toddouska
09aeda2162
fix SetCipherList() possible 1 byte overrun
2014-12-01 14:34:48 -08:00
toddouska
295e65ca02
add sanity size check to iv fill in case block size is bad
2014-12-01 14:23:10 -08:00
toddouska
4954043def
release lock on client side cache bad hash
2014-12-01 14:11:32 -08:00
John Safranek
1742e0ddb6
Merge in the ADH-AES128-SHA changes and add a check for it during the
...
packet order sanity checking.
2014-12-01 11:44:32 -08:00
toddouska
fe81c2855d
sanity size check on handshake headers
2014-12-01 08:58:52 -08:00
toddouska
f1ab188949
disallow client to fast forward handshake messages
2014-11-18 16:27:39 -08:00
toddouska
59e62b7c49
Merge pull request #131 from lchristina26/master
...
add braces around empty if statements
2014-11-17 15:30:14 -08:00
toddouska
57522d217b
disallow basic server fast forwards during handshake
2014-11-17 15:25:49 -08:00
toddouska
31858d2a34
move gotChangeCipher from options into msgsReceived
2014-11-17 13:11:45 -08:00
toddouska
5318b243ba
add messages received framework, disallow duplicates
2014-11-17 12:55:07 -08:00
lchristina26
b3b0c8d1fc
Add braces around empty if statements
2014-11-17 11:10:23 -07:00
John Safranek
eb59597fed
fix bug in sniffer when using old client hellos where large hello message may
...
be ignored
2014-11-07 17:11:38 -08:00
John Safranek
00965d44dc
fix sniffer bug with detecting old client hello
2014-11-07 15:35:36 -08:00
John Safranek
a45a8f2cd8
Merge branch 'master' of github.com:cyassl/cyassl
2014-11-07 14:40:21 -08:00
John Safranek
d829b5f93b
Allow sniffer to follow ports using STARTTLS.
2014-11-07 14:37:00 -08:00
toddouska
b36f823da5
only do fips verify core check on fips files
2014-11-07 13:09:32 -08:00
John Safranek
3130145213
Added note to SSL_ResourceFree()
2014-11-06 16:07:05 -08:00
John Safranek
580289375c
Fix memory leak in CyaSSL when using Hash DRBG
2014-11-06 15:44:24 -08:00
toddouska
202a1a152d
fix jenkins report for smallstack derive tls keys
2014-11-04 15:39:54 -08:00
toddouska
322f79f521
allow user to set minimum downgrade version with v23 methods()
2014-11-03 15:12:48 -08:00
toddouska
d9f5ada772
add external wrappers for TLS Master Secret generation and Key Expansion
2014-11-03 09:56:40 -08:00
toddouska
02f7c71222
Merge branch 'master' of github.com:cyassl/cyassl
2014-10-31 13:24:29 -07:00
toddouska
0f641e07a2
remove old client hello processing by default, can turn on with OLD_HELLO_ALLOWED, add sanity checks before size front alloc
2014-10-31 13:23:50 -07:00
John Safranek
bb8853aa50
fix memory leak when resetting the peer address on a DTLS session
2014-10-30 16:23:25 -07:00
John Safranek
56c12c9716
For sniffer with SNI, refactored ssl_SetPrivateKey and
...
ssl_SetNamedPrivateKey so they can be called in any order
for a particular server.
2014-10-30 14:08:45 -07:00
toddouska
1e7b579777
sniffer signals got change cipher
2014-10-29 14:14:32 -07:00
toddouska
7fed36b09d
explicit check for change cipher before finished instead of encryptionOn implicit
2014-10-29 14:07:41 -07:00
toddouska
c982dd2281
allow aes gcm fips wrappers, no void returns
2014-10-27 15:52:22 -07:00
John Safranek
bf718a7d51
Added a callback function to set the master secret on the client
2014-10-24 15:26:47 -07:00
Moisés Guimarães
6138ce720c
internal.c: refactoring SendServerKeyExchange to reduce stack usage:
...
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable hash moved to the heap (36 bytes saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable hash256 moved to the heap (32 bytes saved)
--- variable sha384 moved to the heap (sizeof(sha384) saved)
--- variable hash256 moved to the heap (48 bytes saved)
--- variable encodedSig moved to the heap (512 bytes saved)
*** the variables above appear twice in the code
2014-10-24 13:51:58 -03:00
Moisés Guimarães
dc90935fc7
internal.c: refactoring SendServerKeyExchange to reduce stack usage:
...
