John Safranek
acb3b1afb2
fix bug with DTLS and IO Pools
2014-06-15 17:26:18 -07:00
toddouska
675f99294b
Merge branch 'master' into ti
2014-06-12 16:02:37 -07:00
toddouska
0223708ac4
make crl monitor watch init -1
2014-06-12 16:01:34 -07:00
toddouska
b14bf25881
merge master
2014-06-12 16:00:25 -07:00
toddouska
ceafd298f3
fix linux crl monitor newer gcc warning
2014-06-12 15:56:44 -07:00
toddouska
8237319d80
merge with master
2014-06-10 15:19:45 -07:00
Moisés Guimarães
9c905b6519
fix on TLSX_SNI_GetFromBuffer - > should be >= so extensions of length 0 get inside the while.
...
added test to cover case.
2014-06-10 16:56:45 -03:00
Moisés Guimarães
ba36c24fc1
fix on TLSX_SNI_GetFromBuffer - undo last fix and return 0 when there is no SNI extension. Now the return is the same when there is no extensions at all.
2014-06-10 15:28:29 -03:00
Moisés Guimarães
064483035c
fix on TLSX_SNI_GetFromBuffer - set inOutSz value to zero when there is no SNI extension in the client hello buffer.
2014-06-09 17:31:32 -03:00
toddouska
c6740feee7
Merge branch 'master' into ti
2014-06-09 12:57:43 -07:00
toddouska
e0c5c89bf6
add sanity check on send callback sent value
2014-06-09 12:55:17 -07:00
toddouska
f4c96c68c9
Merge branch 'master' into ti
2014-06-05 17:55:56 -07:00
Chris Conlon
7e5287e578
update NTRU support, with help from thesourcerer8
2014-06-05 14:42:15 -06:00
toddouska
bc3cbee2b6
Merge branch 'master' into ti
2014-06-04 09:59:07 -07:00
toddouska
2494217a87
add sanity check on output buffer size for BuildMessage()
2014-06-04 09:58:15 -07:00
toddouska
e4c33cb51e
Merge branch 'master' into ti
2014-06-04 08:08:52 -07:00
John Safranek
d301ab001c
fix Windows compile warnings
2014-06-03 23:11:18 -07:00
toddouska
6ae76721f2
Merge branch 'master' into ti
2014-06-02 11:24:32 -07:00
toddouska
24b556689f
fix psk define w/ opensslextra
2014-06-02 11:22:47 -07:00
toddouska
a920795665
Merge branch 'master' into ti
2014-05-30 16:57:15 -07:00
John Safranek
b60a61fa94
DHE-PSK cipher suites
...
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
* TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
* TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
* TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
* TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
* TLS_DHE_PSK_WITH_NULL_SHA256
* TLS_DHE_PSK_WITH_NULL_SHA384
* TLS_DHE_PSK_WITH_AES_128_CCM
* TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
2014-05-30 11:26:48 -07:00
toddouska
71a5aeeb81
Merge branch 'master' into ti
2014-05-28 17:37:48 -07:00
toddouska
e11dd9803a
fix icc v14 warnings
2014-05-28 17:36:21 -07:00
toddouska
8a0fbcb83e
Merge branch 'master' into ti
2014-05-28 13:06:51 -07:00
Chris Conlon
7e13e414cb
rename port.c/.h to wc_port.c/.h to prevent FreeRTOS conflicts
2014-05-28 10:28:01 -06:00
toddouska
e373b083bf
Merge branch 'master' into ti
2014-05-20 14:33:14 -07:00
John Safranek
12841e6093
fix integration bugs with new suites
2014-05-20 14:07:08 -07:00
John Safranek
74712b4e71
1. Added the following cipher suites:
...
* TLS_PSK_WITH_AES_128_GCM_SHA256
* TLS_PSK_WITH_AES_256_GCM_SHA384
* TLS_PSK_WITH_AES_256_CBC_SHA384
* TLS_PSK_WITH_NULL_SHA384
2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites.
2014-05-19 21:44:04 -07:00
toddouska
6d3a46ebec
Merge branch 'master' into ti
2014-05-19 17:08:51 -07:00
John Safranek
da5b042d21
AEAD additional data for encrypt and decrypt should be AEAD_AUTH_DATA_SZ
2014-05-19 09:14:10 -07:00
John Safranek
4a511fe36d
Added epoch to sequence number for AES-GCM with DTLS encrypt/decrypt.
2014-05-19 09:14:10 -07:00
toddouska
91df5e52a6
Merge branch 'master' into ti
2014-05-16 09:13:21 -07:00
John Safranek
628e7b4d72
adjust SendData() output buffer check for DTLS header size
2014-05-15 15:55:32 -07:00
toddouska
f9a78b7e20
Merge branch 'master' into ti
2014-05-14 15:07:47 -07:00
toddouska
ce39ef62ef
update const error strings for newly added ones
2014-05-14 15:05:20 -07:00
toddouska
519820133d
Merge branch 'const_errorstrings' of https://github.com/rofl0r/cyassl into errstr
2014-05-14 14:51:40 -07:00
toddouska
a3a12a7010
merge resolution in io.c
2014-05-12 13:36:20 -07:00
toddouska
8c9c257921
Merge pull request #79 from kojo1/IAR
...
sample projects for IAR EWARM
Why is SINGLE_THREADED assumed for IAR with ARM?
