WolfSSL
/
wolfssl
mirror of https://github.com/wolfSSL/wolfssl.git
1
0
Fork 0
Code Issues Releases Wiki Activity
5,252 Commits
27 Branches
168 Tags
358 MiB
Commit Graph

289 Commits (e98a0465ae8c333485a2c99cb4a5e39e1ded2cd1)

Author SHA1 Message Date
JacobBarthelmeh 7cb65d8b3d asthetics 2014-07-17 15:33:48 -06:00
JacobBarthelmeh b77a1fdbbb refactoring 2014-07-17 15:00:40 -06:00
JacobBarthelmeh 7eb8f571ed reverse compatibility 2014-07-16 14:55:38 -06:00
JacobBarthelmeh e62fbdd49f added ECDSA and DHE_RSA support for chacha-poly 2014-07-10 16:35:56 -06:00
JacobBarthelmeh c322cb05ad uses most recent version of cyassl 2014-07-10 11:18:49 -06:00
JacobBarthelmeh fb25db9c28 progress on suite 2014-07-09 15:48:40 -06:00
toddouska 61e989ed99 Merge branch 'master' into ti 2014-07-03 11:34:15 -07:00
toddouska 2d63c559cc dh now disabled by default but can be enabled w/o opensslextra 2014-07-03 11:32:24 -07:00
JacobBarthelmeh 5bf411f345 progress on suite 2014-07-01 14:16:44 -06:00
toddouska 1122f2a399 master merge resolve 2014-07-01 11:58:33 -07:00
toddouska c957e9a909 make default I/O callbacks external for user to base/wrap if desired 2014-07-01 09:27:31 -07:00
toddouska f2de04ae46 Merge branch 'master' into ti 2014-06-26 08:57:35 -06:00
Moisés Guimarães 9339d7d5b1 add support to TLS extensions in DTLS 2014-06-25 13:26:42 -03:00
toddouska a6ea32461d Merge branch 'master' into ti 2014-06-20 14:48:53 -07:00
toddouska e6d9151f47 add user cert chain functionality at SSL level instead of just CTX 2014-06-20 10:49:21 -07:00
toddouska a319354e92 Merge branch 'master' into ti 2014-06-20 09:24:11 -07:00
toddouska 6371b3c262 send ecdsa_sign for client cert request type is sig algo ecdsa 2014-06-20 09:22:40 -07:00
toddouska 9a180b0ec8 Merge branch 'master' into ti 2014-06-16 11:05:20 -07:00
John Safranek 33fb679334 fix small config bug between AES-GCM and AES-CCM 2014-06-15 13:59:33 -07:00
toddouska a920795665 Merge branch 'master' into ti 2014-05-30 16:57:15 -07:00
John Safranek b60a61fa94 DHE-PSK cipher suites 
1. fixed the AES-CCM-16 suites
2. added DHE-PSK as a key-exchange algorithm type
3. Added infrastructure for new suites:
 * TLS_DHE_PSK_WITH_AES_128_GCM_SHA256
 * TLS_DHE_PSK_WITH_AES_256_GCM_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CBC_SHA256
 * TLS_DHE_PSK_WITH_AES_256_CBC_SHA384
 * TLS_DHE_PSK_WITH_NULL_SHA256
 * TLS_DHE_PSK_WITH_NULL_SHA384
 * TLS_DHE_PSK_WITH_AES_128_CCM
 * TLS_DHE_PSK_WITH_AES_256_CCM
4. added test cases for new suites
5. set DHE parameters on test server when using PSK and a custom cipher
suite list
6. updated half premaster key size
 2014-05-30 11:26:48 -07:00
toddouska e373b083bf Merge branch 'master' into ti 2014-05-20 14:33:14 -07:00
John Safranek 12841e6093 fix integration bugs with new suites 2014-05-20 14:07:08 -07:00
John Safranek 74712b4e71 1. Added the following cipher suites: 
