mirrors/wolfssl
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
2,464 Commits 5 Branches 162 Tags 807 MiB
f81ee9e4d3
Commit Graph

1112 Commits

Author SHA1 Message Date
Moisés Guimarães
0a5b758de3 Boundaries check for DoCertificate . 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
 2014-03-13 19:15:26 -03:00
Moisés Guimarães
2d2d1341cf Boundaries check for DoCertificateVerify. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
eba36226dc Boundaries check for DoCertificateRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
7630b1d222 Boundaries check for DoHelloVerifyRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
881de67196 Boundaries check for DoHelloRequest. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable mac;
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
244e335e81 Boundaries check for DoFinished. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães
4821b5d5fe Boundaries check for DoCertificateVerify. 
-- switched from totalSz to size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables;
-- removed unnecessary #ifdef HAVE_ECC and #ifndef NO_RSA.
 2014-03-13 19:14:13 -03:00
John Safranek
65475fdfe3 Merge branch 'PIC32MZ' of github.com:kojo1/cyassl-test into kojo1-PIC32MZ 
Conflicts:
	ctaocrypt/benchmark/benchmark.c
 2014-03-11 09:54:36 -07:00
John Safranek
6f55549fed fixes for Xcode 5.1, clang 503.0.38 stricter with some warnings 2014-03-11 09:38:36 -07:00
Takashi Kojo
6235c949b3 PIC32MZ 2014-03-11 11:32:16 +09:00
Takashi Kojo
a9ca608030 Sync with CyaSSL master 2014-03-11 11:22:39 +09:00
Takashi Kojo
6463d34fe7 Roll back native LwIP 2014-03-11 10:59:09 +09:00
Takashi Kojo
3e41d8cecb Merge branch 'PIC32MZ-HWCrypt' 
Conflicts:
	configure.ac
	ctaocrypt/benchmark/benchmark.c
	ctaocrypt/src/asn.c
	ctaocrypt/src/coding.c
	ctaocrypt/src/des3.c
	ctaocrypt/src/md5.c
	ctaocrypt/src/random.c
	ctaocrypt/src/sha.c
	ctaocrypt/src/sha256.c
	cyassl/ctaocrypt/aes.h
	cyassl/ctaocrypt/settings.h
	cyassl/ssl.h
	cyassl/version.h
	examples/server/server.c
	m4/ax_debug.m4
	m4/ax_tls.m4
	mplabx/benchmark_main.c
	mplabx/ctaocrypt_test.X/nbproject/configurations.xml
	mplabx/test_main.c
	src/io.c
	src/ocsp.c
	src/ssl.c
	src/tls.c
	testsuite/testsuite.c
 2014-03-11 10:11:36 +09:00
Takashi Kojo
8ea2eec773 Merge https://github.com/cyassl/cyassl 2014-03-11 09:55:57 +09:00
John Safranek
ad93bc3510 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-05 13:24:46 -08:00
toddouska
b0d255ed40 fix IE session tickets, they don't have sessionIDs like Chrome, Safari, and Firefox do 2014-03-05 13:12:42 -08:00
Takashi Kojo
f5922255b0 Catching up 2.9.0 2014-03-04 22:09:38 +09:00
toddouska
f1597c86b1 fix clang -Wconversion except -Wsign-conversion 2014-03-03 16:46:48 -08:00
John Safranek
1bb09fb97a Added epoch to sequence number for AES-CCM with DTLS encrypt/decrypt. 2014-03-03 14:51:57 -08:00
toddouska
1fd6245600 fix all clang warnings except Wpadded (diagnostic), Wconversion which inludes Wsign-conversion (implicit conversions part of standard) 2014-03-03 13:27:52 -08:00
toddouska
c39cdbea54 make sure enable-webserver (HAVE_WEBSERVER) can handle password callbacks as well as opensslextra unless NO_PWDBASED defined 2014-03-03 12:18:26 -08:00
John Safranek
ec7c79c12e fix a couple more uninitialized variables 2014-03-02 18:38:12 -08:00
toddouska
f0f6497526 fix -Wconditional-uninitialized 2014-03-02 11:11:39 -08:00
toddouska
7b00374930 fix -Wmissing-variable-declarations 2014-03-02 11:06:41 -08:00
toddouska
9c5ee66c8c fix -Wunused-macros 2014-03-02 10:59:03 -08:00
toddouska
c4fd159860 Merge branch 'master' of github.com:cyassl/cyassl 2014-02-25 14:37:00 -08:00
toddouska
ac7cb3c8aa add -Wunreachable-code 2014-02-24 11:15:22 -08:00
Moisés Guimarães
d26b3bb445 Boundaries check for DoClientKeyExchange. 
-- switched from totalSz to size in the function parameters
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
 2014-02-24 12:41:50 -03:00
Moisés Guimarães
78bab91615 removed duplicated check for INCOMPLETE_DATA 
added new size enums
 2014-02-24 11:26:55 -03:00
Moisés Guimarães
76c8146bf1 moving available data length check to DoHandShakeMsgType 2014-02-24 11:10:54 -03:00
Moisés Guimarães
95bc954273 Boundaries check for server hello parsing. 
-- added totalSz to the function parameters
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.
 2014-02-24 11:10:54 -03:00
John Safranek
77403c7ee2 Sniffer should ignore MATCH_SUITE_ERRORs when processing old client 
hello messages.
 2014-02-21 16:33:47 -08:00
Takashi Kojo
5d5a8dbabd client.c for LwIP native socket, v0.2 2014-02-20 15:38:35 +09:00
Takashi Kojo
2e69313eb3 Multiple callbacks, fixed initialize ssl->lwipCtx, io.c 2014-02-17 17:40:42 +09:00
Chris Conlon
85a47b4596 add NO_STDIO_FILESYSTEM to exclude FILE usage from non standard filesystems 2014-02-14 14:57:43 -07:00
Chris Conlon
bc3fc658bb move filesystem abstraction to port.h 2014-02-14 14:46:49 -07:00
Moisés Guimarães
2ff78b7fda Boundaries check for client hello parsing. 
-- INCOMPLETE DATA checked only once with hello size against buffer size
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size)
-- OPAQUE16_LEN used whenever 2 bytes are needed.
-- Session id checking improved.

TLS extensions return codes fixed.