2014-05-12 13:28:02 -07:00
toddouska
ec5f3cc681
Merge branch 'master' of https://github.com/tisb/cyassl into ti
2014-05-09 11:38:40 -07:00
Vikram Adiga
5146f3dd94
Initial commit of CyaSSL port for TI-RTOS
2014-05-08 15:50:55 -07:00
toddouska
e57d5d1d2f
Merge branch 'master' of github.com:cyassl/cyassl
2014-05-08 10:27:54 -07:00
toddouska
abbfcde0dc
add fips in core first/last files for code/data hashing
2014-05-08 10:26:31 -07:00
John Safranek
d6b98c1fab
moved OCSP config code outside NO_FILESYSTEM fence
2014-05-05 16:13:08 -07:00
John Safranek
ec13f65ef0
made OCSP callback not dependent on stdio
2014-05-05 16:11:02 -07:00
toddouska
4104b74c40
fix resource leak on bad user cert chain big buffer
2014-05-02 10:30:07 -07:00
toddouska
3e62da0bc9
add linux crl monitor clean shutdown
2014-05-02 10:14:40 -07:00
Takashi Kojo
35d5b66d2c
Merge remote-tracking branch 'CyaSSL-master/master' into IAR
2014-05-02 09:32:55 +09:00
toddouska
912ec25a0f
fix linux crl monitor build
2014-05-01 09:34:16 -07:00
toddouska
14c978ca67
remove space
2014-05-01 09:30:17 -07:00
toddouska
5ff0336491
add custom kqueue event for crl monitor shutdown
2014-05-01 09:28:33 -07:00
Takashi Kojo
f225714e75
io.c, #include
2014-05-01 17:09:28 +09:00
John Safranek
fb5200aa95
1. Added more options to the full commit test.
...
2. Cleanups from static analysis.
2014-04-30 15:01:10 -07:00
John Safranek
85d453f2d1
fix const issue with PK callbacks
2014-04-30 10:15:15 -07:00
John Safranek
09a7a087a2
fix static analysis warnings
2014-04-29 14:52:42 -07:00
John Safranek
618d282d94
Decodes the Name Constraints certificate extension on the CA cert
...
and checks the names on the peer cert, rejecting it if invalid
based on the name.
2014-04-28 11:03:24 -07:00
Moisés Guimarães
8d8fca67c3
SHA256, SHA384 and SHA512 error propagation. Major impact on random functions with error propagation.
2014-04-14 21:39:14 -03:00
Moisés Guimarães
32e2d7016f
SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation.
2014-04-14 21:36:04 -03:00
Moisés Guimarães
644bb9c524
SHA256, SHA384 and SHA512 error propagation. Minor impact on some of internal.c static functions.
2014-04-14 21:28:23 -03:00
Moisés Guimarães
41cc5f06e4
camellia_setup128 and camellia_setup256 refactory to reduce stack usage:
...
--- subL and subR variables moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error in CamelliaSetKey function.
2014-04-14 21:28:22 -03:00
John Safranek
d7eff191ce
Merge branch 'master' of github.com:cyassl/cyassl
2014-04-14 10:35:39 -07:00
John Safranek
ede2aa9c91
allow key use extension errors to be overriden with verify callback
2014-04-14 10:29:29 -07:00
Chris Conlon
be65f5d518
update FSF address, wolfSSL copyright
2014-04-11 15:58:58 -06:00
John Safranek
421c08fc61
Merge branch 'frankencert'
2014-04-11 10:01:03 -07:00
John Safranek
603192f153
Removed an incorrect key use check.
2014-04-10 23:31:43 -07:00
John Safranek
e79ce42ef4
Added checking of the key usage and extended key usage extensions in the
...
certificates.
2014-04-10 16:50:14 -07:00
toddouska
4a99031b8d
fix psk requires with different first byte
2014-04-10 14:58:15 -07:00
toddouska
e40bc9b72d
remove extra spaces
2014-04-10 14:13:18 -07:00
toddouska
5de34bf987
add client suite verify, detect mismatch early
2014-04-10 14:11:30 -07:00
John Safranek
2c97d38c2c
Removed previous change. Fixed it in the Sanity check instead.
2014-04-08 17:00:21 -07:00
John Safranek
52503c713c
fix calls to AesGcmDecrypt and AesCcmDecrypt
2014-04-08 16:35:26 -07:00
toddouska
1863af0762
remove CYASSL_MSG undef
2014-04-04 15:13:44 -07:00
toddouska
562b017776
user settings, custom rand gen, by tyto diff
2014-04-04 15:10:08 -07:00
toddouska
e0534da461
mp Harmony 0.80 beta fix
2014-04-01 13:49:30 -07:00
toddouska
c210600d93
RSA fips mode
2014-04-01 13:08:48 -07:00
toddouska
4ba587b18a
Merge branch 'master' of github.com:cyassl/cyassl
2014-04-01 12:06:48 -07:00
John Safranek
b5a27b0f41
Add compile flag to disable Cert Sign key usage flag check.
2014-03-28 11:21:07 -07:00
John Safranek
4b22986e74
Check for Certificate Sign key usage bit on intermediate CAs.
2014-03-28 10:10:22 -07:00
Moisés Guimarães
6b9f711de0
DesSetKey refactory to reduce stack usage:
...
