mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,464 Commits 5 Branches 162 Tags 807 MiB
f81ee9e4d3
Commit Graph

1112 Commits

Author SHA1 Message Date
JacobBarthelmeh
3f2ee0801a declaration locations for ARM 2014-07-24 18:59:39 -06:00
toddouska
0c6a961e35 Merge branch 'master' into ti 2014-07-23 14:20:58 -07:00
Moisés Guimarães
c20fdb037e io: refactoring EmbedOcspLookup: 
--- single return point
--- changed stack reduction MEMORY_E to -1 to match XMALLOC fail at httpBuf
--- variable written removed
--- variable ocspRespSz renamed to ret (initialized with -1  and set only once with process_http_response result)
 2014-07-23 13:20:23 -03:00
Moisés Guimarães
7dfb9e2d5f io: refactoring EmbedGenerateCookie to reduce stack usage: 
--- use ShaHash instead of InitSha, ShaUpdate and ShaFinal (sizeof(Sha) saved)

io: refactoring EmbedOcspLookup to reduce stack usage:
--- variable domainName moved to the heap (80 bytes saved)
--- variable path moved to the heap (80 bytes saved)
 2014-07-23 12:28:54 -03:00
toddouska
ec0fd7e969 Merge branch 'master' into ti 2014-07-22 13:55:59 -07:00
Moisés Guimarães
2245204685 crl: refactoring LoadCRL to reduce stack usage: 
--- variable name moved to the heap (256 bytes saved)
 2014-07-21 22:52:06 -03:00
Moisés Guimarães
3ae9105b05 crl: refactoring DoMonitor to reduce stack usage: 
--- variable buff moved to the heap (8192 bytes saved)
 2014-07-21 22:52:05 -03:00
Moisés Guimarães
108b21e36f crl: refactoring SwapLists to reduce stack usage: 
--- variable tmp moved to the heap (sizeof(CYASS_CRL) saved)
 2014-07-21 22:52:05 -03:00
Moisés Guimarães
6e0c6551ff crl: refactoring BufferLoadCRL to reduce stack usage: 
--- variable dcrl moved to the heap (sizeof(DecodedCRL) saved)
 2014-07-21 22:52:05 -03:00
Moisés Guimarães
fb3e706d69 ocsp: refactoring CheckCertOCSP to reduce stack usage: 
--- variable newStatus moved to the heap (sizeof(CertStatus) saved)
--- variable ocspRequest moved to the heap (sizeof(OcspRequest) saved)
--- variable ocspResponse moved to the heap (sizeof(OcspResponse) saved)
 2014-07-21 22:52:05 -03:00
toddouska
a73a160aaf Merge branch 'master' into ti 2014-07-21 16:26:39 -07:00
toddouska
3bfd0bbf3b fixup some chacah-poly suite things including a valgrind error 2014-07-21 16:20:17 -07:00
JacobBarthelmeh
ff58f65418 merge 2014-07-21 15:12:12 -06:00
JacobBarthelmeh
3c27deb9d0 merge 2014-07-21 13:50:22 -06:00
toddouska
c0ef346073 Merge branch 'master' into ti 2014-07-18 19:27:04 -07:00
JacobBarthelmeh
726cc3e3a4 sanity check and recent cyassl release 2014-07-18 14:42:45 -06:00
JacobBarthelmeh
7cb65d8b3d asthetics 2014-07-17 15:33:48 -06:00
JacobBarthelmeh
b77a1fdbbb refactoring 2014-07-17 15:00:40 -06:00
John Safranek
307e5f3bff fix build warnings with lean-psk mode 2014-07-16 14:40:41 -07:00
JacobBarthelmeh
7eb8f571ed reverse compatibility 2014-07-16 14:55:38 -06:00
JacobBarthelmeh
5b08cb35d7 updated sequence number in AD and unit tests 2014-07-14 16:13:24 -06:00
JacobBarthelmeh
4250955003 arg error checking and CHACHA_AEAD_TEST update 2014-07-11 16:06:29 -06:00
JacobBarthelmeh