--- variable exportBuf moved to the heap (256 bytes saved)
--- indentation fixes
2014-10-24 13:29:18 -03:00
Moisés Guimarães
0e43240180
trims trailing white spaces.
2014-10-24 10:33:24 -03:00
Moisés Guimarães
a60332d9a3
internal.c: refactoring DoServerKeyExchange to reduce stack usage:
...
--- using goto to centralize resources deallocation.
2014-10-21 20:23:50 -03:00
Moisés Guimarães
5056ebe829
internal.c: refactoring DoServerKeyExchange to reduce stack usage:
...
--- variable hash256 moved to the heap (32 bytes saved)
--- variable hash384 moved to the heap (48 bytes saved)
--- variable hash moved to the heap (36 bytes saved)
--- variable messageVerify moved to the heap (612 bytes saved)
--- variable encodedSig moved to the heap (512 bytes saved)
2014-10-21 20:23:50 -03:00
Moisés Guimarães
0447bf7551
internal.c: refactoring DoServerKeyExchange to reduce stack usage:
...
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable sha384 moved to the heap (sizeof(Sha384) saved)
2014-10-21 20:23:50 -03:00
Moisés Guimarães
7f836cd6b3
internal.c: refactoring SendClientKeyExchange to reduce stack usage:
...
--- variable encSecret moved to the heap (1027 bytes saved)
--- variables priv moved to the heap (1024 bytes saved)
2014-10-21 20:23:50 -03:00
Moisés Guimarães
949094cfbc
internal.c: refactoring DoCertificateVerify to reduce stack usage:
...
--- variable encodedSig moved to the heap (512 bytes saved)
2014-10-21 20:23:50 -03:00
Moisés Guimarães
9368c8d1e8
internal.c: refactoring SendCertificateVerify to reduce stack usage:
...
--- variable encodedSig moved to the heap (512 bytes saved)
2014-10-21 20:23:50 -03:00
Moisés Guimarães
845e49781f
internal.c: refactoring DoServerHello to reduce stack usage:
...
--- variable clSuites removed (sizeof(Suites) saved)
ps.: TLSX_Parse() does not requires the suites parameter at client side.
2014-10-21 20:23:50 -03:00
Moisés Guimarães
a7e585b63d
internal.c: refactoring BuildMessage to reduce stack usage:
...
--- variable hmac moved to the heap (up to 64 bytes saved)
2014-10-21 20:23:50 -03:00
Moisés Guimarães
5ef9a21eaa
internal.c: refactoring DoCertificate to reduce stack usage:
...
--- variable domain moved to the heap (256 bytes saved)
--- variable dCert moved to the heap (sizeof(DecodedCert) saved)
--- variable store moved to the heap (sizeof(CYASSL_X509_STORE_CTX) saved)
2014-10-21 20:23:49 -03:00
Moisés Guimarães
37c1627234
internal.c: refactoring BuildFinished to reduce stack usage:
...
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
--- variable sha384 moved to the heap (sizeof(Sha384) saved)
2014-10-21 20:23:49 -03:00
Chris Conlon
50a00d4ff0
add PicoTCP support
2014-10-21 15:43:43 -06:00
John Safranek
e35e02a283
Added SNI named keys to the sniffer.
2014-10-21 12:22:12 -07:00
John Safranek
35bcc98948
Added a callback when receiving a NewSessionTicket handshake message.
2014-10-20 09:25:14 -07:00
John Safranek
60790ee4ae
Merge branch 'master' of github.com:cyassl/cyassl
2014-10-16 22:01:55 -07:00
John Safranek
b2f25cd91c
1. Added accessors for session tickets.
...
2. Fixed client case when server doesn't want to resume session with ticket.
2014-10-16 22:00:13 -07:00
Moisés Guimarães
c2ade678e1
Adds use of ssl->session.sessionIDSz during SendClientHello().
2014-10-13 23:16:11 -03:00
Moisés Guimarães
b10fdbf1f0
Adds storage of ssl->arrays->sessionIDSz in SessionCache at AddSession();
...
Adds storage of ssl->arrays->sessionIDSz in ssl->session at FreeArrays();
2014-10-13 23:16:11 -03:00
Moisés Guimarães
6956d146d1
Adds capture of ssl->arrays->sessionIDSz at DoServerHello.