--- buffer variable moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error.
2014-03-28 12:59:39 -03:00
toddouska
05b132ce1c
HMAC fips mode
2014-03-27 15:43:54 -07:00
toddouska
7dd265cf2e
SHA384 fips mode
2014-03-27 14:37:37 -07:00
toddouska
e873d7998b
SHA512 fips mode
2014-03-27 14:03:12 -07:00
Chris Conlon
59c1adaf0e
version 2.9.2 release
2014-03-27 10:35:57 -06:00
Chris Conlon
4677f2f2c1
fix windows warnings, ignore empty file ones
2014-03-27 10:09:14 -06:00
toddouska
7e9be23628
fix item 5 from report by Ivan Fratric of the Google Security Team
2014-03-26 13:54:16 -07:00
toddouska
717f3adb47
fix item 9 from report by Ivan Fratric of the Google Security Team
2014-03-26 13:28:19 -07:00
toddouska
86ebc48032
fix for item 7 report by Ivan Fratric of the Google Security Team
2014-03-26 13:16:43 -07:00
toddouska
23300a201f
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-26 12:15:04 -07:00
toddouska
43909ac725
fix sslv3 verify mac pad check, item 6 by report from Ivan Fratric of the Google Security Team
2014-03-26 12:14:18 -07:00
John Safranek
dd61daef70
When saving the signature from a DecodedCert to a CYASSL_X509 only copy
...
the signature if it exists.
2014-03-26 12:01:26 -07:00
toddouska
d5be4c4663
SHA-256 fips mode
2014-03-25 17:11:15 -07:00
toddouska
b41186a6dd
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-25 16:02:12 -07:00
toddouska
3607db9077
add SHA1 fips mode
2014-03-25 16:01:17 -07:00
toddouska
fb6d671629
resolve pull request merge conflict
2014-03-25 11:39:07 -07:00
toddouska
8c5d958a8b
add Aes SetIV fips mode
2014-03-24 14:01:36 -07:00
toddouska
0ea10a4388
add 3DES fips mode
2014-03-24 13:37:52 -07:00
toddouska
9fe9276236
finish fips aes w/ tests
2014-03-21 14:49:49 -07:00
toddouska
58885b36eb
add AesCbc fips mode
2014-03-19 16:43:52 -07:00
toddouska
388436c53e
add AesSetKey fips mode
2014-03-19 13:56:11 -07:00
toddouska
8bbc30f3e1
add fips enable switch
2014-03-19 09:43:57 -07:00
Chris Conlon
5a1d420652
move CyaSSL_dtls() and CyaSSL_get_using_nonblock() out of #ifndef CYASSL_LEANPSK for use of leanPSK with standard I/O
2014-03-14 15:33:49 -06:00
Moisés Guimarães
0a5b758de3
Boundaries check for DoCertificate .
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
2014-03-13 19:15:26 -03:00
Moisés Guimarães
2d2d1341cf
Boundaries check for DoCertificateVerify.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
eba36226dc
Boundaries check for DoCertificateRequest.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
7630b1d222
Boundaries check for DoHelloVerifyRequest.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
881de67196
Boundaries check for DoHelloRequest.
...
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable mac;
2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81
Boundaries check for DoFinished.
...
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
4821b5d5fe
Boundaries check for DoCertificateVerify.
...
-- switched from totalSz to size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables;
-- removed unnecessary #ifdef HAVE_ECC and #ifndef NO_RSA.
2014-03-13 19:14:13 -03:00
John Safranek
65475fdfe3
Merge branch 'PIC32MZ' of github.com:kojo1/cyassl-test into kojo1-PIC32MZ
...
Conflicts:
ctaocrypt/benchmark/benchmark.c
2014-03-11 09:54:36 -07:00
John Safranek
6f55549fed
fixes for Xcode 5.1, clang 503.0.38 stricter with some warnings
2014-03-11 09:38:36 -07:00
Takashi Kojo
6235c949b3
PIC32MZ
2014-03-11 11:32:16 +09:00
Takashi Kojo
a9ca608030
Sync with CyaSSL master
2014-03-11 11:22:39 +09:00
Takashi Kojo
6463d34fe7
Roll back native LwIP
2014-03-11 10:59:09 +09:00
Takashi Kojo
3e41d8cecb
Merge branch 'PIC32MZ-HWCrypt'
...
Conflicts:
configure.ac
ctaocrypt/benchmark/benchmark.c
ctaocrypt/src/asn.c
ctaocrypt/src/coding.c
ctaocrypt/src/des3.c
ctaocrypt/src/md5.c
ctaocrypt/src/random.c
ctaocrypt/src/sha.c
ctaocrypt/src/sha256.c
cyassl/ctaocrypt/aes.h
cyassl/ctaocrypt/settings.h
cyassl/ssl.h
cyassl/version.h
examples/server/server.c
m4/ax_debug.m4
m4/ax_tls.m4
mplabx/benchmark_main.c
mplabx/ctaocrypt_test.X/nbproject/configurations.xml
mplabx/test_main.c
src/io.c
src/ocsp.c
src/ssl.c
src/tls.c
testsuite/testsuite.c
2014-03-11 10:11:36 +09:00
Takashi Kojo
8ea2eec773
Merge https://github.com/cyassl/cyassl
2014-03-11 09:55:57 +09:00
John Safranek
ad93bc3510
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-05 13:24:46 -08:00
toddouska
b0d255ed40
fix IE session tickets, they don't have sessionIDs like Chrome, Safari, and Firefox do
2014-03-05 13:12:42 -08:00
Takashi Kojo
f5922255b0
Catching up 2.9.0
2014-03-04 22:09:38 +09:00
toddouska
f1597c86b1
fix clang -Wconversion except -Wsign-conversion
2014-03-03 16:46:48 -08:00
John Safranek
1bb09fb97a
Added epoch to sequence number for AES-CCM with DTLS encrypt/decrypt.