e62fbdd49f added ECDSA and DHE_RSA support for chacha-poly 2014-07-10 16:35:56 -06:00
JacobBarthelmeh
c322cb05ad uses most recent version of cyassl 2014-07-10 11:18:49 -06:00
JacobBarthelmeh
da0876c474 Merge branch 'cipher-suite' of https://github.com/JacobBarthelmeh/cyassl into cipher-suite 2014-07-09 15:49:29 -06:00
JacobBarthelmeh
fb25db9c28 progress on suite 2014-07-09 15:48:40 -06:00
toddouska
4ed9b3fa33 Merge branch 'master' into ti 2014-07-07 10:32:52 -07:00
toddouska
8a3b3b03d2 fix crl problem error out if verify peer disabled 2014-07-03 12:13:41 -07:00
toddouska
61e989ed99 Merge branch 'master' into ti 2014-07-03 11:34:15 -07:00
toddouska
2d63c559cc dh now disabled by default but can be enabled w/o opensslextra 2014-07-03 11:32:24 -07:00
toddouska
6817e3cd2e Merge branch 'master' into ti 2014-07-02 16:31:55 -07:00
JacobBarthelmeh
18119610fb Update tls.c 2014-07-02 16:06:41 -06:00
toddouska
0272d51ce4 remove C++ comments from cyassl proper 2014-07-02 12:11:01 -07:00
JacobBarthelmeh
a1e8eb0802 progress on suite 2014-07-02 12:49:14 -06:00
toddouska
0950b19da8 Merge branch 'master' into ti 2014-07-02 10:49:22 -07:00
toddouska
4aac37bff9 move CipherRequires() to both client and server, VerifyClientSuite() to client only 2014-07-02 10:48:04 -07:00
JacobBarthelmeh
53c63dd257 progress on suite 2014-07-01 16:08:52 -06:00
JacobBarthelmeh
6c366a1863 progress on suite 2014-07-01 15:19:55 -06:00
JacobBarthelmeh
5bf411f345 progress on suite 2014-07-01 14:16:44 -06:00
toddouska
f2de04ae46 Merge branch 'master' into ti 2014-06-26 08:57:35 -06:00
Moisés Guimarães
9339d7d5b1 add support to TLS extensions in DTLS 2014-06-25 13:26:42 -03:00
toddouska
a6ea32461d Merge branch 'master' into ti 2014-06-20 14:48:53 -07:00
toddouska
e6d9151f47 add user cert chain functionality at SSL level instead of just CTX 2014-06-20 10:49:21 -07:00
toddouska
a319354e92 Merge branch 'master' into ti 2014-06-20 09:24:11 -07:00
toddouska
6371b3c262 send ecdsa_sign for client cert request type is sig algo ecdsa 2014-06-20 09:22:40 -07:00
toddouska
4fe938cf3a Merge branch 'master' into ti 2014-06-19 16:01:35 -07:00
toddouska
9642902c07 fix disable rsa w/ opensslextra 2014-06-19 15:59:24 -07:00
toddouska
59196df818 Merge branch 'master' into ti 2014-06-16 12:31:24 -07:00
toddouska
8350d91780 fix PemToDer encrypted key search start position for bundled files 2014-06-16 12:30:04 -07:00
toddouska
9a180b0ec8 Merge branch 'master' into ti 2014-06-16 11:05:20 -07:00
John Safranek
acb3b1afb2 fix bug with DTLS and IO Pools 2014-06-15 17:26:18 -07:00
toddouska
675f99294b Merge branch 'master' into ti 2014-06-12 16:02:37 -07:00
toddouska
0223708ac4 make crl monitor watch init -1 2014-06-12 16:01:34 -07:00
toddouska
b14bf25881 merge master 2014-06-12 16:00:25 -07:00
toddouska
ceafd298f3 fix linux crl monitor newer gcc warning 2014-06-12 15:56:44 -07:00
toddouska
8237319d80 merge with master 2014-06-10 15:19:45 -07:00
Moisés Guimarães
9c905b6519 fix on TLSX_SNI_GetFromBuffer - > should be >= so extensions of length 0 get inside the while. 
added test to cover case.