 2014-02-11 18:10:52 -03:00
toddouska
1cf884dccc add enable-certservice, ease of use 2014-02-11 13:08:12 -08:00
toddouska
fd44cb056f allow badly reassembled sniffer packets to try on full length vs zero length 2014-02-10 16:27:44 -08:00
John Safranek
4a0afa19bf Reinitialize the index when processing stored DTLS handshake messages. 2014-02-04 07:36:59 -08:00
Takashi Kojo
78b897a07c LwIP, native tcp socket, user sent callback 2014-02-04 23:15:34 +09:00
Takashi Kojo
23bc584caf LwIP, native TCP socket, ver 2 2014-02-04 16:37:50 +09:00
Takashi Kojo
52e661df05 Clean ups 2014-02-04 10:07:01 +09:00
Moisés Guimarães
468e26a3a2 fixed error catching on TLSX_EllipticCurve_Parse 
fixed unsupported curves handling
 2014-02-03 21:54:31 -03:00
John Safranek
f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
Moisés Guimarães
36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
Takashi Kojo
168985ed9f LwIP native TCP Socket 2014-02-02 18:09:25 +09:00
toddouska
51b3b1cb6c fix pkCurveOID c files, doesn't require openssl extra 2014-02-01 12:14:41 -08:00
John Safranek
909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães
5616450a4b fixed return codes 
added protection for missing HAVE_TLS_EXTENSIONS
 2014-01-31 16:52:15 -03:00
Moisés Guimarães
30e2b4aa11 writing curves in the right order. (reverse) 
improved curve validation.
 2014-01-31 16:52:14 -03:00
Moisés Guimarães
9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães
de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães
7d2a6800f7 added Elliptic Curves Extensions implementation and configuration. 2014-01-31 16:52:13 -03:00
Moisés Guimarães
75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
John Safranek
cfa9007199 1. Bumped release version in configure.ac. 
2. Added enable option for SCEP. Enables prereqs.
3. Added CyaSSL_wolfSCEP() for ac to test for CyaSSL SCEP.
 2014-01-27 11:35:43 -08:00
Moisés Guimarães
8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
Moisés Guimarães
d58add7e97 added protection to test_CyaSSL_client_server 
fixed min macro
 2014-01-15 10:56:49 -03:00
toddouska
8a1971d52b add CyaSSL_CertPemToDer for certs, ca certs, and cert reqs 2014-01-14 15:13:43 -08:00
Chris Conlon
1d67d9217e initial PKCS#7 stubs, tie into ./configure 2014-01-10 15:17:03 -07:00
John Safranek
7b04b7ab84 DTLS IO and cookie callbacks are IPv4/IPv6 agnostic. 2013-12-30 10:39:12 -08:00
John Safranek
420ca9e6e3 Merge branch 'ocsp' 2013-12-27 16:14:47 -08:00
John Safranek
896b16a7df Fixed off-by-one error in OCSP 2013-12-27 16:13:52 -08:00
John Safranek
d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
Moisés Guimarães
3e24a446b9 fixing SNI_GetFromBuffer return code on success. 2013-12-24 15:34:17 -03:00
John Safranek
4ce2e59adf For Atomic user: 
1. Added a getter for the session's IV size.
2. The HMAC size getter should return 0 for AEAD ciphers
   and the hash length for the others.
 2013-12-23 22:32:08 -08:00
John Safranek
14aa114854 Trimmed unused includes and defines from OCSP source. 2013-12-23 14:33:44 -08:00
Chris Conlon
64912b37f6 adjust key buffer length when using ToTraditional() or ToTraditionalEnc() 2013-12-23 14:07:58 -07:00
toddouska
29c41da818 do size check on user password input 2013-12-23 12:24:03 -08:00
toddouska
3c706b4645 only set up tmp ctx if using password 2013-12-23 12:15:55 -08:00
toddouska
db71460bb8 add password functionality to CyaSSL_KeyPemToDer() 2013-12-23 12:07:20 -08:00
rofl0r
a36c18c27f implement CyaSSL_ERR_reason_error_string 
this has several advantages:
- we can provide a replacement for openssl's ERR_reason_error_string,
  which makes porting simpler,
- code shrink due to removal of excessive strcpy call
- all error strings are const anyway so there's no point to force the
  user to supply storage for them and copying them around.
 2013-12-19 19:40:48 +01:00
John Safranek
fe4f10418f OCSP lookups are IPv4/IPv6 agnostic. 2013-12-17 18:30:42 -08:00
Moisés Guimarães
ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
John Safranek
9d6182d279 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-12 11:06:21 -08:00
John Safranek
26a26fa19d 1. Fixed a build warning. 
2. Fixed an initialization bug when decoding old-style client hellos.
 2013-12-12 10:45:19 -08:00
Chris Conlon
5909f5c2c0 Merge branch 'master' of github.com:cyassl/cyassl 2013-12-11 16:20:43 -08:00
Chris Conlon
8c7f5817ac NO_FILESYSTEM fix for CyaSSL_X509_load_certificate_file 2013-12-11 16:19:09 -08:00
toddouska
ba95c33ed4 more clang warnings 2013-12-11 15:47:40 -08:00
toddouska
b41d09b1a2 fix newer clang warnings 2013-12-11 12:03:09 -08:00
toddouska
9e56ad262c fix snifftest pcap frees on file mode, close TraceFile on ssl_Free 2013-12-10 16:17:43 -08:00
toddouska
3051c8e900 make sure Arrays elemets all set to 0 2013-12-09 18:21:43 -08:00
John Safranek
9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
 2013-12-03 15:11:00 -08:00
Moisés Guimarães
0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães
384cc9d3da adding truncated_hmac to tlsx 2013-12-02 16:19:51 -03:00
Moisés Guimarães
f8b30b3379 changing variable names to build on Ubuntu. 2013-12-02 15:50:21 -03:00
toddouska
6294102760 fix wrong NO_DES flags for requirements 2013-11-27 11:59:23 -08:00
Moisés Guimarães
7dfb3c6b29 Fixing length adjustment on both while loops 
added test for client hello without SNI extension
 2013-11-25 21:05:40 -03:00
Moisés Guimarães
0f2f9b6982 added more tests with code refactoring. 2013-11-21 21:25:43 -03:00
Moisés Guimarães
ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
John Safranek
dda5413ae2 moved some #defines around to fix sessioncerts-only build 2013-11-21 10:48:45 -08:00
John Safranek
4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek
0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
toddouska
a7bcca84c3 add ecdsa cert signing 2013-11-14 15:00:22 -08:00
John Safranek
8c20ff2d97 Merge branch 'master' of github.com:cyassl/cyassl 2013-11-11 11:31:35 -08:00
John Safranek
dabb8058c4 1. Updated README Note 2. The error code described for no signer 
errors is -188. (The error code -155 is for the signature
   confirmation failing.)
2. Fixed bug in copying the signature from a DecodedCert to a
   CYASSL_X509 record.