2014-03-03 14:51:57 -08:00
toddouska
1fd6245600
fix all clang warnings except Wpadded (diagnostic), Wconversion which inludes Wsign-conversion (implicit conversions part of standard)
2014-03-03 13:27:52 -08:00
toddouska
c39cdbea54
make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined
2014-03-03 12:18:26 -08:00
John Safranek
ec7c79c12e
fix a couple more uninitialized variables
2014-03-02 18:38:12 -08:00
toddouska
f0f6497526
fix -Wconditional-uninitialized
2014-03-02 11:11:39 -08:00
toddouska
7b00374930
fix -Wmissing-variable-declarations
2014-03-02 11:06:41 -08:00
toddouska
9c5ee66c8c
fix -Wunused-macros
2014-03-02 10:59:03 -08:00
toddouska
c4fd159860
Merge branch 'master' of github.com:cyassl/cyassl
2014-02-25 14:37:00 -08:00
toddouska
ac7cb3c8aa
add -Wunreachable-code
2014-02-24 11:15:22 -08:00
Moisés Guimarães
d26b3bb445
Boundaries check for DoClientKeyExchange.
...
-- switched from totalSz to size in the function parameters
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
2014-02-24 12:41:50 -03:00
Moisés Guimarães
78bab91615
removed duplicated check for INCOMPLETE_DATA
...
added new size enums
2014-02-24 11:26:55 -03:00
Moisés Guimarães
76c8146bf1
moving available data length check to DoHandShakeMsgType
2014-02-24 11:10:54 -03:00
Moisés Guimarães
95bc954273
Boundaries check for server hello parsing.
...
-- added totalSz to the function parameters
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.
2014-02-24 11:10:54 -03:00
John Safranek
77403c7ee2
Sniffer should ignore MATCH_SUITE_ERRORs when processing old client
...
hello messages.
2014-02-21 16:33:47 -08:00
Takashi Kojo
5d5a8dbabd
client.c for LwIP native socket, v0.2
2014-02-20 15:38:35 +09:00
Takashi Kojo
2e69313eb3
Multiple callbacks, fixed initialize ssl->lwipCtx, io.c
2014-02-17 17:40:42 +09:00
Chris Conlon
85a47b4596
add NO_STDIO_FILESYSTEM to exclude FILE usage from non standard filesystems
2014-02-14 14:57:43 -07:00
Chris Conlon
bc3fc658bb
move filesystem abstraction to port.h
2014-02-14 14:46:49 -07:00
Moisés Guimarães
2ff78b7fda
Boundaries check for client hello parsing.
...
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.
TLS extensions return codes fixed.
2014-02-11 18:10:52 -03:00
toddouska
1cf884dccc
add enable-certservice, ease of use
2014-02-11 13:08:12 -08:00
toddouska
fd44cb056f
allow badly reassembled sniffer packets to try on full length vs zero length
2014-02-10 16:27:44 -08:00
John Safranek
4a0afa19bf
Reinitialize the index when processing stored DTLS handshake messages.
2014-02-04 07:36:59 -08:00
Takashi Kojo
78b897a07c
LwIP, native tcp socket, user sent callback
2014-02-04 23:15:34 +09:00
Takashi Kojo
23bc584caf
LwIP, native TCP socket, ver 2
2014-02-04 16:37:50 +09:00
Takashi Kojo
52e661df05
Clean ups
2014-02-04 10:07:01 +09:00
Moisés Guimarães
468e26a3a2
fixed error catching on TLSX_EllipticCurve_Parse
...
fixed unsupported curves handling
2014-02-03 21:54:31 -03:00
John Safranek
f669e73c8d
Merge branch 'master' of github.com:cyassl/cyassl
2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1
Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion.
2014-02-03 16:14:35 -03:00
Takashi Kojo
168985ed9f
LwIP native TCP Socket
2014-02-02 18:09:25 +09:00
toddouska
51b3b1cb6c
fix pkCurveOID c files, doesn't require openssl extra
2014-02-01 12:14:41 -08:00
John Safranek
909b9258d6
Thread safe OCSP.
2014-01-31 16:59:13 -08:00
Moisés Guimarães
5616450a4b
fixed return codes
...
added protection for missing HAVE_TLS_EXTENSIONS
2014-01-31 16:52:15 -03:00
Moisés Guimarães
30e2b4aa11
writing curves in the right order. (reverse)
...
improved curve validation.
2014-01-31 16:52:14 -03:00
Moisés Guimarães
9490c0dbaf
validating curves
2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896
exporting pkCurve info to ctx and ssl
2014-01-31 16:52:14 -03:00
Moisés Guimarães
7d2a6800f7
added Elliptic Curves Extensions implementation and configuration.