 2014-06-10 16:56:45 -03:00
Moisés Guimarães
ba36c24fc1 fix on TLSX_SNI_GetFromBuffer - undo last fix and return 0 when there is no SNI extension. Now the return is the same when there is no extensions at all. 2014-06-10 15:28:29 -03:00
Moisés Guimarães
064483035c fix on TLSX_SNI_GetFromBuffer - set inOutSz value to zero when there is no SNI extension in the client hello buffer. 2014-06-09 17:31:32 -03:00
toddouska
c6740feee7 Merge branch 'master' into ti 2014-06-09 12:57:43 -07:00
toddouska
e0c5c89bf6 add sanity check on send callback sent value 2014-06-09 12:55:17 -07:00
toddouska
f4c96c68c9 Merge branch 'master' into ti 2014-06-05 17:55:56 -07:00
Chris Conlon
7e5287e578 update NTRU support, with help from thesourcerer8 2014-06-05 14:42:15 -06:00
toddouska
bc3cbee2b6 Merge branch 'master' into ti 2014-06-04 09:59:07 -07:00
toddouska
2494217a87 add sanity check on output buffer size for BuildMessage() 2014-06-04 09:58:15 -07:00
toddouska
e4c33cb51e Merge branch 'master' into ti 2014-06-04 08:08:52 -07:00
John Safranek
d301ab001c fix Windows compile warnings 2014-06-03 23:11:18 -07:00
toddouska
6ae76721f2 Merge branch 'master' into ti 2014-06-02 11:24:32 -07:00
toddouska
24b556689f fix psk define w/ opensslextra 2014-06-02 11:22:47 -07:00
toddouska
a920795665 Merge branch 'master' into ti 2014-05-30 16:57:15 -07:00
John Safranek
b60a61fa94 DHE-PSK cipher suites 
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 * TLS_DHE_PSK_WITH_NULL_SHA256
 * TLS_DHE_PSK_WITH_NULL_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CCM
 * TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
 2014-05-30 11:26:48 -07:00
toddouska
71a5aeeb81 Merge branch 'master' into ti 2014-05-28 17:37:48 -07:00
toddouska
e11dd9803a fix icc v14 warnings 2014-05-28 17:36:21 -07:00
toddouska
8a0fbcb83e Merge branch 'master' into ti 2014-05-28 13:06:51 -07:00
Chris Conlon
7e13e414cb rename port.c/.h to wc_port.c/.h to prevent FreeRTOS conflicts 2014-05-28 10:28:01 -06:00
toddouska
e373b083bf Merge branch 'master' into ti 2014-05-20 14:33:14 -07:00
John Safranek
12841e6093 fix integration bugs with new suites 2014-05-20 14:07:08 -07:00
John Safranek
74712b4e71 1. Added the following cipher suites: 
* TLS_PSK_WITH_AES_128_GCM_SHA256
 * TLS_PSK_WITH_AES_256_GCM_SHA384
 * TLS_PSK_WITH_AES_256_CBC_SHA384
 * TLS_PSK_WITH_NULL_SHA384
2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites.
 2014-05-19 21:44:04 -07:00
toddouska
6d3a46ebec Merge branch 'master' into ti 2014-05-19 17:08:51 -07:00
John Safranek
da5b042d21 AEAD additional data for encrypt and decrypt should be AEAD_AUTH_DATA_SZ 2014-05-19 09:14:10 -07:00
John Safranek
4a511fe36d Added epoch to sequence number for AES-GCM with DTLS encrypt/decrypt. 2014-05-19 09:14:10 -07:00
toddouska
91df5e52a6 Merge branch 'master' into ti 2014-05-16 09:13:21 -07:00
John Safranek
628e7b4d72 adjust SendData() output buffer check for DTLS header size 2014-05-15 15:55:32 -07:00
toddouska
f9a78b7e20 Merge branch 'master' into ti 2014-05-14 15:07:47 -07:00
toddouska
ce39ef62ef update const error strings for newly added ones 2014-05-14 15:05:20 -07:00
toddouska
519820133d Merge branch 'const_errorstrings' of https://github.com/rofl0r/cyassl into errstr 2014-05-14 14:51:40 -07:00
toddouska
a3a12a7010 merge resolution in io.c 2014-05-12 13:36:20 -07:00
toddouska
8c9c257921 Merge pull request #79 from kojo1/IAR 
sample projects for IAR EWARM

Why is SINGLE_THREADED assumed for IAR with ARM?
