00
toddouska
6294102760 fix wrong NO_DES flags for requirements 2013-11-27 11:59:23 -08:00
Moisés Guimarães
7dfb3c6b29 Fixing length adjustment on both while loops 
added test for client hello without SNI extension
 2013-11-25 21:05:40 -03:00
Moisés Guimarães
0f2f9b6982 added more tests with code refactoring. 2013-11-21 21:25:43 -03:00
Moisés Guimarães
ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
John Safranek
dda5413ae2 moved some #defines around to fix sessioncerts-only build 2013-11-21 10:48:45 -08:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
toddouska
a7bcca84c3 add ecdsa cert signing 2013-11-14 15:00:22 -08:00
John Safranek
8c20ff2d97 Merge branch 'master' of github.com:cyassl/cyassl 2013-11-11 11:31:35 -08:00
John Safranek
dabb8058c4 1. Updated README Note 2. The error code described for no signer 
errors is -188. (The error code -155 is for the signature
   confirmation failing.)
2. Fixed bug in copying the signature from a DecodedCert to a
   CYASSL_X509 record.
 2013-11-11 11:19:35 -08:00
Takashi Kojo
23cada35ba Catch up master 2013-11-10 21:06:34 +09:00
Takashi Kojo
16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
John Safranek
42f82ce9cc Merge branch 'master' of github.com:cyassl/cyassl 2013-11-06 15:54:01 -08:00
John Safranek
20e6ac7104 Added public key type to PKEY copy 2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5 Added X.509 accessor for signature. 2013-11-06 11:49:49 -08:00
Takashi Kojo
f26cf50ff2 Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5 2013-11-06 10:22:21 +09:00
Chris Conlon
fb8c3e0c75 fix gcc warning with enable-ocsp 2013-11-04 15:36:08 -07:00
John Safranek
913e200cd0 X.509 Additions: 
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
 2013-11-04 11:02:17 -08:00
toddouska
12b074fbe9 add worst case estimate to ecc_sign_size() 2013-10-30 13:33:23 -07:00
toddouska
de6b9bc6be fix sniffer with new decrypt/verify code 2013-10-28 17:18:41 -07:00
Takashi Kojo
33ccf62ff5 MDK5 support 2013-10-25 15:49:39 +09:00
toddouska
8c7715ee33 remove CBC naming from HC-128 suites 2013-10-24 12:10:09 -07:00
toddouska
f833674171 remove CBC from RABBIT suite naming 2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714 add AES Blake2b 256 basic suites for speed tests 2013-10-24 11:30:51 -07:00
Takashi Kojo
2f98233825 For MDK5 2013-10-24 18:50:26 +09:00
Takashi Kojo
e4a3599a6b cyassl/src file updates for MDK5 2013-10-24 16:52:17 +09:00
toddouska
c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
Chris Conlon
f45d0709b3 case insensitivity fix for domain name check 2013-10-18 15:17:19 -06:00
Chris Conlon
dba488ba70 add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB 2013-10-14 15:04:26 -06:00
toddouska
6c654bba3d fix camellia memory leak 2013-10-10 16:50:35 -07:00
John Safranek
51c485f523 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
 2013-10-08 14:59:59 -07:00
John Safranek
33bcc76a07 Merge branch 'master' of github.com:cyassl/cyassl 2013-10-02 15:27:10 -07:00
Chris Conlon
17b220e9c7 add Freescale MQX time functionality 2013-09-24 20:12:48 -06:00
John Safranek
5e4ca53496 clean up Windows build issues with OCSP 2013-09-18 14:47:51 -07:00
John Safranek
c5f3eace7d DTLS timeout init wasn't initializing the timeout until after the first timeout. 2013-09-11 14:28:01 -07:00
toddouska
44ba0af192 free fp ecc resources on cleanup 2013-09-06 17:08:57 -07:00
toddouska
a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
John Safranek
f2c75a9e87 ECDSA signatures need a zero padding for the ASN.1 storage of the R and S values 2013-09-05 15:00:01 -07:00
toddouska
b9540bf579 check NULL to match docs 2013-08-29 08:25:14 -07:00
John Safranek
78b8da9949 Initialize the AEAD explicit IV to 0. 2013-08-27 10:44:04 -07:00
toddouska
e8fcf35098 add Rsa Public/Private client key exchange callbacks, examples 2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e add Rsa Sign/Verify callbacks, client/server examples 2013-08-26 16:27:29 -07:00
toddouska
664c6de5d5 send blank cert on client if TLS instead of TLSv1.2, more accept this now and some even incorrectly require it 2013-08-26 12:34:39 -07:00
John Safranek
081a3a57d4 move variable declaration before function code 2013-08-23 10:26:42 -07:00