 2013-11-11 11:19:35 -08:00
Takashi Kojo
23cada35ba Catch up master 2013-11-10 21:06:34 +09:00
Takashi Kojo
16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
John Safranek
42f82ce9cc Merge branch 'master' of github.com:cyassl/cyassl 2013-11-06 15:54:01 -08:00
John Safranek
20e6ac7104 Added public key type to PKEY copy 2013-11-06 14:16:21 -08:00
John Safranek
4dc30fcde5 Added X.509 accessor for signature. 2013-11-06 11:49:49 -08:00
Takashi Kojo
f26cf50ff2 Merge branch 'master' of https://github.com/cyassl/cyassl into MDK5 2013-11-06 10:22:21 +09:00
Chris Conlon
fb8c3e0c75 fix gcc warning with enable-ocsp 2013-11-04 15:36:08 -07:00
John Safranek
913e200cd0 X.509 Additions: 
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
 2013-11-04 11:02:17 -08:00
toddouska
12b074fbe9 add worst case estimate to ecc_sign_size() 2013-10-30 13:33:23 -07:00
toddouska
de6b9bc6be fix sniffer with new decrypt/verify code 2013-10-28 17:18:41 -07:00
Takashi Kojo
33ccf62ff5 MDK5 support 2013-10-25 15:49:39 +09:00
toddouska
8c7715ee33 remove CBC naming from HC-128 suites 2013-10-24 12:10:09 -07:00
toddouska
f833674171 remove CBC from RABBIT suite naming 2013-10-24 11:52:21 -07:00
toddouska
4c04b6e714 add AES Blake2b 256 basic suites for speed tests 2013-10-24 11:30:51 -07:00
Takashi Kojo
2f98233825 For MDK5 2013-10-24 18:50:26 +09:00
Takashi Kojo
e4a3599a6b cyassl/src file updates for MDK5 2013-10-24 16:52:17 +09:00
toddouska
c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
Chris Conlon
f45d0709b3 case insensitivity fix for domain name check 2013-10-18 15:17:19 -06:00
Chris Conlon
dba488ba70 add option to always call verify callback with CYASSL_ALWAYS_VERIFY_CB 2013-10-14 15:04:26 -06:00
toddouska
6c654bba3d fix camellia memory leak 2013-10-10 16:50:35 -07:00
John Safranek
51c485f523 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
 2013-10-08 14:59:59 -07:00
John Safranek
33bcc76a07 Merge branch 'master' of github.com:cyassl/cyassl 2013-10-02 15:27:10 -07:00
Chris Conlon
17b220e9c7 add Freescale MQX time functionality 2013-09-24 20:12:48 -06:00
John Safranek
5e4ca53496 clean up Windows build issues with OCSP 2013-09-18 14:47:51 -07:00
John Safranek
c5f3eace7d DTLS timeout init wasn't initializing the timeout until after the first timeout. 2013-09-11 14:28:01 -07:00
toddouska
44ba0af192 free fp ecc resources on cleanup 2013-09-06 17:08:57 -07:00
toddouska
a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
Moisés Guimarães
d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
John Safranek
f2c75a9e87 ECDSA signatures need a zero padding for the ASN.1 storage of the R and S values 2013-09-05 15:00:01 -07:00
toddouska
b9540bf579 check NULL to match docs 2013-08-29 08:25:14 -07:00
John Safranek
78b8da9949 Initialize the AEAD explicit IV to 0. 2013-08-27 10:44:04 -07:00
toddouska
e8fcf35098 add Rsa Public/Private client key exchange callbacks, examples 2013-08-26 17:14:19 -07:00
toddouska
f3f80bd66e add Rsa Sign/Verify callbacks, client/server examples 2013-08-26 16:27:29 -07:00
toddouska
664c6de5d5 send blank cert on client if TLS instead of TLSv1.2, more accept this now and some even incorrectly require it 2013-08-26 12:34:39 -07:00
John Safranek
081a3a57d4 move variable declaration before function code 2013-08-23 10:26:42 -07:00
John Safranek
33a7a7f762 initialize return variable 2013-08-23 10:20:39 -07:00
John Safranek
0002ba4ee8 Merge branch 'master' of github.com:cyassl/cyassl 2013-08-23 10:12:17 -07:00
John Safranek
d734c86c72 cleanup build warnings 
1. Change `CyaSSL_OCSP_set_options()` to return `SSL_SUCCESS`
   or `SSL_FAILURE` as `int` like rest of API.
2. Fix data narrowing warning in file io.c function
   `process_http_response()`.
3. Fix global variable shadowed warning in file ssl.c function
   `CyaSSL_GetSessionAtIndex()`
4. Fix data narrowing warning in file internal.c functions
   `Encrypt()` and `Decrypt()`. Passed in a word32 size parameter
   that was provided a word16 and used as a word16.
5. Removed unreachable code from file tls.c function
   `CyaSSL_GetHmacType()`.
6. Fix data narrowing warnings in file aes.c functions
   `AesCcmEncrypt()` and `AesCcmDecrypt()`.
 2013-08-23 10:09:35 -07:00
toddouska
e98f5f95c2 add public key callbacks for ecc sign/verify, examples 2013-08-22 18:19:39 -07:00
toddouska
bc958f5798 C comments only 2013-08-22 10:35:46 -07:00
John Safranek
64ba0587a3 Merge branch 'master' of github.com:cyassl/cyassl 2013-08-21 22:42:15 -07:00
John Safranek
957cf90118 Added function to read certificate from file into CYASSL_X509 buffer. 2013-08-21 22:36:43 -07:00
toddouska
54a2f8b9aa add useratomic DecryptVerify Callbacks, example 2013-08-21 16:55:34 -07:00
John Safranek
9f07a7dd2b modified SEP X509 functions to behave like the NAME_oneline function 2013-08-20 16:47:38 -07:00
John Safranek
442886a207 Added x509 accessors for the SEP build certificate additions. 2013-08-17 09:01:15 -07:00
toddouska
65f0e9f6b9 add atomic user macencrypt cb 2013-08-09 17:27:15 -07:00
toddouska
3378f8f25e add DTLS cookie ctx geter 2013-08-06 15:06:33 -07:00
toddouska
5c5cee0789 use external CYASSL_MAX_ERROR_SZ for buffer size 2013-08-06 11:48:00 -07:00
John Safranek
831d9cf640 SEP Profile 
1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
   a CYASSL_SESSION record.