 2014-05-12 13:28:02 -07:00
toddouska
ec5f3cc681 Merge branch 'master' of https://github.com/tisb/cyassl into ti 2014-05-09 11:38:40 -07:00
Vikram Adiga
5146f3dd94 Initial commit of CyaSSL port for TI-RTOS 2014-05-08 15:50:55 -07:00
toddouska
e57d5d1d2f Merge branch 'master' of github.com:cyassl/cyassl 2014-05-08 10:27:54 -07:00
toddouska
abbfcde0dc add fips in core first/last files for code/data hashing 2014-05-08 10:26:31 -07:00
John Safranek
d6b98c1fab moved OCSP config code outside NO_FILESYSTEM fence 2014-05-05 16:13:08 -07:00
John Safranek
ec13f65ef0 made OCSP callback not dependent on stdio 2014-05-05 16:11:02 -07:00
toddouska
4104b74c40 fix resource leak on bad user cert chain big buffer 2014-05-02 10:30:07 -07:00
toddouska
3e62da0bc9 add linux crl monitor clean shutdown 2014-05-02 10:14:40 -07:00
Takashi Kojo
35d5b66d2c Merge remote-tracking branch 'CyaSSL-master/master' into IAR 2014-05-02 09:32:55 +09:00
toddouska
912ec25a0f fix linux crl monitor build 2014-05-01 09:34:16 -07:00
toddouska
14c978ca67 remove space 2014-05-01 09:30:17 -07:00
toddouska
5ff0336491 add custom kqueue event for crl monitor shutdown 2014-05-01 09:28:33 -07:00
Takashi Kojo
f225714e75 io.c, #include 2014-05-01 17:09:28 +09:00
John Safranek
fb5200aa95 1. Added more options to the full commit test. 
2. Cleanups from static analysis.
 2014-04-30 15:01:10 -07:00
John Safranek
85d453f2d1 fix const issue with PK callbacks 2014-04-30 10:15:15 -07:00
John Safranek
09a7a087a2 fix static analysis warnings 2014-04-29 14:52:42 -07:00
John Safranek
618d282d94 Decodes the Name Constraints certificate extension on the CA cert 
and checks the names on the peer cert, rejecting it if invalid
based on the name.
 2014-04-28 11:03:24 -07:00
Moisés Guimarães
8d8fca67c3 SHA256, SHA384 and SHA512 error propagation. Major impact on random functions with error propagation. 2014-04-14 21:39:14 -03:00
Moisés Guimarães
32e2d7016f SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation. 2014-04-14 21:36:04 -03:00
Moisés Guimarães
644bb9c524 SHA256, SHA384 and SHA512 error propagation. Minor impact on some of internal.c static functions. 2014-04-14 21:28:23 -03:00
Moisés Guimarães
41cc5f06e4 camellia_setup128 and camellia_setup256 refactory to reduce stack usage: 
--- subL and subR variables moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error in CamelliaSetKey function.
 2014-04-14 21:28:22 -03:00
John Safranek
d7eff191ce Merge branch 'master' of github.com:cyassl/cyassl 2014-04-14 10:35:39 -07:00
John Safranek
ede2aa9c91 allow key use extension errors to be overriden with verify callback 2014-04-14 10:29:29 -07:00
Chris Conlon
be65f5d518 update FSF address, wolfSSL copyright 2014-04-11 15:58:58 -06:00
John Safranek
421c08fc61 Merge branch 'frankencert' 2014-04-11 10:01:03 -07:00
John Safranek
603192f153 Removed an incorrect key use check. 2014-04-10 23:31:43 -07:00
John Safranek
e79ce42ef4 Added checking of the key usage and extended key usage extensions in the 
certificates.