2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973
added external api for Elliptic Curves Extension.
2014-01-31 16:52:13 -03:00
John Safranek
cfa9007199
1. Bumped release version in configure.ac.
...
2. Added enable option for SCEP. Enables prereqs.
3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
2014-01-27 11:35:43 -08:00
Moisés Guimarães
8541c2cc97
added renegotiation indication SCSV sending on client hello.
2014-01-21 11:38:59 -03:00
Moisés Guimarães
d58add7e97
added protection to test_CyaSSL_client_server
...
fixed min macro
2014-01-15 10:56:49 -03:00
toddouska
8a1971d52b
add CyaSSL_CertPemToDer for certs, ca certs, and cert reqs
2014-01-14 15:13:43 -08:00
Chris Conlon
1d67d9217e
initial PKCS#7 stubs, tie into ./configure
2014-01-10 15:17:03 -07:00
John Safranek
7b04b7ab84
DTLS IO and cookie callbacks are IPv4/IPv6 agnostic.
2013-12-30 10:39:12 -08:00
John Safranek
420ca9e6e3
Merge branch 'ocsp'
2013-12-27 16:14:47 -08:00
John Safranek
896b16a7df
Fixed off-by-one error in OCSP
2013-12-27 16:13:52 -08:00
John Safranek
d46c68ba10
Moved OCSP into the CertManager like the CRL.
2013-12-27 12:11:47 -08:00
Moisés Guimarães
3e24a446b9
fixing SNI_GetFromBuffer return code on success.
2013-12-24 15:34:17 -03:00
John Safranek
4ce2e59adf
For Atomic user:
...
1. Added a getter for the session's IV size.
2. The HMAC size getter should return 0 for AEAD ciphers
and the hash length for the others.
2013-12-23 22:32:08 -08:00
John Safranek
14aa114854
Trimmed unused includes and defines from OCSP source.
2013-12-23 14:33:44 -08:00
Chris Conlon
64912b37f6
adjust key buffer length when using ToTraditional() or ToTraditionalEnc()
2013-12-23 14:07:58 -07:00
toddouska
29c41da818
do size check on user password input
2013-12-23 12:24:03 -08:00
toddouska
3c706b4645
only set up tmp ctx if using password
2013-12-23 12:15:55 -08:00
toddouska
db71460bb8
add password functionality to CyaSSL_KeyPemToDer()
2013-12-23 12:07:20 -08:00
rofl0r
a36c18c27f
implement CyaSSL_ERR_reason_error_string
...
this has several advantages:
- we can provide a replacement for openssl's ERR_reason_error_string,
which makes porting simpler,
- code shrink due to removal of excessive strcpy call
- all error strings are const anyway so there's no point to force the
user to supply storage for them and copying them around.
2013-12-19 19:40:48 +01:00
John Safranek
fe4f10418f
OCSP lookups are IPv4/IPv6 agnostic.
2013-12-17 18:30:42 -08:00
Moisés Guimarães
ffd58e27ef
removing deprecated TRUNCATED_HMAC_SIZE
2013-12-12 21:05:31 -03:00
John Safranek
9d6182d279
Merge branch 'master' of github.com:cyassl/cyassl
2013-12-12 11:06:21 -08:00
John Safranek
26a26fa19d
1. Fixed a build warning.
...
2. Fixed an initialization bug when decoding old-style client hellos.
2013-12-12 10:45:19 -08:00
Chris Conlon
5909f5c2c0
Merge branch 'master' of github.com:cyassl/cyassl
2013-12-11 16:20:43 -08:00
Chris Conlon
8c7f5817ac
NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file
2013-12-11 16:19:09 -08:00
toddouska
ba95c33ed4
more clang warnings
2013-12-11 15:47:40 -08:00
toddouska
b41d09b1a2
fix newer clang warnings
2013-12-11 12:03:09 -08:00
toddouska
9e56ad262c
fix snifftest pcap frees on file mode, close TraceFile on ssl_Free
2013-12-10 16:17:43 -08:00
toddouska
3051c8e900
make sure Arrays elemets all set to 0
2013-12-09 18:21:43 -08:00
John Safranek
9fe165e8f8
1. Added a couple missing checks for NULL pointers in DTLS code.
...
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0
added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage
2013-12-02 16:19:52 -03:00
Moisés Guimarães
384cc9d3da
adding truncated_hmac to tlsx
2013-12-02 16:19:51 -03:00
Moisés Guimarães
f8b30b3379
changing variable names to build on Ubuntu.
2013-12-02 15:50:21 -03:00
toddouska
6294102760
fix wrong NO_DES flags for requirements
2013-11-27 11:59:23 -08:00
Moisés Guimarães
7dfb3c6b29
Fixing length adjustment on both while loops
...
added test for client hello without SNI extension
2013-11-25 21:05:40 -03:00
Moisés Guimarães
0f2f9b6982
added more tests with code refactoring.
2013-11-21 21:25:43 -03:00
Moisés Guimarães
ba18f8b03e
added new function to retrieve SNI from a buffer.
2013-11-21 21:25:42 -03:00
John Safranek
dda5413ae2
moved some #defines around to fix sessioncerts-only build
2013-11-21 10:48:45 -08:00
John Safranek
4377996d87
Saved original SKID and AKID from certificate for later use with X.509 functions.
2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6
Save more decoded data from certificate for later use with X.509 functions.