 2013-08-02 16:03:41 -07:00
toddouska
3b4ff94931 add paramter validation to SSL I/O calls 2013-08-02 12:12:51 -07:00
John Safranek
1357cdb0e4 SEP Profile 
1. Add session cache index to CYASSL structure.
2. Add accessor for cache index in CYASSL structure.
3. Add copy function for session cache item.
 2013-07-28 17:11:22 -07:00
Moisés Guimarães
55401c13dd Truncated HMAC first part (protocol). Extension processing will be coded later. 2013-07-23 15:42:43 -03:00
toddouska
14b100fee6 fix savecert with no_skid, gcc warnings 2013-07-22 14:30:35 -07:00
toddouska
37a9a7a457 add IOCb Ctx getters 2013-07-22 11:01:00 -07:00
toddouska
705aa0f453 fix user malloc define w/ opensslextra 2013-07-05 09:42:49 -07:00
John Safranek
226f018829 Fixed memory leak of http buffer in OCSP lookup. 2013-07-02 17:35:30 -07:00
Moisés Guimarães
593e466a44 limiting max_fragment API for client side only. 2013-07-01 10:13:43 -03:00
toddouska
307c71d9cb add CyaSSL_UnloadCertsKeys to free SSL certs and keys after handshake 2013-06-27 10:26:04 -07:00
John Safranek
773d0da1bc Fixed issue with the DTLS EmbedReceiveFrom() callback using IPv6. 2013-06-26 17:40:21 -07:00
John Safranek
29b32e582a DTLS IPv6 Hello Cookie Update 
1. Add support for IPv6 addresses when calculating DTLS Cookie.
2. Simplify cookie calculation.
 2013-06-26 16:32:01 -07:00
toddouska
60c2388ae7 fix potential NetX packet memory leak 2013-06-26 11:03:54 -07:00
toddouska
87eb94b7c4 Merge branch 'master' of github.com:cyassl/cyassl 2013-06-24 14:02:40 -07:00
toddouska
b51d6f3b8f add NetX default IO context handling 2013-06-24 14:00:48 -07:00
John Safranek
0c34ecb451 OCSP Updates 
1. Add option to example server and client to check the OCSP responder.
2. Add option to example server and client to override the URL to use
   when checking the OCSP responder.
3. Copy the certificate serial number correctly into OCSP request.
   Add leading zero only if MS bit is set.
4. Fix responder address used when Auth Info extension is present.
5. Update EmbedOcspLookup callback to better handle the HTTP
   response and obtain the complete OCSP response.
 2013-06-24 10:47:24 -07:00
John Safranek
17ab84eb07 Update call to DoAlert() 
When handling the alerts, the return code wasn't checked for error codes. A corrupted alert message could cause a control flow issue.
 2013-06-19 15:01:13 -07:00
Moisés Guimarães
25e910a0a9 max fragment length tests and fixes 2013-06-19 16:38:57 -03:00
Moisés Guimarães
5f3ee80407 added: 
- max fragment length extension;
 - CyaSSL_SNI_GetRequest() to get client's request at server side;
 - Automated tests for SNI;
 2013-06-19 15:45:06 -03:00
toddouska
d02af46256 windows build warning fixes 2013-06-17 12:26:21 -07:00
toddouska
8c70b11528 add newSession flag to SetServerID to do full handshake w/ new session 2013-06-14 15:29:18 -07:00
toddouska
7f7c595d10 differentiate between THREADX and RTP_SYS 2013-06-14 13:45:25 -07:00
toddouska
9559f09028 warning fixes 2013-06-13 12:13:46 -07:00
John Safranek
b40c2c0b1f Fixed issue with no_server/no_client optional compile losing two functions 2013-06-06 21:59:05 +02:00
Moisés Guimarães
f1d1898ddf Added new option to SNI: CYASSL_SNI_ANSWER_ON_MISMATCH 
Added new function to SNI API: CyaSSL_SNI_Matched()
 2013-06-03 17:55:06 -03:00
Moisés Guimarães
cb2082edee changed CYASSL_SNI_ABORT_ON_MISMATCH to CYASSL_SNI_CONTINUE_ON_MISMATCH 2013-06-03 10:04:49 -03:00
John Safranek
ebd03368c7 for DTLS handshakes, put change cipher spec and finished messages in same datagram 2013-05-31 13:48:49 -07:00
Moisés Guimarães
79fad81c32 shrinking function names 2013-05-30 15:40:10 -03:00
Moisés Guimarães
5c665fe614 Added options to SNI (now it is possible to choose whether or not to abort on a SNI Host Name mismatch) 
Exposed SNI Type at ssl.h
 2013-05-30 15:26:41 -03:00
Jasper Spaans
2b59554245 fix cipherSuite0 byte in sniffer, so ECC is recognised correctly. 2013-05-28 10:56:13 +02:00
John Safranek
9753e46721 minor OCSP update 
1. When doing the HTTP transaction, use recv() and send().
2. When a cert doesn't have an Auth Info extension, and not using
   an override server, it is considered good.
3. decode_url() should return -1 in case of error.
4. When decoding HTTP response, process all the headers, skipping all
   of those that are not-processed.
 2013-05-24 17:23:07 -07:00
Moisés Guimarães
2030bab8d8 fixed shift, cast and name for extensions semaphore. 2013-05-23 17:02:39 -03:00
John Safranek
4ed2cf4b6e Earlier DTLS transmit patch, moved local variable definition to top of block 2013-05-22 18:36:13 -07:00
John Safranek
acaa2c02bf Fixed unencrypted TLS alerts having extra data, ssn12 2013-05-21 18:21:22 -07:00
John Safranek
80225e58aa updated the formatting from the patch 2013-05-21 17:39:11 -07:00
John Safranek
c325436712 Merge branch 'master' of git://github.com/JonasNorling/cyassl into JonasNorling-master 2013-05-21 17:27:11 -07:00
John Safranek
abed4cf669 Fix DTLS server memory leak, ssn11 2013-05-21 16:21:49 -07:00
toddouska
d2003bb8b7 merge in sni 2013-05-21 14:37:50 -07:00
John Safranek
b347df8d9a DTLS rx size check, ssn10 
Allows for receiving datagrams larger than the MTU that are reassembled
by the IP stack.
 2013-05-21 13:52:22 -07:00
toddouska
fd5937b599 MDK-ARM updates 2013-05-20 17:56:27 -07:00
toddouska
10e6e7fbb5 check error_string_n size and truncate if too short 2013-05-20 10:36:06 -07:00
toddouska
8f5e98486f fix MPLAB X windows warnings 2013-05-17 11:13:47 -07:00
Chris Conlon
a4c6ed0dda add support for Microchip TCP/IP 6.0 beta 2013-05-17 10:59:18 -06:00
toddouska
dcf88daae7 fix KEIL warnings 2013-05-17 09:49:46 -07:00
Jonas Norling
2051ee49b7 Increment record layer sequence number when retransmitting DTLS packets (as per the RFC). Send the Finished message in the next epoch, but don't commit to using the next epoch until the other end indicates that the CCS message has been received. 
Tested against an OpenSSL server, this change makes it a bit happier.