2014-10-13 23:16:11 -03:00
toddouska
159abadd73
add NO_FORCE_SCR_SAME_SUITE flag for scr
2014-10-09 11:10:40 -07:00
Moisés Guimarães
557f19db0b
Adds support to session IDs of size 1 to 31 bytes.
...
Only session IDs of size 0 or 32 bytes was allowed before, now the session ID size may be from 0 to 32 bytes.
A size of zero bytes means that is no session ID provided by the server.
2014-10-07 13:02:59 -03:00
toddouska
c65b14a891
add scr check against subject hash, only allow explicit session ticket resupmtion during scr
2014-10-06 16:12:45 -07:00
toddouska
214eba0325
fix session ticket get size
2014-10-06 14:52:05 -07:00
John Safranek
7c67a9261c
trimmed some unused code for session tickets
2014-10-06 12:44:52 -07:00
John Safranek
954740e2a8
Added check for expected session ticket
2014-10-04 12:41:51 -07:00
John Safranek
b95b2a8463
Merge branch 'master' of github.com:cyassl/cyassl
2014-10-03 13:27:22 -07:00
John Safranek
80a474ebad
1. Fixed encoding of session ticket hello extension.
...
2. Session tickets used as alternative resumption.
2014-10-03 13:19:59 -07:00
toddouska
24bfade874
catch user error with write() after WANT_WRITE with short size
2014-10-03 12:03:20 -07:00
toddouska
3f01f097e7
allow scr sessoin ticket
2014-10-02 10:43:06 -07:00
toddouska
668fed4796
don't allow scr and fake indication together
2014-10-02 10:18:11 -07:00
John Safranek
9dbc1d2d00
Parse the NewSessionTicket handshake message
2014-10-01 16:28:01 -07:00
toddouska
2f5520d14c
fix potential resource leaks with scr and normal math on key reuse
2014-10-01 11:15:36 -07:00
toddouska
8e96234513
Merge branch 'master' of github.com:cyassl/cyassl
2014-10-01 09:45:57 -07:00
toddouska
41647e441a
preview scr
2014-10-01 09:44:24 -07:00
Moisés Guimarães
ee68797cf1
Adds a flag to tell the handshake framework to expect a session ticket.
2014-09-30 18:50:19 -03:00
toddouska
eb42494ddd
check scr cipher suite for changes
2014-09-30 12:55:15 -07:00
toddouska
29d4148637
handle bunlded scr messages
2014-09-30 11:52:21 -07:00
Moisés Guimarães
a937040087
Adds Session Ticket TLS Extension handling.
...
New Session Ticket Handshake Message handling is still needed for Session Tickets to work.
2014-09-30 09:30:23 -03:00
Moisés Guimarães
6a75c8d144
fix TURN_ON mask
...
adds --enable-session-ticket configure option
2014-09-30 09:30:23 -03:00
toddouska
dcde28db51
add server initiated scr
2014-09-29 14:48:49 -07:00
toddouska
d3db4546ec
allow client auth with scr
2014-09-29 13:38:56 -07:00
Moisés Guimarães
c340d78c93
adds SESSION_TICKET extension id.
...
adds HAVE_TLS_EXTENSIONS as a dependency to HAVE_SECURE_RENEGOTIATION
reduces tlsx semaphore from 16 to 8 bytes (128 flags to 64 flags).
refactors ConvertExtType() to TLSX_ToSemaphore() for a better name and behavior. Now the overflowing flags are set backwards from the end of the flags to avoid collisions.
2014-09-26 16:01:50 -03:00
toddouska
95585e93df
scr session resumption example
2014-09-26 10:47:57 -07:00
toddouska
a260171e23
add scr for ephemeral keys
2014-09-26 10:27:14 -07:00
Jacob Barthelmeh
f5a95a9f62
struct for one time authentication ciphers
2014-09-25 16:19:50 -06:00
toddouska
0c20584ed3
add client side initiated secure r, same specs
2014-09-24 18:48:23 -07:00
toddouska
74c6f35766
new handShakeDone flag to allow app data during scr
2014-09-24 13:10:01 -07:00
toddouska
21f46373f3
delay SetKeys() with SetKeysSide() until last possible moment, needed for scr
2014-09-24 11:27:13 -07:00
toddouska
ed1beafdfc
allow SetKeys() to be called with encrypt or decrypt, or both
2014-09-24 10:12:22 -07:00
Moisés Guimarães
596148840d
adds braces requested by commit_tests.sh on linux
2014-09-22 13:17:05 -03:00
Moisés Guimarães
613337cf89
ssl: refactoring PemToDer to reduce stack usage:
...