 2014-04-10 16:50:14 -07:00
toddouska
4a99031b8d fix psk requires with different first byte 2014-04-10 14:58:15 -07:00
toddouska
e40bc9b72d remove extra spaces 2014-04-10 14:13:18 -07:00
toddouska
5de34bf987 add client suite verify, detect mismatch early 2014-04-10 14:11:30 -07:00
John Safranek
2c97d38c2c Removed previous change. Fixed it in the Sanity check instead. 2014-04-08 17:00:21 -07:00
John Safranek
52503c713c fix calls to AesGcmDecrypt and AesCcmDecrypt 2014-04-08 16:35:26 -07:00
toddouska
1863af0762 remove CYASSL_MSG undef 2014-04-04 15:13:44 -07:00
toddouska
562b017776 user settings, custom rand gen, by tyto diff 2014-04-04 15:10:08 -07:00
toddouska
e0534da461 mp Harmony 0.80 beta fix 2014-04-01 13:49:30 -07:00
toddouska
c210600d93 RSA fips mode 2014-04-01 13:08:48 -07:00
toddouska
4ba587b18a Merge branch 'master' of github.com:cyassl/cyassl 2014-04-01 12:06:48 -07:00
John Safranek
b5a27b0f41 Add compile flag to disable Cert Sign key usage flag check. 2014-03-28 11:21:07 -07:00
John Safranek
4b22986e74 Check for Certificate Sign key usage bit on intermediate CAs. 2014-03-28 10:10:22 -07:00
Moisés Guimarães
6b9f711de0 DesSetKey refactory to reduce stack usage: 
--- buffer variable moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error.
 2014-03-28 12:59:39 -03:00
toddouska
05b132ce1c HMAC fips mode 2014-03-27 15:43:54 -07:00
toddouska
7dd265cf2e SHA384 fips mode 2014-03-27 14:37:37 -07:00
toddouska
e873d7998b SHA512 fips mode 2014-03-27 14:03:12 -07:00
Chris Conlon
59c1adaf0e version 2.9.2 release 2014-03-27 10:35:57 -06:00
Chris Conlon
4677f2f2c1 fix windows warnings, ignore empty file ones 2014-03-27 10:09:14 -06:00
toddouska
7e9be23628 fix item 5 from report by Ivan Fratric of the Google Security Team 2014-03-26 13:54:16 -07:00
toddouska
717f3adb47 fix item 9 from report by Ivan Fratric of the Google Security Team 2014-03-26 13:28:19 -07:00
toddouska
86ebc48032 fix for item 7 report by Ivan Fratric of the Google Security Team 2014-03-26 13:16:43 -07:00
toddouska
23300a201f Merge branch 'master' of github.com:cyassl/cyassl 2014-03-26 12:15:04 -07:00
toddouska
43909ac725 fix sslv3 verify mac pad check, item 6 by report from Ivan Fratric of the Google Security Team 2014-03-26 12:14:18 -07:00
John Safranek
dd61daef70 When saving the signature from a DecodedCert to a CYASSL_X509 only copy 
the signature if it exists.
 2014-03-26 12:01:26 -07:00
toddouska
d5be4c4663 SHA-256 fips mode 2014-03-25 17:11:15 -07:00
toddouska
b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska
3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
toddouska
fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska
8c5d958a8b add Aes SetIV fips mode 2014-03-24 14:01:36 -07:00
toddouska
0ea10a4388 add 3DES fips mode 2014-03-24 13:37:52 -07:00
toddouska
9fe9276236 finish fips aes w/ tests 2014-03-21 14:49:49 -07:00
toddouska
58885b36eb add AesCbc fips mode 2014-03-19 16:43:52 -07:00
toddouska
388436c53e add AesSetKey fips mode 2014-03-19 13:56:11 -07:00
toddouska
8bbc30f3e1 add fips enable switch 2014-03-19 09:43:57 -07:00
Chris Conlon
5a1d420652 move CyaSSL_dtls() and CyaSSL_get_using_nonblock() out of #ifndef CYASSL_LEANPSK for use of leanPSK with standard I/O 2014-03-14 15:33:49 -06:00
Moisés Guimarães
0a5b758de3 Boundaries check for DoCertificate . 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
 2014-03-13 19:15:26 -03:00
Moisés Guimarães
2d2d1341cf Boundaries check for DoCertificateVerify. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
eba36226dc Boundaries check for DoCertificateRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
7630b1d222 Boundaries check for DoHelloVerifyRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
881de67196 Boundaries check for DoHelloRequest. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable mac;
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81 Boundaries check for DoFinished. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
4821b5d5fe Boundaries check for DoCertificateVerify. 