 2013-05-17 16:47:55 +02:00
John Safranek
05f11c4bca DTLS Finished send duplication 
1. Only add the encrypted Finished message to DTLS retransmit pool.
2. Don't increment the epoch or sequence number when retransmitting.
 2013-05-15 10:31:42 -07:00
John Safranek
ac716c96d3 Output buffer size check when sending transmit pool. 
1. Added a call to CheckAvailableSize() when sending the DTLS transmit pool.
2. Rename CheckAvailableSize().
 2013-05-13 12:32:47 -07:00
Chris Conlon
2a741ba469 Merge branch 'master' of github.com:cyassl/cyassl 2013-05-10 17:34:32 -06:00
Chris Conlon
f5c3458795 fix typos 2013-05-10 17:31:50 -06:00
toddouska
61bf080290 fix serverhello extensions idx bug 2013-05-10 15:52:32 -07:00
toddouska
07407bbdaa rename sniffer bornOn to lastUsed to reflect new usage 2013-05-09 17:58:48 -07:00
toddouska
712b3dd17c remove some not compiled ins 2013-05-09 15:33:37 -07:00
toddouska
8f0b695249 fix leanpsk build with keep cert / session cert 2013-05-09 15:29:25 -07:00
toddouska
83b96d748e external API use SSL_FATAL_ERROR instead of -1 cases 2013-05-09 13:17:07 -07:00
toddouska
ca4b2b3f90 keep sniffer sessions alive as used, and prevent remove stale from removing active ones 2013-05-09 11:48:02 -07:00
Chris Conlon
f4c379cb96 minor typo fix 2013-05-09 11:23:07 -06:00
toddouska
47b468d14f add dtls recv timeout max user setting too 2013-05-08 12:49:55 -07:00
toddouska
8cb5f6d5d4 add user setting for dtls recv timeout init value 2013-05-07 16:14:26 -07:00
toddouska
9c9c59cec3 update sevrver session cert w/ old client hello too 2013-05-06 18:11:14 -07:00
John Safranek
9505f92bd1 restore session certs when resuming session 2013-05-06 17:25:50 -07:00
toddouska
018d1684c9 add camellia to sniffer 2013-05-06 15:37:58 -07:00
toddouska
fa35353e75 cleaup memsave cert cache 2013-05-02 12:23:49 -07:00
toddouska
a0c630b4ee add cert cache persistence 2013-05-02 11:34:26 -07:00
toddouska
5104f4ea7a fix typos 2013-04-29 20:17:43 -07:00
toddouska
1e6119bb0d always try most recent used session on row first for match 2013-04-29 20:08:21 -07:00
toddouska
8c1310e376 fix mem save/restore size with clientcache 2013-04-29 16:56:30 -07:00
toddouska
aebd926472 better endif ids 2013-04-29 14:52:28 -07:00
toddouska
8e64f9903d fix typos 2013-04-29 14:48:03 -07:00
toddouska
5a1886656a Merge branch 'master' of github.com:cyassl/cyassl 2013-04-29 14:23:22 -07:00
toddouska
5c4fdb30ad add client session table lookup based on serverID, use CyaSSL_SetServerID to set/store with serverid 2013-04-29 14:22:32 -07:00
John Safranek
87048698e5 use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes. 2013-04-29 12:08:16 -07:00
toddouska
411a096b2b add memory versions of session cache save/restore 2013-04-25 17:23:58 -07:00
toddouska
05dd84598b turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11 2013-04-25 15:36:33 -07:00
toddouska
9dbf6a5e10 fix Signer hash size w/o SHA, fix GetCA caList b4 lock 2013-04-25 14:47:09 -07:00
toddouska
98b7ed9d47 more consistent SSL_SUCCESS for external SSL() returns 2013-04-25 11:36:38 -07:00
toddouska
942480e6ba fix save cache file problem, version id, and match cache separarte error 2013-04-24 14:17:50 -07:00
toddouska
477129b53e fix conversion warning 2013-04-24 13:35:28 -07:00
toddouska
158029752c only reset session cache with lock 2013-04-24 11:20:54 -07:00
toddouska
956ac08cab add persistent session cache, ssn9 2013-04-24 11:10:23 -07:00
toddouska
65913b0d6c error out earlier in get_chain_X509 2013-04-23 13:21:00 -07:00
toddouska
bad1c32df2 add session cert conversion to x509, and free x509 for dynamic variety 2013-04-23 11:50:06 -07:00
toddouska
4491de3b77 add UnloadCAs ability for CTX or CertManager 2013-04-22 13:18:08 -07:00
toddouska
8c0ee8a6f7 make sure all external APIs at SSL level return SSL_SUCCESS instead of sometimes 0 from old CyaSSL API 2013-04-22 12:43:57 -07:00
toddouska
11d81b86de change windows low res timer return 2013-04-22 10:52:38 -07:00
toddouska
d665e16bd8 add user ctx to verify callback with CyaSSL_SetCertCbCtx 2013-04-18 10:37:10 -07:00
toddouska
729fc1e603 add discardSessionCerts flag for verify callback 2013-04-18 09:11:35 -07:00
toddouska
e38b4d5868 free CyaSSL CTX count mutex 2013-04-17 13:25:02 -07:00
toddouska
dafcd8782a add altnames check to domain match 2013-04-17 09:37:57 -07:00
toddouska
d50b388a33 add wildcard check to domain name match 2013-04-17 09:07:26 -07:00
John Safranek
fe13b4b6c6 moved and renamed the CBIO error codes so they are publically available 2013-04-16 12:32:55 -07:00
toddouska
7c003c5755 add sanity check on cleanup for possible no init 2013-04-12 17:07:00 -07:00
toddouska
97e0ec073f make sure all lib proper *.c files have config.h then settings.h then checks for defines in case user using settings.h for lib config 2013-04-10 11:04:29 -07:00
toddouska
185331f007 fix shadow on decl 2013-04-10 10:24:33 -07:00
Chris Conlon
27d6c727e0 add MICROCHIP_TCPIP 2013-04-10 09:16:11 -06:00
John Safranek
e98193000a KEEP_PEER_CERT includes the function CyaSSL_X509_get_subjectCN 2013-04-09 09:45:25 -07:00
John Safranek
b0dca8ea69 updated SHOW_SIZES, opionally adds sizes as available, added flag to example client to print sizes 2013-04-08 16:01:52 -07:00
John Safranek
9b0ffa0249 brought CYASSL_CALLBACK code up to current standard 2013-04-08 15:34:54 -07:00
John Safranek