2013-11-19 14:44:55 -08:00
toddouska
a7bcca84c3
add ecdsa cert signing
2013-11-14 15:00:22 -08:00
John Safranek
8c20ff2d97
Merge branch 'master' of github.com:cyassl/cyassl
2013-11-11 11:31:35 -08:00
John Safranek
dabb8058c4
1. Updated README Note 2. The error code described for no signer
...
errors is -188. (The error code -155 is for the signature
confirmation failing.)
2. Fixed bug in copying the signature from a DecodedCert to a
CYASSL_X509 record.
2013-11-11 11:19:35 -08:00
Takashi Kojo
23cada35ba
Catch up master
2013-11-10 21:06:34 +09:00
Takashi Kojo
16bda74536
For MDK5 Pack
2013-11-07 10:29:01 +09:00
John Safranek
42f82ce9cc
Merge branch 'master' of github.com:cyassl/cyassl
2013-11-06 15:54:01 -08:00
John Safranek
20e6ac7104
Added public key type to PKEY copy
2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5
Added X.509 accessor for signature.
2013-11-06 11:49:49 -08:00
Takashi Kojo
f26cf50ff2
Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5
2013-11-06 10:22:21 +09:00
Chris Conlon
fb8c3e0c75
fix gcc warning with enable-ocsp
2013-11-04 15:36:08 -07:00
John Safranek
913e200cd0
X.509 Additions:
...
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
2013-11-04 11:02:17 -08:00
toddouska
12b074fbe9
add worst case estimate to ecc_sign_size()
2013-10-30 13:33:23 -07:00
toddouska
de6b9bc6be
fix sniffer with new decrypt/verify code
2013-10-28 17:18:41 -07:00
Takashi Kojo
33ccf62ff5
MDK5 support
2013-10-25 15:49:39 +09:00
toddouska
8c7715ee33
remove CBC naming from HC-128 suites
2013-10-24 12:10:09 -07:00
toddouska
f833674171
remove CBC from RABBIT suite naming
2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714
add AES Blake2b 256 basic suites for speed tests
2013-10-24 11:30:51 -07:00
Takashi Kojo
2f98233825
For MDK5
2013-10-24 18:50:26 +09:00
Takashi Kojo
e4a3599a6b
cyassl/src file updates for MDK5
2013-10-24 16:52:17 +09:00
toddouska
c039b0106a
add HC-128 Blake2b 256 cipher suite for speed test
2013-10-23 17:13:54 -07:00
Chris Conlon
f45d0709b3
case insensitivity fix for domain name check
2013-10-18 15:17:19 -06:00
Chris Conlon
dba488ba70
add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB
2013-10-14 15:04:26 -06:00
toddouska
6c654bba3d
fix camellia memory leak
2013-10-10 16:50:35 -07:00
John Safranek
51c485f523
1. Added a couple missing checks for NULL pointers in DTLS code.
...
2. Fixed compiler warning under Windows.
2013-10-08 14:59:59 -07:00
John Safranek
33bcc76a07
Merge branch 'master' of github.com:cyassl/cyassl
2013-10-02 15:27:10 -07:00
Chris Conlon
17b220e9c7
add Freescale MQX time functionality
2013-09-24 20:12:48 -06:00
John Safranek
5e4ca53496
clean up Windows build issues with OCSP
2013-09-18 14:47:51 -07:00
John Safranek
c5f3eace7d
DTLS timeout init wasn't initializing the timeout until after the first timeout.
2013-09-11 14:28:01 -07:00
toddouska
44ba0af192
free fp ecc resources on cleanup
2013-09-06 17:08:57 -07:00
toddouska
a14af5f0b0
move mutex to port layer at crypto level
2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76
centralizing MAX_DIGEST_SIZE definition in hmac.h
2013-09-06 15:53:46 -03:00
John Safranek
f2c75a9e87
ECDSA signatures need a zero padding for the ASN.1 storage of the R and S values
2013-09-05 15:00:01 -07:00
toddouska
b9540bf579
check NULL to match docs
2013-08-29 08:25:14 -07:00
John Safranek
78b8da9949
Initialize the AEAD explicit IV to 0.
2013-08-27 10:44:04 -07:00
toddouska
e8fcf35098
add Rsa Public/Private client key exchange callbacks, examples
2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e
add Rsa Sign/Verify callbacks, client/server examples
2013-08-26 16:27:29 -07:00
toddouska
664c6de5d5
send blank cert on client if TLS instead of TLSv1.2, more accept this now and some even incorrectly require it
2013-08-26 12:34:39 -07:00
John Safranek
081a3a57d4
move variable declaration before function code
2013-08-23 10:26:42 -07:00
John Safranek
33a7a7f762
initialize return variable
2013-08-23 10:20:39 -07:00
John Safranek
0002ba4ee8
Merge branch 'master' of github.com:cyassl/cyassl
2013-08-23 10:12:17 -07:00
John Safranek
d734c86c72
cleanup build warnings
...
1. Change `CyaSSL_OCSP_set_options()` to return `SSL_SUCCESS`
or `SSL_FAILURE` as `int` like rest of API.
2. Fix data narrowing warning in file io.c function
`process_http_response()`.
