John Safranek
618d282d94
Decodes the Name Constraints certificate extension on the CA cert
...
and checks the names on the peer cert, rejecting it if invalid
based on the name.
2014-04-28 11:03:24 -07:00
Moisés Guimarães
8d8fca67c3
SHA256, SHA384 and SHA512 error propagation. Major impact on random functions with error propagation.
2014-04-14 21:39:14 -03:00
Moisés Guimarães
32e2d7016f
SHA256, SHA384 and SHA512 error propagation. Major impact on Hmac functions with error propagation.
2014-04-14 21:36:04 -03:00
Moisés Guimarães
644bb9c524
SHA256, SHA384 and SHA512 error propagation. Minor impact on some of internal.c static functions.
2014-04-14 21:28:23 -03:00
Moisés Guimarães
41cc5f06e4
camellia_setup128 and camellia_setup256 refactory to reduce stack usage:
...
--- subL and subR variables moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error in CamelliaSetKey function.
2014-04-14 21:28:22 -03:00
John Safranek
d7eff191ce
Merge branch 'master' of github.com:cyassl/cyassl
2014-04-14 10:35:39 -07:00
John Safranek
ede2aa9c91
allow key use extension errors to be overriden with verify callback
2014-04-14 10:29:29 -07:00
Chris Conlon
be65f5d518
update FSF address, wolfSSL copyright
2014-04-11 15:58:58 -06:00
John Safranek
421c08fc61
Merge branch 'frankencert'
2014-04-11 10:01:03 -07:00
John Safranek
603192f153
Removed an incorrect key use check.
2014-04-10 23:31:43 -07:00
John Safranek
e79ce42ef4
Added checking of the key usage and extended key usage extensions in the
...
certificates.
2014-04-10 16:50:14 -07:00
toddouska
4a99031b8d
fix psk requires with different first byte
2014-04-10 14:58:15 -07:00
toddouska
e40bc9b72d
remove extra spaces
2014-04-10 14:13:18 -07:00
toddouska
5de34bf987
add client suite verify, detect mismatch early
2014-04-10 14:11:30 -07:00
John Safranek
2c97d38c2c
Removed previous change. Fixed it in the Sanity check instead.
2014-04-08 17:00:21 -07:00
John Safranek
52503c713c
fix calls to AesGcmDecrypt and AesCcmDecrypt
2014-04-08 16:35:26 -07:00
toddouska
1863af0762
remove CYASSL_MSG undef
2014-04-04 15:13:44 -07:00
toddouska
562b017776
user settings, custom rand gen, by tyto diff
2014-04-04 15:10:08 -07:00
toddouska
e0534da461
mp Harmony 0.80 beta fix
2014-04-01 13:49:30 -07:00
toddouska
c210600d93
RSA fips mode
2014-04-01 13:08:48 -07:00
toddouska
4ba587b18a
Merge branch 'master' of github.com:cyassl/cyassl
2014-04-01 12:06:48 -07:00
John Safranek
b5a27b0f41
Add compile flag to disable Cert Sign key usage flag check.
2014-03-28 11:21:07 -07:00
John Safranek
4b22986e74
Check for Certificate Sign key usage bit on intermediate CAs.
2014-03-28 10:10:22 -07:00
Moisés Guimarães
6b9f711de0
DesSetKey refactory to reduce stack usage:
...
--- buffer variable moved to the heap;
--- return type changed to int, returning 0 for success;
--- chain of dependency updated to propagate the error.
2014-03-28 12:59:39 -03:00
toddouska
05b132ce1c
HMAC fips mode
2014-03-27 15:43:54 -07:00
toddouska
7dd265cf2e
SHA384 fips mode
2014-03-27 14:37:37 -07:00
toddouska
e873d7998b
SHA512 fips mode
2014-03-27 14:03:12 -07:00
Chris Conlon
59c1adaf0e
version 2.9.2 release
2014-03-27 10:35:57 -06:00
Chris Conlon
4677f2f2c1
fix windows warnings, ignore empty file ones
2014-03-27 10:09:14 -06:00
toddouska
7e9be23628
fix item 5 from report by Ivan Fratric of the Google Security Team
2014-03-26 13:54:16 -07:00
toddouska
717f3adb47
fix item 9 from report by Ivan Fratric of the Google Security Team
2014-03-26 13:28:19 -07:00
toddouska
86ebc48032
fix for item 7 report by Ivan Fratric of the Google Security Team
2014-03-26 13:16:43 -07:00
toddouska
23300a201f
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-26 12:15:04 -07:00
toddouska
43909ac725
fix sslv3 verify mac pad check, item 6 by report from Ivan Fratric of the Google Security Team
2014-03-26 12:14:18 -07:00
John Safranek
dd61daef70
When saving the signature from a DecodedCert to a CYASSL_X509 only copy
...
the signature if it exists.
2014-03-26 12:01:26 -07:00
toddouska
d5be4c4663
SHA-256 fips mode
2014-03-25 17:11:15 -07:00
toddouska
b41186a6dd
Merge branch 'master' of github.com:cyassl/cyassl
2014-03-25 16:02:12 -07:00
toddouska
3607db9077
add SHA1 fips mode
2014-03-25 16:01:17 -07:00
toddouska
fb6d671629
resolve pull request merge conflict
2014-03-25 11:39:07 -07:00
toddouska
8c5d958a8b
add Aes SetIV fips mode
2014-03-24 14:01:36 -07:00
toddouska
0ea10a4388
add 3DES fips mode
2014-03-24 13:37:52 -07:00
toddouska
9fe9276236
finish fips aes w/ tests
2014-03-21 14:49:49 -07:00
toddouska
58885b36eb
add AesCbc fips mode
2014-03-19 16:43:52 -07:00
toddouska
388436c53e
add AesSetKey fips mode
2014-03-19 13:56:11 -07:00
toddouska
8bbc30f3e1
add fips enable switch
2014-03-19 09:43:57 -07:00
Chris Conlon
5a1d420652
move CyaSSL_dtls() and CyaSSL_get_using_nonblock() out of #ifndef CYASSL_LEANPSK for use of leanPSK with standard I/O
2014-03-14 15:33:49 -06:00
Moisés Guimarães
0a5b758de3
Boundaries check for DoCertificate .
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- OPAQUE24_LEN used whenever 3 bytes are needed;
-- removed unnecessary variable i;
-- Moved BUFFER_E check outside of the while, check against certSz is not needed, in this case the problem is a malformed packet since certSz can never be bigger than listSz.
2014-03-13 19:15:26 -03:00
Moisés Guimarães
2d2d1341cf
Boundaries check for DoCertificateVerify.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the hello size);
-- ENUM_LEN and OPAQUE8_LEN used whenever 1 byte is needed;
-- OPAQUE16_LEN used whenever 2 bytes are needed;
-- removed unnecessary variables (signature, sigLen);
-- removed unnecessary #ifdef HAVE_ECC.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
eba36226dc
Boundaries check for DoCertificateRequest.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00
Moisés Guimarães
7630b1d222
Boundaries check for DoHelloVerifyRequest.
...
-- added size in the function parameters;
-- BUFFER_ERROR returned in case of message overflow (piece larger than the message size);
-- OPAQUE16_LEN used where 2 bytes are needed.
2014-03-13 19:14:13 -03:00