-- switched from totalSz to size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables;
-- removed unnecessary #ifdef HAVE_ECC and #ifndef NO_RSA.
 2014-03-13 19:14:13 -03:00
John Safranek
65475fdfe3 Merge branch 'PIC32MZ' of github.com:kojo1/cyassl-test into kojo1-PIC32MZ 
Conflicts:
	ctaocrypt/benchmark/benchmark.c
 2014-03-11 09:54:36 -07:00
John Safranek
6f55549fed fixes for Xcode 5.1, clang 503.0.38 stricter with some warnings 2014-03-11 09:38:36 -07:00
Takashi Kojo
6235c949b3 PIC32MZ 2014-03-11 11:32:16 +09:00
Takashi Kojo
a9ca608030 Sync with CyaSSL master 2014-03-11 11:22:39 +09:00
Takashi Kojo
6463d34fe7 Roll back native LwIP 2014-03-11 10:59:09 +09:00
Takashi Kojo
3e41d8cecb Merge branch 'PIC32MZ-HWCrypt' 
Conflicts:
	configure.ac
	ctaocrypt/benchmark/benchmark.c
	ctaocrypt/src/asn.c
	ctaocrypt/src/coding.c
	ctaocrypt/src/des3.c
	ctaocrypt/src/md5.c
	ctaocrypt/src/random.c
	ctaocrypt/src/sha.c
	ctaocrypt/src/sha256.c
	cyassl/ctaocrypt/aes.h
	cyassl/ctaocrypt/settings.h
	cyassl/ssl.h
	cyassl/version.h
	examples/server/server.c
	m4/ax_debug.m4
	m4/ax_tls.m4
	mplabx/benchmark_main.c
	mplabx/ctaocrypt_test.X/nbproject/configurations.xml
	mplabx/test_main.c
	src/io.c
	src/ocsp.c
	src/ssl.c
	src/tls.c
	testsuite/testsuite.c
 2014-03-11 10:11:36 +09:00
Takashi Kojo
8ea2eec773 Merge https://github.com/cyassl/cyassl 2014-03-11 09:55:57 +09:00
John Safranek
ad93bc3510 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-05 13:24:46 -08:00
toddouska
b0d255ed40 fix IE session tickets, they don't have sessionIDs like Chrome, Safari, and Firefox do 2014-03-05 13:12:42 -08:00
Takashi Kojo
f5922255b0 Catching up 2.9.0 2014-03-04 22:09:38 +09:00
toddouska
f1597c86b1 fix clang -Wconversion except -Wsign-conversion 2014-03-03 16:46:48 -08:00
John Safranek
1bb09fb97a Added epoch to sequence number for AES-CCM with DTLS encrypt/decrypt. 2014-03-03 14:51:57 -08:00
toddouska
1fd6245600 fix all clang warnings except Wpadded (diagnostic), Wconversion which inludes Wsign-conversion (implicit conversions part of standard) 2014-03-03 13:27:52 -08:00
toddouska
c39cdbea54 make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined 2014-03-03 12:18:26 -08:00
John Safranek
ec7c79c12e fix a couple more uninitialized variables 2014-03-02 18:38:12 -08:00
toddouska
f0f6497526 fix -Wconditional-uninitialized 2014-03-02 11:11:39 -08:00
toddouska
7b00374930 fix -Wmissing-variable-declarations 2014-03-02 11:06:41 -08:00
toddouska
9c5ee66c8c fix -Wunused-macros 2014-03-02 10:59:03 -08:00
toddouska
c4fd159860 Merge branch 'master' of github.com:cyassl/cyassl 2014-02-25 14:37:00 -08:00
toddouska
ac7cb3c8aa add -Wunreachable-code 2014-02-24 11:15:22 -08:00
Moisés Guimarães
d26b3bb445 Boundaries check for DoClientKeyExchange. 