* TLS_PSK_WITH_AES_128_GCM_SHA256
 * TLS_PSK_WITH_AES_256_GCM_SHA384
 * TLS_PSK_WITH_AES_256_CBC_SHA384
 * TLS_PSK_WITH_NULL_SHA384
2. Fixed CyaSSL_CIPHER_get_name() for AES-CCM cipher suites.
 2014-05-19 21:44:04 -07:00
Vikram Adiga 5146f3dd94 Initial commit of CyaSSL port for TI-RTOS 2014-05-08 15:50:55 -07:00
toddouska 5ff0336491 add custom kqueue event for crl monitor shutdown 2014-05-01 09:28:33 -07:00
Chris Conlon be65f5d518 update FSF address, wolfSSL copyright 2014-04-11 15:58:58 -06:00
toddouska 5de34bf987 add client suite verify, detect mismatch early 2014-04-10 14:11:30 -07:00
toddouska a44fb0596a update ecc ccm8 suites to approved cipher suite numbers 2014-04-10 13:18:31 -07:00
Chris Conlon e84487d121 fix SHA384 define 2014-04-07 10:29:16 -06:00
toddouska 05b132ce1c HMAC fips mode 2014-03-27 15:43:54 -07:00
toddouska b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska 3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
toddouska fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska 4ac70de055 Merge branch 'master' of github.com:cyassl/cyassl 2014-03-13 18:56:07 -07:00
toddouska b56ecd1842 add enable-iopool , simple I/O pool example using memory overrides 2014-03-13 18:54:51 -07:00
Moisés Guimarães eba36226dc Boundaries check for DoCertificateRequest. 
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
 2014-03-13 19:14:13 -03:00
Moisés Guimarães 244e335e81 Boundaries check for DoFinished. 
-- added size and totalSz in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- INCOMPLETE_DATA returned in case of buffer overflow (piece smaller than the expected size);
-- removed unnecessary variable idx;
-- fixed the sniffer to adapt to the changes.
 2014-03-13 19:14:13 -03:00
toddouska 2b8ee45a18 change default static buffer size to record header size to prevent memory fragmentation, only adds 8 bytes to SSL 2014-03-13 11:35:14 -07:00
Moisés Guimarães 78bab91615 removed duplicated check for INCOMPLETE_DATA 
added new size enums
 2014-02-24 11:26:55 -03:00
John Safranek f669e73c8d Merge branch 'master' of github.com:cyassl/cyassl 2014-02-03 14:49:38 -08:00
Moisés Guimarães 36b5bf0df1 Renaming Elliptic Curves to Supported Curves for better extension representation and avoid confusion. 2014-02-03 16:14:35 -03:00
John Safranek 909b9258d6 Thread safe OCSP. 2014-01-31 16:59:13 -08:00
Moisés Guimarães 9490c0dbaf validating curves 2014-01-31 16:52:14 -03:00
Moisés Guimarães de6a537896 exporting pkCurve info to ctx and ssl 2014-01-31 16:52:14 -03:00
Moisés Guimarães 70e3d6ddb0 removing missing extensions 2014-01-31 16:52:13 -03:00
Moisés Guimarães 75ae9dc973 added external api for Elliptic Curves Extension. 2014-01-31 16:52:13 -03:00
Moisés Guimarães 8541c2cc97 added renegotiation indication SCSV sending on client hello. 2014-01-21 11:38:59 -03:00
John Safranek d46c68ba10 Moved OCSP into the CertManager like the CRL. 2013-12-27 12:11:47 -08:00
Moisés Guimarães ffd58e27ef removing deprecated TRUNCATED_HMAC_SIZE 2013-12-12 21:05:31 -03:00
John Safranek 9fe165e8f8 1. Added a couple missing checks for NULL pointers in DTLS code. 