786e4d9462 fixed leak of method when ctx malloc fails; implemented get_shutdown 2013-04-03 16:35:19 -07:00
John Safranek
217254b533 check CBIOCookie for NULL before trying to call it 2013-04-02 16:36:07 -07:00
toddouska
1224d3d907 Merge branch 'master' of github.com:cyassl/cyassl 2013-04-01 15:52:23 -07:00
toddouska
0005b4cbe4 move pthread flags/libs to autoconf defines so available to library proper and external tests/examples 2013-04-01 15:50:13 -07:00
John Safranek
e9bc868dbb AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks 2013-04-01 14:25:20 -07:00
John Safranek
9975d1d675 Merge branch 'master' of github.com:cyassl/cyassl 2013-04-01 13:39:09 -07:00
John Safranek
44352b5673 don't return closed alert if peer sends fatal alert; respond to closed alert with closed alert 2013-04-01 13:37:25 -07:00
toddouska
4b90474581 move CM VerifyBuffer out of no filesystem 2013-04-01 11:59:17 -07:00
John Safranek
a572967017 when checking for DTLS, only need to compare against major version 2013-03-28 13:28:12 -07:00
toddouska
f396de1191 add DTLS support for alignment 2013-03-27 16:58:27 -07:00
toddouska
82e3c00075 add CYASSL_GENERAL_ALIGNMENT detection and setting for TLS alignment attempt 2013-03-27 15:11:49 -07:00
toddouska
6d8246e98c fix scan-build 272 warnings 2013-03-27 12:32:22 -07:00
toddouska
7d82bec7fc do rabbit/hc128 alignment at crypto layer for non intel 2013-03-26 18:16:15 -07:00
toddouska
14b4bb3b0f change rabbit and hc128 to return values for key and process, will add error rets for alignment issues 2013-03-26 14:42:09 -07:00
toddouska
f601b7bfda move aesni cbc encrypt align check down to crypto layer 2013-03-26 14:13:01 -07:00
toddouska
6bc7ba1592 change AesCBC end/dec to return status, will add failure cases with align checks 2013-03-26 12:36:39 -07:00
toddouska
8e53c7a62e fix inline type spot 2013-03-25 11:50:15 -07:00
toddouska
9d77ca744f fix C++ cast problem on make_eap 2013-03-24 13:06:22 -07:00
John Safranek
436a51a0d7 Merge branch 'ccm' 2013-03-22 17:29:30 -07:00
John Safranek
f65f86bb88 improvements to CCM, ssn6 2013-03-22 11:30:12 -07:00
toddouska
d6deb690e6 Merge branch 'master' into blake2 2013-03-22 10:20:01 -07:00
John Safranek
692dc09d10 Merge branch 'compress' 2013-03-20 10:05:49 -07:00
toddouska
f878dbcef2 fix ecc key load w/ no rsa, ssn5 2013-03-20 09:18:05 -07:00
toddouska
0f8111fc77 zero out psk keys asap, ssn4 2013-03-20 09:12:00 -07:00
John Safranek
e8b9651075 hid the internal compress functions from the cryptlib versions 2013-03-19 16:44:50 -07:00
John Safranek
fc928e7725 added stubs and a test for ctaocrypt compress 2013-03-19 16:25:58 -07:00
toddouska
4f9e915bc1 add KEEP_PEER_CERT flag for non opensslextra peer cert storage, ssn3 2013-03-19 12:18:52 -07:00
toddouska
31b03c8a2d dtls defaults to no static buffers now, fix valgrind errors with dtls 2013-03-15 14:21:36 -07:00
toddouska
4e99c7ac99 check TRUE/FALSE and move after all includes in ssl.c 2013-03-14 09:34:29 -07:00
toddouska
bb103561ae fix non DTLS USER_IO cb 2013-03-14 09:16:47 -07:00
toddouska
2e980423ec hash session IDs since some aren't random afterall 2013-03-13 17:19:36 -07:00
toddouska
e515638503 make EmbedGenerateCookie a callback, USER_IO can install their own or default to ours 2013-03-13 16:41:50 -07:00
toddouska
129de03da0 switch --enable-noInline to enable/disable-inline to match all others 2013-03-13 12:25:34 -07:00
toddouska
0a63898f5b make sure stat uses full path for REG check 2013-03-13 11:17:14 -07:00
toddouska
11ffca451a make readdir file type check more generic 2013-03-12 16:21:07 -07:00
toddouska
ec0a4d45cb add --enable-memory, build, disable runtime memory cbs, check leanpsk 2013-03-12 13:31:14 -07:00
toddouska
4774f1b285 add --enable-coding, build, leanpsk check 2013-03-12 13:12:10 -07:00
toddouska
e8ce0b7f51 add --enable-dh, build, checks w/o asn 2013-03-12 13:03:42 -07:00
toddouska
9a1b32d830 add --enable-asn, build, and checks for rsa / psk w/o asn 2013-03-12 12:48:41 -07:00
toddouska
6773287895 add --enable-des3 and build, no strnstr in tests 2013-03-12 09:46:15 -07:00
toddouska
1628b6f83f add --enable-sha and build, disables examples for now since certs still use sha, when add --disable-certs add more thorough check 2013-03-11 17:53:38 -07:00
toddouska
7914938e60 --enable-md5 and build, needs NO_OLD_TLS, suite test version check 2013-03-11 17:37:08 -07:00
toddouska
894a35a0f2 add --enable-arc4 and build 2013-03-11 17:13:24 -07:00
toddouska
5a0d108cd9 add --enable-aes and build 2013-03-11 17:07:37 -07:00
toddouska
f232ff84b4 add --enable-pwdbased and build, opensslextra needs 2013-03-11 17:01:05 -07:00
toddouska
7719cd9faa add --enable-dsa 2013-03-11 16:39:06 -07:00
toddouska
2ab409df96 add --enable-md4 2013-03-11 16:26:08 -07:00
toddouska
49e62f0858 fix general NO_SHA NO_ASN NO_CERTS NO_SESSION_CACHE builds/examples 2013-03-11 16:07:46 -07:00
toddouska
87ad65d33f add --disable-rsa, bump dev version 2013-03-11 12:49:59 -07:00
toddouska
9210395c57 init alert history state 2013-03-11 12:28:17 -07:00
John Safranek
ec3d060691 fixed a cygwin bug for the build test. recv() was returning an unexpected error code for non-blocking sockets. 2013-03-08 18:09:52 -08:00
John Safranek
20e4889092 Merge branch 'dtls' 
Conflicts:
	src/ssl.c
 2013-03-08 17:45:35 -08:00
toddouska
01a5368ffc rest of ECC no error strings for cipher names 2013-03-08 12:11:49 -08:00
John Safranek