3. Fix global variable shadowed warning in file ssl.c function
`CyaSSL_GetSessionAtIndex()`
4. Fix data narrowing warning in file internal.c functions
`Encrypt()` and `Decrypt()`. Passed in a word32 size parameter
that was provided a word16 and used as a word16.
5. Removed unreachable code from file tls.c function
`CyaSSL_GetHmacType()`.
6. Fix data narrowing warnings in file aes.c functions
`AesCcmEncrypt()` and `AesCcmDecrypt()`.
2013-08-23 10:09:35 -07:00
toddouska
e98f5f95c2
add public key callbacks for ecc sign/verify, examples
2013-08-22 18:19:39 -07:00
toddouska
bc958f5798
C comments only
2013-08-22 10:35:46 -07:00
John Safranek
64ba0587a3
Merge branch 'master' of github.com:cyassl/cyassl
2013-08-21 22:42:15 -07:00
John Safranek
957cf90118
Added function to read certificate from file into CYASSL_X509 buffer.
2013-08-21 22:36:43 -07:00
toddouska
54a2f8b9aa
add useratomic DecryptVerify Callbacks, example
2013-08-21 16:55:34 -07:00
John Safranek
9f07a7dd2b
modified SEP X509 functions to behave like the NAME_oneline function
2013-08-20 16:47:38 -07:00
John Safranek
442886a207
Added x509 accessors for the SEP build certificate additions.
2013-08-17 09:01:15 -07:00
toddouska
65f0e9f6b9
add atomic user macencrypt cb
2013-08-09 17:27:15 -07:00
toddouska
3378f8f25e
add DTLS cookie ctx geter
2013-08-06 15:06:33 -07:00
toddouska
5c5cee0789
use external CYASSL_MAX_ERROR_SZ for buffer size
2013-08-06 11:48:00 -07:00
John Safranek
831d9cf640
SEP Profile
...
1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
a CYASSL_SESSION record.
2013-08-02 16:03:41 -07:00
toddouska
3b4ff94931
add paramter validation to SSL I/O calls
2013-08-02 12:12:51 -07:00
John Safranek
1357cdb0e4
SEP Profile
...
1. Add session cache index to CYASSL structure.
2. Add accessor for cache index in CYASSL structure.
3. Add copy function for session cache item.
2013-07-28 17:11:22 -07:00
Moisés Guimarães
55401c13dd
Truncated HMAC first part (protocol). Extension processing will be coded later.
2013-07-23 15:42:43 -03:00
toddouska
14b100fee6
fix savecert with no_skid, gcc warnings
2013-07-22 14:30:35 -07:00
toddouska
37a9a7a457
add IOCb Ctx getters
2013-07-22 11:01:00 -07:00
toddouska
705aa0f453
fix user malloc define w/ opensslextra
2013-07-05 09:42:49 -07:00
John Safranek
226f018829
Fixed memory leak of http buffer in OCSP lookup.
2013-07-02 17:35:30 -07:00
Moisés Guimarães
593e466a44
limiting max_fragment API for client side only.
2013-07-01 10:13:43 -03:00
toddouska
307c71d9cb
add CyaSSL_UnloadCertsKeys to free SSL certs and keys after handshake
2013-06-27 10:26:04 -07:00
John Safranek
773d0da1bc
Fixed issue with the DTLS EmbedReceiveFrom() callback using IPv6.
2013-06-26 17:40:21 -07:00
John Safranek
29b32e582a
DTLS IPv6 Hello Cookie Update
...
1. Add support for IPv6 addresses when calculating DTLS Cookie.
2. Simplify cookie calculation.
2013-06-26 16:32:01 -07:00
toddouska
60c2388ae7
fix potential NetX packet memory leak
2013-06-26 11:03:54 -07:00
toddouska
87eb94b7c4
Merge branch 'master' of github.com:cyassl/cyassl
2013-06-24 14:02:40 -07:00
toddouska
b51d6f3b8f
add NetX default IO context handling
2013-06-24 14:00:48 -07:00
John Safranek
0c34ecb451
OCSP Updates
...
1. Add option to example server and client to check the OCSP responder.
2. Add option to example server and client to override the URL to use
when checking the OCSP responder.
3. Copy the certificate serial number correctly into OCSP request.
Add leading zero only if MS bit is set.
4. Fix responder address used when Auth Info extension is present.
5. Update EmbedOcspLookup callback to better handle the HTTP
response and obtain the complete OCSP response.
2013-06-24 10:47:24 -07:00
John Safranek
17ab84eb07
Update call to DoAlert()
...
When handling the alerts, the return code wasn't checked for error codes. A corrupted alert message could cause a control flow issue.
2013-06-19 15:01:13 -07:00
Moisés Guimarães
25e910a0a9
max fragment length tests and fixes
2013-06-19 16:38:57 -03:00
Moisés Guimarães
5f3ee80407
added:
...
- max fragment length extension;
- CyaSSL_SNI_GetRequest() to get client's request at server side;
- Automated tests for SNI;
2013-06-19 15:45:06 -03:00
toddouska
d02af46256
windows build warning fixes
2013-06-17 12:26:21 -07:00
toddouska
8c70b11528
add newSession flag to SetServerID to do full handshake w/ new session
2013-06-14 15:29:18 -07:00
toddouska
7f7c595d10
differentiate between THREADX and RTP_SYS
2013-06-14 13:45:25 -07:00
toddouska
9559f09028
warning fixes
2013-06-13 12:13:46 -07:00
John Safranek
b40c2c0b1f
Fixed issue with no_server/no_client optional compile losing two functions
2013-06-06 21:59:05 +02:00
Moisés Guimarães
f1d1898ddf
Added new option to SNI: CYASSL_SNI_ANSWER_ON_MISMATCH
...