2. Fixed compiler warning under Windows.
3. DTLS sliding window packet filter.
 2013-12-03 15:11:00 -08:00
Moisés Guimarães 0c1e02ddd0 added truncated_hmac handing on SanityCheckCipherText, VerifyMac and BuildMessage 2013-12-02 16:19:52 -03:00
Moisés Guimarães ba18f8b03e added new function to retrieve SNI from a buffer. 2013-11-21 21:25:42 -03:00
John Safranek 4377996d87 Saved original SKID and AKID from certificate for later use with X.509 functions. 2013-11-19 16:20:18 -08:00
John Safranek 0fd6aed9b6 Save more decoded data from certificate for later use with X.509 functions. 2013-11-19 14:44:55 -08:00
Takashi Kojo 16bda74536 For MDK5 Pack 2013-11-07 10:29:01 +09:00
John Safranek 20e6ac7104 Added public key type to PKEY copy 2013-11-06 14:16:21 -08:00
John Safranek 4dc30fcde5 Added X.509 accessor for signature. 2013-11-06 11:49:49 -08:00
John Safranek 913e200cd0 X.509 Additions: 
* CyaSSL_X509_d2i()
* CyaSSL_X509_d2i_fp()
* CyaSSL_X509_version()
* CyaSSL_X509_get_notBefore()
* CyaSSL_X509_get_notAfter()
* CyaSSL_X509_STORE_new()
* CyaSSL_X509_STORE_free()
* CyaSSL_X509_STORE_add_cert()
* CyaSSL_X509_STORE_set_default_paths()
* CyaSSL_X509_get_pubkey()
* CyaSSL_EVP_PKEY_free()
* CyaSSL_X509_NAME_get_text_by_NID()
* CyaSSL_X509_NAME_entry_count()
* CyaSSL_X509_verify_cert()
* CyaSSL_X509_STORE_CTX_new()
* CyaSSL_X509_STORE_CTX_init()
* CyaSSL_X509_STORE_CTX_free()
 2013-11-04 11:02:17 -08:00
toddouska 8c7715ee33 remove CBC naming from HC-128 suites 2013-10-24 12:10:09 -07:00
toddouska f833674171 remove CBC from RABBIT suite naming 2013-10-24 11:52:21 -07:00
toddouska 4c04b6e714 add AES Blake2b 256 basic suites for speed tests 2013-10-24 11:30:51 -07:00
toddouska c039b0106a add HC-128 Blake2b 256 cipher suite for speed test 2013-10-23 17:13:54 -07:00
toddouska a14af5f0b0 move mutex to port layer at crypto level 2013-09-06 16:38:27 -07:00
Moisés Guimarães d7a08b1a76 centralizing MAX_DIGEST_SIZE definition in hmac.h 2013-09-06 15:53:46 -03:00
toddouska e8fcf35098 add Rsa Public/Private client key exchange callbacks, examples 2013-08-26 17:14:19 -07:00
toddouska f3f80bd66e add Rsa Sign/Verify callbacks, client/server examples 2013-08-26 16:27:29 -07:00
toddouska e98f5f95c2 add public key callbacks for ecc sign/verify, examples 2013-08-22 18:19:39 -07:00
toddouska 54a2f8b9aa add useratomic DecryptVerify Callbacks, example 2013-08-21 16:55:34 -07:00
John Safranek 442886a207 Added x509 accessors for the SEP build certificate additions. 2013-08-17 09:01:15 -07:00
toddouska 65f0e9f6b9 add atomic user macencrypt cb 2013-08-09 17:27:15 -07:00
John Safranek 831d9cf640 SEP Profile 
1. Changed session index shift values to constants.
2. Added bounds checking when retrieving a session.
3. Added function to retrieve the peer cert chain from
   a CYASSL_SESSION record.