--- variable header moved to the heap (80 bytes saved)
--- variable footer moved to the heap (80 bytes saved)
--- variable password moved to the heap (80 bytes saved)
fixes memory leak in CyaSSL_RAND_bytes
2014-09-22 11:37:36 -03:00
Moisés Guimarães
d9472d65da
ssl: refactoring ProcessBuffer to reduce stack usage:
...
--- variable password moved to the heap (80 bytes saved)
--- variable key moved to the heap (32 bytes saved)
--- variable iv moved to the heap (16 bytes saved)
--- variable Des moved to the heap (sizeof(Des) saved)
--- variable Des3 moved to the heap (sizeof(Des3) saved)
--- variable Aes moved to the heap (sizeof(Aes) saved)
--- variable RsaKey moved to the heap (sizeof(RsaKey) saved)
Utility functions added to Des, Des3 and Aes for easier decryption.
2014-09-22 11:37:36 -03:00
Moisés Guimarães
df3ea53494
replaces tabs with spaces.
2014-09-22 11:37:35 -03:00
Moisés Guimarães
e9af29e3e3
ssl: refactoring CyaSSL_CTX_load_verify_locations to reduce stack usage:
...
--- variable name moved to the heap (256 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
cb9dafca26
ssl: refactoring CyaSSL_SetTmpDH_buffer_wrapper to reduce stack usage:
...
--- variable p moved to the heap (513 bytes saved)
--- variable p moved to the heap (513 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
3281e0dfcf
ssl: refactoring CyaSSL_RAND_bytes to reduce stack usage:
...
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
7cafb11791
ssl: refactoring CyaSSL_BN_rand to reduce stack usage:
...
--- variable decoded moved to the heap (1024 bytes saved)
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
68063874dc
ssl: refactoring CyaSSL_BN_hex2bn to reduce stack usage:
...
--- variable decoded moved to the heap (1024 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
4b783b3d80
ssl: refactoring SetDhInternal to reduce stack usage:
...
--- variable p moved to the heap (1024 bytes saved)
--- variable g moved to the heap (1024 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
5605a24e4f
ssl: refactoring CyaSSL_DH_generate_key to reduce stack usage:
...
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
--- variable pub moved to the heap (1024 bytes saved)
--- variable priv moved to the heap (1024 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
6b7dbb9f2a
ssl: refactoring CyaSSL_DH_compute_key to reduce stack usage:
...
--- variable pub moved to the heap (1024 bytes saved)
--- variable priv moved to the heap (1024 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
cab23472be
ssl: refactoring CyaSSL_RSA_generate_key_ex to reduce stack usage:
...
--- variable rng moved to the heap (sizeof(RNG) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
c325504de7
ssl: refactoring CyaSSL_DSA_do_sign to reduce stack usage:
...
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
3f459591c6
ssl: refactoring CyaSSL_RSA_sign to reduce stack usage:
...
--- variable tmpRNG moved to the heap (sizeof(RNG) saved)
--- variable encodedSig moved to the heap (512 bytes saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
961bf710bc
Removes unnecessary indentation. Since we use 80 characters line wrap, every space is important.
2014-09-22 11:37:35 -03:00
Moisés Guimarães
79dfb3a3c3
ssl: refactoring CyaSSL_HMAC to reduce stack usage:
...
--- variable hmac moved to the heap (sizeof(Hmac) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
8eeadc01b9
ssl: refactoring HashSession to reduce stack usage:
...
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
--- variable sha256 moved to the heap (sizeof(Sha256) saved)
ssl: refactoring CyaSSL_EVP_BytesToKey to reduce stack usage:
--- variable md5 moved to the heap (sizeof(Md5) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
19516cf5fd
ssl: refactoring AddCA to reduce stack usage:
...
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
ssl: refactoring ProcessBuffer to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
ssl: refactoring CyaSSL_CertManagerCheckOCSP to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
ssl: refactoring CyaSSL_CertManagerCheckCRL to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
ssl: refactoring CyaSSL_X509_d2i to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
ssl: refactoring CyaSSL_X509_load_certificate_file to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
ssl: refactoring CyaSSL_get_chain_X509 to reduce stack usage:
--- variable cert moved to the heap (sizeof(DecodedCert) saved)
2014-09-22 11:37:35 -03:00
Moisés Guimarães
b2b5179392
fix indentation -- no code changed.
2014-09-22 11:37:35 -03:00