43ed4a7424 added test cases and fixed a bug with AEAD ciphers with DTLSv1.2. 2013-03-07 22:52:51 -08:00
toddouska
6b3a80366f NO_RSA with ecc build fixes 2013-03-07 18:10:18 -08:00
toddouska
85b3346bbf NO_RSA build, cipher suite tests need work for this build optoin, ssn2 2013-03-07 17:44:40 -08:00
toddouska
23d6c70d3e allow for extra bytes in sig encoding for conforming signed big int, patch ssn1 2013-03-07 10:47:01 -08:00
John Safranek
591e1fc772 DTLSv1.2, fixed DTLS socket timeout 2013-03-06 23:02:33 -08:00
John Safranek
49e67487e7 Merge branch 'master' of github.com:cyassl/cyassl 2013-03-04 17:16:32 -08:00
John Safranek
b9ab09a5a6 added test cases for SHA-256 cipher suites, fixed a bug in ECDH-RSA-AES128-SHA256 picking 2013-03-04 16:16:34 -08:00
John Safranek
d52fe96063 added AES-CBC-SHA256 and SHA384 cipher suites. 2013-03-04 13:25:46 -08:00
toddouska
12371d1c3b fix windows build warnings 2013-03-04 12:18:21 -08:00
toddouska
3319ed9921 Merge branch 'master' into blake2 2013-02-28 16:50:45 -08:00
toddouska
cc9ac1846d fix ecc w/ no rsa send cert verify and server flag for missing cert verify 2013-02-26 22:24:34 -08:00
toddouska
b397f89b27 better inits for sniffer use 2013-02-26 09:00:46 -08:00
toddouska
f3a16e56c7 help static analysis 2013-02-25 10:47:55 -08:00
toddouska
4fe2a1ec42 fix sigAlgo unused-but-set gcc 4.6 warning 2013-02-25 10:42:51 -08:00
toddouska
48303918c2 Merge branch 'master' into blake2 2013-02-22 15:22:02 -08:00
John Safranek
88ba790930 added an additional failure case log output to InitSSL() for the RNG initialize failing 2013-02-22 09:51:07 -08:00
John Safranek
6ff39cffe4 Merge branch 'dtls' 
Conflicts:
	cyassl/ctaocrypt/types.h
 2013-02-20 17:08:22 -08:00
toddouska
b2b45d3f4a sb fixes for crl and ocsp 2013-02-20 15:26:22 -08:00
John Safranek
ffc67892a4 allow for 0 length handshake messages, still need to store the message header 2013-02-20 10:43:50 -08:00
John Safranek
598043dd6f drains the DTLS message store once an in-order message is received. 2013-02-20 09:28:09 -08:00
John Safranek
2c1ed7c11c removed old defragmentation code. fixed new defragment code. 2013-02-20 08:35:33 -08:00
John Safranek
bdadeab342 added storing of out-of-order and fragmented message, missing processing of the stored list 2013-02-19 16:06:02 -08:00
toddouska
07baa27b20 fix scan build for fastmath, dtls, ecc, psk, sha512 2013-02-19 12:53:58 -08:00
John Safranek
116f2403d0 updated the list for storing out of order messages 2013-02-19 12:51:02 -08:00
John Safranek
7e29b8d2a6 Merge branch 'master' of github.com:cyassl/cyassl 2013-02-18 15:20:25 -08:00
toddouska
59af8944cb fix opensslextra sb issue 2013-02-18 15:11:33 -08:00
John Safranek
87cad7a966 merge branch tls12 into master 2013-02-18 14:36:50 -08:00
John Safranek
0acd8f0670 added sig_algo for rsa for missing cases in SetCipherSpecs() 2013-02-15 12:16:19 -08:00
toddouska
dfa1553548 3rd scan build fixes 2013-02-14 16:23:48 -08:00
toddouska
9ea3371079 2nd round scan build 2013-02-14 16:00:45 -08:00
toddouska
62ef5de25c scan build fixes 2013-02-14 14:09:41 -08:00
John Safranek
982b72796e added list for DTLS handshake datagram reordering 2013-02-07 11:26:02 -08:00
toddouska
44e0d7543c change copyright name with name change 2013-02-05 12:44:17 -08:00
Joakim Soderberg
834ebe5bd8 BUGFIX: Fixed segmentation fault on CyaSSL_BIO_free(). 
In CyaSSL_BIO_new_socket() bio->mem is never initialized. This will cause freeing of unallocated memory in CyaSSL_BIO_free:

if (bio->mem)
  XFREE(bio->mem, 0, DYNAMIC_TYPE_OPENSSL);

since bio->mem is not NULL, resulting in a crash.
 2013-02-05 11:22:36 +00:00
toddouska
f4f13371f9 update copyright date 2013-02-04 14:51:41 -08:00
toddouska
36f62a5707 fix CyaSSL_write memory error return, bump dev version 2013-02-04 14:11:20 -08:00
toddouska
543d81ba97 release 2.5.0 2013-02-04 13:11:21 -08:00
Todd Ouska
24e22d4b6e add cavium notes and free ssl cavium ciphers 2013-02-01 16:26:42 -08:00
Todd Ouska
44b6593fe5 add cavium ciphers to SSL, and example client 2013-02-01 12:21:38 -08:00
Todd Ouska
a361f5c4bf initial cavium, crypto only, no rsa 2013-01-29 16:22:49 -08:00
toddouska
ef644d4de0 fix libz warning 2013-01-25 13:06:44 -08:00
John Safranek
b17b81ef43 added sanity check on return from recv callback 2013-01-24 14:44:08 -08:00
John Safranek
6616975f81 added AES-CCM-8 ECC cipher suites, and more test cases 2013-01-21 15:19:45 -08:00
John Safranek
0e3a093cc5 renamed the Camellia cipher suites, dropped CBC and RSA from the strings 2013-01-21 11:10:11 -08:00
toddouska
9f77aea1f8 Merge branch 'master' into blake2 2013-01-21 10:56:46 -08:00
John Safranek
a453ccba57 Added TLS support for Camellia 2013-01-21 10:53:42 -08:00
John Safranek
425d418dee added stubs, tests, and benchmark for Camellia to ctaocrypt 2013-01-17 21:52:31 -08:00
toddouska
fe0772bcbf Merge branch 'master' into blake2 2013-01-17 16:08:47 -08:00
John Safranek
3f77a2c8c9 fixed bug where alerts sent during DTLS handshaking are malformed. check for out of order Server Hello Done during DTLS 2013-01-16 17:25:20 -08:00
John Safranek
ccff37f4b1 added TLS support for AES-CCM-8 2013-01-15 15:20:30 -08:00
John Safranek
eb221238c2 separated TLS-AEAD and AES-GCM so TLS-AEAD can also use AES-CCM 2013-01-14 15:59:53 -08:00
toddouska
51c56051fb use dynamic buffer for AES-NI encrypt 2013-01-07 14:11:52 -08:00
toddouska