-- switched from totalSz to size in the function parameters
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
 2014-02-24 12:41:50 -03:00
Moisés Guimarães
78bab91615 removed duplicated check for INCOMPLETE_DATA 
added new size enums
 2014-02-24 11:26:55 -03:00
Moisés Guimarães
76c8146bf1 moving available data length check to DoHandShakeMsgType 2014-02-24 11:10:54 -03:00
Moisés Guimarães
95bc954273 Boundaries check for server hello parsing. 
-- added totalSz to the function parameters
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.
 2014-02-24 11:10:54 -03:00
John Safranek
77403c7ee2 Sniffer should ignore MATCH_SUITE_ERRORs when processing old client 
hello messages.
 2014-02-21 16:33:47 -08:00
Takashi Kojo
5d5a8dbabd client.c for LwIP native socket, v0.2 2014-02-20 15:38:35 +09:00
Takashi Kojo
2e69313eb3 Multiple callbacks, fixed initialize ssl->lwipCtx, io.c 2014-02-17 17:40:42 +09:00
Chris Conlon
85a47b4596 add NO_STDIO_FILESYSTEM to exclude FILE usage from non standard filesystems 2014-02-14 14:57:43 -07:00
Chris Conlon
bc3fc658bb move filesystem abstraction to port.h 2014-02-14 14:46:49 -07:00
Moisés Guimarães
2ff78b7fda Boundaries check for client hello parsing. 
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.

TLS extensions return codes fixed.
 2014-02-11 18:10:52 -03:00
toddouska
1cf884dccc add enable-certservice, ease of use 2014-02-11 13:08:12 -08:00
toddouska
fd44cb056f allow badly reassembled sniffer packets to try on full length vs zero length 2014-02-10 16:27:44 -08:00
John Safranek
4a0afa19bf Reinitialize the index when processing stored DTLS handshake messages. 2014-02-04 07:36:59 -08:00
Takashi Kojo
78b897a07c LwIP, native tcp socket, user sent callback 2014-02-04 23:15:34 +09:00
Takashi Kojo
23bc584caf LwIP, native TCP socket, ver 2 2014-02-04 16:37:50 +09:00
Takashi Kojo
52e661df05 Clean ups 2014-02-04 10:07:01 +09:00
Moisés Guimarães
468e26a3a2 fixed error catching on TLSX_EllipticCurve_Parse 
fixed unsupported curves handling
 2014-02-03 21:54:31 -03:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
Takashi Kojo
168985ed9f LwIP native TCP Socket 2014-02-02 18:09:25 +09:00
toddouska
51b3b1cb6c fix pkCurveOID c files, doesn't require openssl extra 2014-02-01 12:14:41 -08:00
John Safranek
909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães
5616450a4b fixed return codes 
added protection for missing HAVE_TLS_EXTENSIONS
 2014-01-31 16:52:15 -03:00
Moisés Guimarães
30e2b4aa11 writing curves in the right order. (reverse) 
improved curve validation.
 2014-01-31 16:52:14 -03:00
Moisés Guimarães
9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães
7d2a6800f7 added Elliptic Curves Extensions implementation and configuration. 2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
John Safranek
cfa9007199 1. Bumped release version in configure.ac. 
2. Added enable option for SCEP. Enables prereqs.
3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
 2014-01-27 11:35:43 -08:00
Moisés Guimarães
8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
Moisés Guimarães
d58add7e97 added protection to test_CyaSSL_client_server 
fixed min macro
 2014-01-15 10:56:49 -03:00
toddouska
8a1971d52b add CyaSSL_CertPemToDer for certs, ca certs, and cert reqs 2014-01-14 15:13:43 -08:00
Chris Conlon
1d67d9217e initial PKCS#7 stubs, tie into ./configure 2014-01-10 15:17:03 -07:00
John Safranek
7b04b7ab84 DTLS IO and cookie callbacks are IPv4/IPv6 agnostic. 2013-12-30 10:39:12 -08:00
John Safranek
420ca9e6e3 Merge branch 'ocsp' 2013-12-27 16:14:47 -08:00
John Safranek
896b16a7df Fixed off-by-one error in OCSP 2013-12-27 16:13:52 -08:00
John Safranek
d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
Moisés Guimarães
3e24a446b9 fixing SNI_GetFromBuffer return code on success. 2013-12-24 15:34:17 -03:00
John Safranek
4ce2e59adf For Atomic user: 
1. Added a getter for the session's IV size.
2. The HMAC size getter should return 0 for AEAD ciphers
   and the hash length for the others.