 2013-08-02 16:03:41 -07:00
John Safranek 1357cdb0e4 SEP Profile 
1. Add session cache index to CYASSL structure.
2. Add accessor for cache index in CYASSL structure.
3. Add copy function for session cache item.
 2013-07-28 17:11:22 -07:00
Moisés Guimarães 55401c13dd Truncated HMAC first part (protocol). Extension processing will be coded later. 2013-07-23 15:42:43 -03:00
toddouska 87eb94b7c4 Merge branch 'master' of github.com:cyassl/cyassl 2013-06-24 14:02:40 -07:00
toddouska b51d6f3b8f add NetX default IO context handling 2013-06-24 14:00:48 -07:00
John Safranek e0a84521c5 Make alert description and level enumerations public. 2013-06-21 14:56:42 -07:00
Moisés Guimarães 5f3ee80407 added: 
- max fragment length extension;
 - CyaSSL_SNI_GetRequest() to get client's request at server side;
 - Automated tests for SNI;
 2013-06-19 15:45:06 -03:00
Moisés Guimarães f1d1898ddf Added new option to SNI: CYASSL_SNI_ANSWER_ON_MISMATCH 
Added new function to SNI API: CyaSSL_SNI_Matched()
 2013-06-03 17:55:06 -03:00
Moisés Guimarães 5c665fe614 Added options to SNI (now it is possible to choose whether or not to abort on a SNI Host Name mismatch) 
Exposed SNI Type at ssl.h
 2013-05-30 15:26:41 -03:00
toddouska d2003bb8b7 merge in sni 2013-05-21 14:37:50 -07:00
John Safranek b347df8d9a DTLS rx size check, ssn10 
Allows for receiving datagrams larger than the MTU that are reassembled
by the IP stack.
 2013-05-21 13:52:22 -07:00
toddouska 7693b4282a turn on large static buffers for callbacks, easier for user 2013-05-20 12:46:54 -07:00
toddouska cfdfa7b2b3 pull in Kojo MDK-ARM projects, changes 2013-05-16 09:47:27 -07:00
John Safranek ac716c96d3 Output buffer size check when sending transmit pool. 
1. Added a call to CheckAvailableSize() when sending the DTLS transmit pool.
2. Rename CheckAvailableSize().
 2013-05-13 12:32:47 -07:00
toddouska 8f0b695249 fix leanpsk build with keep cert / session cert 2013-05-09 15:29:25 -07:00
toddouska 47b468d14f add dtls recv timeout max user setting too 2013-05-08 12:49:55 -07:00
toddouska 8cb5f6d5d4 add user setting for dtls recv timeout init value 2013-05-07 16:14:26 -07:00
toddouska a0c630b4ee add cert cache persistence 2013-05-02 11:34:26 -07:00
toddouska 5a1886656a Merge branch 'master' of github.com:cyassl/cyassl 2013-04-29 14:23:22 -07:00
toddouska 5c4fdb30ad add client session table lookup based on serverID, use CyaSSL_SetServerID to set/store with serverid 2013-04-29 14:22:32 -07:00
John Safranek 87048698e5 use subject key id and authentication key id to ID CA certs in the signers list instead of subject name hashes. 2013-04-29 12:08:16 -07:00
toddouska 05dd84598b turn CA signer list into CA signer hash table, defaults CA_TABLE_SIZE to 11 2013-04-25 15:36:33 -07:00
toddouska bad1c32df2 add session cert conversion to x509, and free x509 for dynamic variety 2013-04-23 11:50:06 -07:00
toddouska 11d81b86de change windows low res timer return 2013-04-22 10:52:38 -07:00
toddouska d665e16bd8 add user ctx to verify callback with CyaSSL_SetCertCbCtx 2013-04-18 10:37:10 -07:00
John Safranek fe13b4b6c6 moved and renamed the CBIO error codes so they are publically available 2013-04-16 12:32:55 -07:00
toddouska a2bd6e786d fix leanpsk NO_SHA build 2013-04-10 12:42:51 -07:00
John Safranek 9b0ffa0249 brought CYASSL_CALLBACK code up to current standard 2013-04-08 15:34:54 -07:00
John Safranek e9bc868dbb AES-GCM does not require SHA-384, but will use it if enabled in build; reorder some of the requirement checks to regroup some NO_RSA suite checks 2013-04-01 14:25:20 -07:00