Commit Graph

807 Commits

Author SHA1 Message Date
John Safranek 618d282d94 Decodes the Name Constraints certificate extension on the CA cert
and checks the names on the peer cert, rejecting it if invalid
based on the name.
2014-04-28 11:03:24 -07:00
Moisés Guimarães 8d8fca67c3 SHA256, SHA384 and SHA512 error propagation. Major impact on random functions with error propagation. 2014-04-14 21:39:14 -03:00
Moisés Guimarães 32e2d7016f SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation. 2014-04-14 21:36:04 -03:00
Moisés Guimarães 644bb9c524 SHA256, SHA384 and SHA512 error propagation. Minor impact on some of internal.c static functions. 2014-04-14 21:28:23 -03:00
Moisés Guimarães 41cc5f06e4 camellia_setup128 and camellia_setup256 refactory to reduce stack usage:
--- subL and subR variables moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error in CamelliaSetKey function.
2014-04-14 21:28:22 -03:00
John Safranek d7eff191ce Merge branch 'master' of github.com:cyassl/cyassl 2014-04-14 10:35:39 -07:00
John Safranek ede2aa9c91 allow key use extension errors to be overriden with verify callback 2014-04-14 10:29:29 -07:00
Chris Conlon be65f5d518 update FSF address, wolfSSL copyright 2014-04-11 15:58:58 -06:00
John Safranek 421c08fc61 Merge branch 'frankencert' 2014-04-11 10:01:03 -07:00
John Safranek 603192f153 Removed an incorrect key use check. 2014-04-10 23:31:43 -07:00
John Safranek e79ce42ef4 Added checking of the key usage and extended key usage extensions in the
certificates.
2014-04-10 16:50:14 -07:00
toddouska 4a99031b8d fix psk requires with different first byte 2014-04-10 14:58:15 -07:00
toddouska e40bc9b72d remove extra spaces 2014-04-10 14:13:18 -07:00
toddouska 5de34bf987 add client suite verify, detect mismatch early 2014-04-10 14:11:30 -07:00
John Safranek 2c97d38c2c Removed previous change. Fixed it in the Sanity check instead. 2014-04-08 17:00:21 -07:00
John Safranek 52503c713c fix calls to AesGcmDecrypt and AesCcmDecrypt 2014-04-08 16:35:26 -07:00
toddouska 1863af0762 remove CYASSL_MSG undef 2014-04-04 15:13:44 -07:00
toddouska 562b017776 user settings, custom rand gen, by tyto diff 2014-04-04 15:10:08 -07:00
toddouska e0534da461 mp Harmony 0.80 beta fix 2014-04-01 13:49:30 -07:00
toddouska c210600d93 RSA fips mode 2014-04-01 13:08:48 -07:00
toddouska 4ba587b18a Merge branch 'master' of github.com:cyassl/cyassl 2014-04-01 12:06:48 -07:00
John Safranek b5a27b0f41 Add compile flag to disable Cert Sign key usage flag check. 2014-03-28 11:21:07 -07:00
John Safranek 4b22986e74 Check for Certificate Sign key usage bit on intermediate CAs. 2014-03-28 10:10:22 -07:00
Moisés Guimarães 6b9f711de0 DesSetKey refactory to reduce stack usage:
--- buffer variable moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error.
2014-03-28 12:59:39 -03:00
toddouska 05b132ce1c HMAC fips mode 2014-03-27 15:43:54 -07:00
toddouska 7dd265cf2e SHA384 fips mode 2014-03-27 14:37:37 -07:00
toddouska e873d7998b SHA512 fips mode 2014-03-27 14:03:12 -07:00
Chris Conlon 59c1adaf0e version 2.9.2 release 2014-03-27 10:35:57 -06:00
Chris Conlon 4677f2f2c1 fix windows warnings, ignore empty file ones 2014-03-27 10:09:14 -06:00
toddouska 7e9be23628 fix item 5 from report by Ivan Fratric of the Google Security Team 2014-03-26 13:54:16 -07:00
toddouska 717f3adb47 fix item 9 from report by Ivan Fratric of the Google Security Team 2014-03-26 13:28:19 -07:00
toddouska 86ebc48032 fix for item 7 report by Ivan Fratric of the Google Security Team 2014-03-26 13:16:43 -07:00
toddouska 23300a201f Merge branch 'master' of github.com:cyassl/cyassl 2014-03-26 12:15:04 -07:00
toddouska 43909ac725 fix sslv3 verify mac pad check, item 6 by report from Ivan Fratric of the Google Security Team 2014-03-26 12:14:18 -07:00
John Safranek dd61daef70 When saving the signature from a DecodedCert to a CYASSL_X509 only copy
the signature if it exists.
2014-03-26 12:01:26 -07:00
toddouska d5be4c4663 SHA-256 fips mode 2014-03-25 17:11:15 -07:00
toddouska b41186a6dd Merge branch 'master' of github.com:cyassl/cyassl 2014-03-25 16:02:12 -07:00
toddouska 3607db9077 add SHA1 fips mode 2014-03-25 16:01:17 -07:00
toddouska fb6d671629 resolve pull request merge conflict 2014-03-25 11:39:07 -07:00
toddouska 8c5d958a8b add Aes SetIV fips mode 2014-03-24 14:01:36 -07:00
toddouska 0ea10a4388 add 3DES fips mode 2014-03-24 13:37:52 -07:00
toddouska 9fe9276236 finish fips aes w/ tests 2014-03-21 14:49:49 -07:00
toddouska 58885b36eb add AesCbc fips mode 2014-03-19 16:43:52 -07:00
toddouska 388436c53e add AesSetKey fips mode 2014-03-19 13:56:11 -07:00
toddouska 8bbc30f3e1 add fips enable switch 2014-03-19 09:43:57 -07:00
Chris Conlon 5a1d420652 move CyaSSL_dtls() and CyaSSL_get_using_nonblock() out of #ifndef CYASSL_LEANPSK for use of leanPSK with standard I/O 2014-03-14 15:33:49 -06:00
Moisés Guimarães 0a5b758de3 Boundaries check for DoCertificate .
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
2014-03-13 19:15:26 -03:00
Moisés Guimarães 2d2d1341cf Boundaries check for DoCertificateVerify.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
2014-03-13 19:14:13 -03:00
Moisés Guimarães eba36226dc Boundaries check for DoCertificateRequest.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães 7630b1d222 Boundaries check for DoHelloVerifyRequest.
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00