 2013-12-23 22:32:08 -08:00
John Safranek
14aa114854 Trimmed unused includes and defines from OCSP source. 2013-12-23 14:33:44 -08:00
Chris Conlon
64912b37f6 adjust key buffer length when using ToTraditional() or ToTraditionalEnc() 2013-12-23 14:07:58 -07:00
toddouska
29c41da818 do size check on user password input 2013-12-23 12:24:03 -08:00
toddouska
3c706b4645 only set up tmp ctx if using password 2013-12-23 12:15:55 -08:00
toddouska
db71460bb8 add password functionality to CyaSSL_KeyPemToDer() 2013-12-23 12:07:20 -08:00
rofl0r
a36c18c27f implement CyaSSL_ERR_reason_error_string 
this has several advantages:
- we can provide a replacement for openssl's ERR_reason_error_string,
  which makes porting simpler,
- code shrink due to removal of excessive strcpy call
- all error strings are const anyway so there's no point to force the
  user to supply storage for them and copying them around.
 2013-12-19 19:40:48 +01:00
John Safranek
fe4f10418f OCSP lookups are IPv4/IPv6 agnostic. 2013-12-17 18:30:42 -08:00
Moisés Guimarães
ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
John Safranek
9d6182d279 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-12 11:06:21 -08:00
John Safranek
26a26fa19d 1. Fixed a build warning. 
2. Fixed an initialization bug when decoding old-style client hellos.
 2013-12-12 10:45:19 -08:00
Chris Conlon
5909f5c2c0 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-11 16:20:43 -08:00
Chris Conlon
8c7f5817ac NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file 2013-12-11 16:19:09 -08:00
toddouska
ba95c33ed4 more clang warnings 2013-12-11 15:47:40 -08:00
toddouska
b41d09b1a2 fix newer clang warnings 2013-12-11 12:03:09 -08:00
toddouska
9e56ad262c fix snifftest pcap frees on file mode, close TraceFile on ssl_Free 2013-12-10 16:17:43 -08:00
toddouska
3051c8e900 make sure Arrays elemets all set to 0 2013-12-09 18:21:43 -08:00
John Safranek
9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
 2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães
384cc9d3da adding truncated_hmac to tlsx 2013-12-02 16:19:51 -03:00
Moisés Guimarães
f8b30b3379 changing variable names to build on Ubuntu. 2013-12-02 15:50:21 -03:00
toddouska
6294102760 fix wrong NO_DES flags for requirements 2013-11-27 11:59:23 -08:00
Moisés Guimarães
7dfb3c6b29 Fixing length adjustment on both while loops 
added test for client hello without SNI extension
 2013-11-25 21:05:40 -03:00
Moisés Guimarães
0f2f9b6982 added more tests with code refactoring. 2013-11-21 21:25:43 -03:00
Moisés Guimarães
ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
John Safranek
dda5413ae2 moved some #defines around to fix sessioncerts-only build 2013-11-21 10:48:45 -08:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
toddouska
a7bcca84c3 add ecdsa cert signing 2013-11-14 15:00:22 -08:00
John Safranek
8c20ff2d97 Merge branch 'master' of github.com:cyassl/cyassl 2013-11-11 11:31:35 -08:00
John Safranek
dabb8058c4 1. Updated README Note 2. The error code described for no signer 
errors is -188. (The error code -155 is for the signature
   confirmation failing.)
2. Fixed bug in copying the signature from a DecodedCert to a
   CYASSL_X509 record.
 2013-11-11 11:19:35 -08:00
Takashi Kojo
23cada35ba Catch up master 2013-11-10 21:06:34 +09:00
Takashi Kojo
16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
John Safranek
42f82ce9cc Merge branch 'master' of github.com:cyassl/cyassl 2013-11-06 15:54:01 -08:00
John Safranek
20e6ac7104 Added public key type to PKEY copy 2013-11-06 14:16:21 -08:00