eeb11a6e51 fix rabbit and hc128 CTaoCrypt test buffers for aligned access only, allow TLS on intel w/o aligned stream buffers, otherwise align 2013-01-07 14:06:58 -08:00
John Safranek
f756573401 Merge branch 'ocsp-test' 2013-01-04 14:11:47 -08:00
John Safranek
ac885c40f0 fix a memory leak when OCSP lookup fails 2013-01-04 13:13:20 -08:00
John Safranek
3b6ba7935d default ocsp lookup callback returns an error if unable to connect to a responder 2013-01-04 10:34:29 -08:00
John Safranek
a695599667 bug fix in default ocsp lookup function 2013-01-03 17:58:45 -08:00
John Safranek
ac227910f1 modify OCSP to use a replacable callback to perform the OCSP transaction 2013-01-03 17:19:56 -08:00
toddouska
53e4c2ed72 fix pvs studio warnings 2013-01-02 11:39:12 -08:00
toddouska
0c363a17f1 init blake2 2012-12-31 13:10:47 -08:00
toddouska
acb3e446ab typo 2012-12-29 13:33:13 -08:00
toddouska
27a7cf609b only do Init once per compression rounds 2012-12-29 13:30:23 -08:00
toddouska
3d88d8851a sslv3 may have bad padding, can't verify 2012-12-29 13:11:31 -08:00
toddouska
640a0cb0e3 fix stream hmac check on multi data 2012-12-28 18:55:18 -08:00
toddouska
4c453d4d69 have server side reply unexpected_message for hello_request 2012-12-28 14:36:19 -08:00
toddouska
f073f49ead make sure handshake complete before sending encrypted alert 2012-12-28 14:29:15 -08:00
toddouska
6d3728fe61 fix ripemd compression round 2012-12-28 14:19:28 -08:00
toddouska
23ff36075b check RSA explicit size 2012-12-28 12:28:25 -08:00
toddouska
09ea7169d7 use exisiting dummy data for compression round 2012-12-28 11:48:30 -08:00
John Safranek
7ac6a21af5 updated comment for aead in SanityCheckCipherText() 2012-12-27 19:51:06 -08:00
toddouska
561906cffd Merge branch 'master' of github.com:cyassl/cyassl 2012-12-27 16:36:48 -08:00
toddouska
f0bc61a5d3 add more robust pad/verify checks 2012-12-27 16:35:43 -08:00
John Safranek
e70838e984 Merge branch 'ecc' 2012-12-27 11:41:20 -08:00
John Safranek
581f91b984 Merge branch 'master' of github.com:cyassl/cyassl 2012-12-27 11:40:17 -08:00
Chris Conlon
60f4919ee6 add STM32 to README 2012-12-27 10:16:08 -07:00
Chris Conlon
254d53bb18 add CYASSL_STM32F2 define, LwIP errno.h 2012-12-27 10:06:29 -07:00
John Safranek
cf114b92df made the ecc keys in the CYASSL struct dynamic 2012-12-26 16:39:19 -08:00
John Safranek
6913a46331 Merge branch 'master' of github.com:cyassl/cyassl 2012-12-26 10:40:28 -08:00
toddouska
59419bef89 non block type ciphertext sanity checks 2012-12-26 10:11:15 -08:00
John Safranek
5bc976ee0f free ecc keys at the end of handshaking 2012-12-26 09:49:53 -08:00
toddouska
9c58f70e29 add ciphertext size sanity checks 2012-12-24 15:40:09 -08:00
John Safranek
831c760edc Merge branch 'ocsp' 
Fixes some bugs in the ocsp code, and adds a new option to skip nonces.
 2012-12-20 16:26:49 -08:00
John Safranek
51787db76b changed ocsp lookup to use dynamic mem for request rather than stack 2012-12-19 18:09:05 -08:00
John Safranek
4e657debfc added the ability to disable OCSP nonces 2012-12-19 10:18:11 -08:00
John Safranek
b36bc55197 Merge branch 'ocsp' 2012-12-17 22:23:31 -08:00
John Safranek
359e86adf6 1. When OCSP and CRL enabled, checks CRL if unable to contact OCSP responder 
and OCSP was enabled.
2. Fixed a couple string typos.
3. Only check OCSP if cert successfully parsed.
 2012-12-17 22:19:20 -08:00
toddouska
b25061844c remove hmac array initializers to 0 when non full because of reported compiler weirdness from user 2012-12-14 16:47:03 -08:00
toddouska
0e67cd17d6 clang opensslExtra fix 2012-12-12 20:04:10 -08:00
toddouska
726d686b07 fix clang scan-build problems 2012-12-12 18:03:32 -08:00
John Safranek
977ff51ad5 Merge branch 'master' of github.com:cyassl/cyassl 2012-12-12 09:42:21 -08:00
John Safranek
ac1890922b removed unused variable from lookup cert 2012-12-12 08:53:51 -08:00
toddouska
7e8438b7b4 fix pvs studio warnings 2012-12-11 11:33:49 -08:00
John Safranek
e925fbdbd6 check correct pointer before freeing when done looking up cert 2012-12-07 15:49:43 -08:00
toddouska
5ecca5a89d user no longer has to call CyaSSL_Init 2012-12-06 09:26:59 -08:00
toddouska
067f10ae8e add enable-valgrind 2012-12-04 21:28:18 -08:00
John Safranek
8c97675979 Lean PSK trimming 
1. leave out memory and io callback functions, expect user supplied
2. leave out cert and DTLS related functions
3. SHA-1 compile option to use slower, rolled-up transform
 2012-11-30 15:45:43 -08:00
toddouska
6e4d33eb00 move ProtocolVersion struct members directly into RecordLayerHeader 2012-11-28 16:34:41 -08:00
toddouska
6280aa9c91 make sure converted errors are handled by string output 2012-11-28 11:54:25 -08:00
John Safranek
77bf77dfd7 Merge branch 'master' of github.com:cyassl/cyassl 2012-11-27 22:19:01 -08:00
John Safranek
66a3ce2ec1 added SHA-256 based RNG when setting NO_RC4 compile flag 2012-11-27 22:17:25 -08:00
toddouska
4af555b502 unused no_session_cache fix 2012-11-27 15:39:40 -08:00
toddouska
faa7283ff3 fix crl resource leaks 2012-11-27 11:36:36 -08:00
John Safranek
f8f7f69f48 compile option to leave out MD5 and SSL code 2012-11-26 18:40:43 -08:00
John Safranek
78c1d592cc Merge branch 'master' of github.com:cyassl/cyassl 2012-11-20 14:54:59 -08:00
John Safranek
a89398fdbc added the cipher suites PSK-NULL-SHA256 and PSK-AES128-CBC-SHA256 2012-11-20 14:52:17 -08:00
toddouska
da386691a1 allow no end of line on last line of PEMs 2012-11-20 12:45:24 -08:00