Added new function to SNI API: CyaSSL_SNI_Matched()
2013-06-03 17:55:06 -03:00
Moisés Guimarães
cb2082edee
changed CYASSL_SNI_ABORT_ON_MISMATCH to CYASSL_SNI_CONTINUE_ON_MISMATCH
2013-06-03 10:04:49 -03:00
John Safranek
ebd03368c7
for DTLS handshakes, put change cipher spec and finished messages in same datagram
2013-05-31 13:48:49 -07:00
Moisés Guimarães
79fad81c32
shrinking function names
2013-05-30 15:40:10 -03:00
Moisés Guimarães
5c665fe614
Added options to SNI (now it is possible to choose whether or not to abort on a SNI Host Name mismatch)
...
Exposed SNI Type at ssl.h
2013-05-30 15:26:41 -03:00
Jasper Spaans
2b59554245
fix cipherSuite0 byte in sniffer, so ECC is recognised correctly.
2013-05-28 10:56:13 +02:00
John Safranek
9753e46721
minor OCSP update
...
1. When doing the HTTP transaction, use recv() and send().
2. When a cert doesn't have an Auth Info extension, and not using
an override server, it is considered good.
3. decode_url() should return -1 in case of error.
4. When decoding HTTP response, process all the headers, skipping all
of those that are not-processed.
2013-05-24 17:23:07 -07:00
Moisés Guimarães
2030bab8d8
fixed shift, cast and name for extensions semaphore.
2013-05-23 17:02:39 -03:00
John Safranek
4ed2cf4b6e
Earlier DTLS transmit patch, moved local variable definition to top of block
2013-05-22 18:36:13 -07:00
John Safranek
acaa2c02bf
Fixed unencrypted TLS alerts having extra data, ssn12
2013-05-21 18:21:22 -07:00
John Safranek
80225e58aa
updated the formatting from the patch
2013-05-21 17:39:11 -07:00
John Safranek
c325436712
Merge branch 'master' of git://github.com/JonasNorling/cyassl into JonasNorling-master
2013-05-21 17:27:11 -07:00
John Safranek
abed4cf669
Fix DTLS server memory leak, ssn11
2013-05-21 16:21:49 -07:00
toddouska
d2003bb8b7
merge in sni
2013-05-21 14:37:50 -07:00
John Safranek
b347df8d9a
DTLS rx size check, ssn10
...
Allows for receiving datagrams larger than the MTU that are reassembled
by the IP stack.
2013-05-21 13:52:22 -07:00
toddouska
fd5937b599
MDK-ARM updates
2013-05-20 17:56:27 -07:00
toddouska
10e6e7fbb5
check error_string_n size and truncate if too short
2013-05-20 10:36:06 -07:00
toddouska
8f5e98486f
fix MPLAB X windows warnings
2013-05-17 11:13:47 -07:00
Chris Conlon
a4c6ed0dda
add support for Microchip TCP/IP 6.0 beta
2013-05-17 10:59:18 -06:00
toddouska
dcf88daae7
fix KEIL warnings
2013-05-17 09:49:46 -07:00
Jonas Norling
2051ee49b7
Increment record layer sequence number when retransmitting DTLS packets (as per the RFC). Send the Finished message in the next epoch, but don't commit to using the next epoch until the other end indicates that the CCS message has been received.
...
Tested against an OpenSSL server, this change makes it a bit happier.
2013-05-17 16:47:55 +02:00
John Safranek
05f11c4bca
DTLS Finished send duplication
...
1. Only add the encrypted Finished message to DTLS retransmit pool.
2. Don't increment the epoch or sequence number when retransmitting.
2013-05-15 10:31:42 -07:00
John Safranek
ac716c96d3
Output buffer size check when sending transmit pool.
...
1. Added a call to CheckAvailableSize() when sending the DTLS transmit pool.
2. Rename CheckAvailableSize().
2013-05-13 12:32:47 -07:00
Chris Conlon
2a741ba469
Merge branch 'master' of github.com:cyassl/cyassl
2013-05-10 17:34:32 -06:00
Chris Conlon
f5c3458795
fix typos
2013-05-10 17:31:50 -06:00
toddouska
61bf080290
fix serverhello extensions idx bug
2013-05-10 15:52:32 -07:00
toddouska
07407bbdaa
rename sniffer bornOn to lastUsed to reflect new usage
2013-05-09 17:58:48 -07:00
toddouska
712b3dd17c
remove some not compiled ins
2013-05-09 15:33:37 -07:00
toddouska
8f0b695249
fix leanpsk build with keep cert / session cert
2013-05-09 15:29:25 -07:00
toddouska
83b96d748e
external API use SSL_FATAL_ERROR instead of -1 cases
2013-05-09 13:17:07 -07:00
toddouska
ca4b2b3f90
keep sniffer sessions alive as used, and prevent remove stale from removing active ones
2013-05-09 11:48:02 -07:00
Chris Conlon
f4c379cb96
minor typo fix
2013-05-09 11:23:07 -06:00