Commit Graph

957 Commits

Author SHA1 Message Date
Moisés Guimarães d61af5d9ae adds record_overflow alert used by max_fragment_length tls extension. 2014-09-18 21:53:10 -03:00
toddouska 75657aad40 secure r extensions, sizes correct 2014-09-17 13:49:51 -07:00
toddouska 110a65d41a fix secure r extensions send/recv 2014-09-16 18:56:32 -07:00
toddouska a735a52608 switch to extensions secure r state 2014-09-16 17:26:57 -07:00
Moisés Guimarães d80e820654 Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions.
Adds SecureRenegotiation functions
2014-09-16 20:33:17 -03:00
Moisés Guimarães 89b972d946 Renames TLSX_Append to TLSX_Push, adding data param and making sure the list doesn't holds duplicate extensions.
Adds SecureRenegotiation functions
2014-09-16 20:21:29 -03:00
toddouska 91e4545441 use new name under tlsx for secure r flags 2014-09-16 16:19:22 -07:00
toddouska 4bb20612a1 move secure r inside of tls extensions 2014-09-16 12:42:13 -07:00
toddouska 9a90a0c113 save secure r verify data 2014-09-16 11:51:13 -07:00
toddouska 2e6b472ace init secure r state 2014-09-15 15:22:13 -07:00
toddouska f45ffe4a38 fix clang analyzer warning 2014-09-12 11:14:23 -07:00
Chris Conlon c2c9922380 fix Visual Studio warning, scan-build issue 2014-09-10 16:17:13 -06:00
John Safranek 91214ad5a6 Fixed issue with ECDH-ECDSA cipher suites rejecting certificates without
the DigitalSignature key usage.
2014-09-09 17:49:38 -07:00
toddouska 2c595139db fix tirtos merge 2014-09-08 19:40:03 -07:00
Moisés Guimarães d6b4f85d7c Makes TLS_EMPTY_RENEGOTIATION_INFO_SCSV suite optional if using SetCipherList() 2014-09-08 15:03:30 -03:00
toddouska f8f9008c96 simplify hello_request padSz calc with cached value 2014-09-05 16:18:10 -07:00
toddouska c8d67670f3 fix hello_request processing w/ mac-verify at upper layer 2014-09-05 14:29:18 -07:00
toddouska 907670f89a fix github issue #127 2014-09-03 16:56:49 -07:00
Moisés Guimarães 8bb52380a8 TLS_EMPTY_RENEGOTIATION_INFO_SCSV added on SetCipherList.
Function InitSuitesHashSigAlgo() extracted from InitSuites and SetCipherList.
2014-09-01 18:35:30 -03:00
John Safranek 2362dfdfa8 Fixed minor typecasting bugs for OCSP 2014-08-28 16:04:51 -07:00
toddouska b6345d654a delay ssl server from creating ecdhe key until really needed 2014-08-27 10:48:19 -07:00
John Safranek 496228e5b0 Merge branch 'master' of github.com:cyassl/cyassl 2014-08-19 22:38:42 -07:00
John Safranek 100f0e8a96 Don't allow sniffer to decrypt records if the key hasn't been setup. (Possible with misbehaving client.) 2014-08-19 22:38:04 -07:00
toddouska 87564bdffe get_cipher fixes 2014-08-15 10:56:38 -07:00
toddouska aaf4e74453 Merge https://github.com/ShaneIsrael/cyassl into shane 2014-08-15 10:03:50 -07:00
toddouska 7752fe0331 Merge pull request #122 from JacobBarthelmeh/master
Fuzzer callbacks with fuzzer ctx pointer
2014-08-15 09:43:31 -07:00
John Safranek 7e6b3a86d5 Added more bounds checking when saving a DTLS message fragment. 2014-08-14 15:14:29 -07:00
ShaneIsrael 57f2affe20 Added GetCipherName() which takes an index 2014-08-13 09:46:13 -06:00
ShaneIsrael f043b90a7f fixed line comment 2014-08-12 16:30:51 -06:00
JacobBarthelmeh 856aab7f30 add fuzzer CYASSL* and fuzzer ctx 2014-08-12 16:25:58 -06:00
ShaneIsrael bb9696c9f2 Added CyaSSL_get_ciphers() and necessary functions 2014-08-12 16:17:36 -06:00
JacobBarthelmeh a18602951b record header fuzz 2014-08-12 11:56:20 -06:00
JacobBarthelmeh 58caf70dc9 Merge remote-tracking branch 'upstream/master' 2014-08-12 10:38:12 -06:00
JacobBarthelmeh 5c72bf6272 fuzzer callbacks 2014-08-11 16:29:19 -06:00
Moisés Guimarães 1a8d06a0e3 keys: fixing DeriveKeys:
--- variables md5InputSz, shaInputSz and keyDataSz removed

keys: refactoring MakeSslMasterSecret to reduce stack usage:
--- variable shaOutput moved to the heap (20 bytes saved)
--- variable md5Input moved to the heap (532 bytes saved)
--- variable shaInput moved to the heap (579 bytes saved)
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
2014-08-11 14:17:44 -07:00
Moisés Guimarães 39c167710f keys: refactoring DeriveKeys to reduce stack usage:
--- variable shaOutput moved to the heap (20 bytes saved)
--- variable md5Input moved to the heap (68 bytes saved)
--- variable shaInput moved to the heap (119 bytes saved)
--- variable keyData moved to the heap (112 bytes saved)
--- variable md5 moved to the heap (sizeof(Md5) saved)
--- variable sha moved to the heap (sizeof(Sha) saved)
2014-08-05 15:28:30 -07:00
Moisés Guimarães 32847ee78e tls: refactoring CyaSSL_make_eap_keys to reduce stack usage:
--- variable seed moved to the heap (up to 64 bytes saved)
2014-08-05 15:28:30 -07:00
Moisés Guimarães 04dd56df79 tls: refactoring MakeTlsMasterSecret to reduce stack usage:
--- variable seed moved to the heap (up to 64 bytes saved)
2014-08-05 15:28:30 -07:00
Moisés Guimarães c74440b27e tls: refactoring DeriveTlsKeys to reduce stack usage:
--- variable seed moved to the heap (up to 64 bytes saved)
--- variable key_data moved to the heap (up to 224 bytes saved)
2014-08-05 15:28:30 -07:00
Moisés Guimarães 0283a917e8 tls: refactoring doPRF to reduce stack usage:
--- variable md5_hash moved to the heap (up to 256 bytes saved)
--- variable sha_hash moved to the heap (up to 256 bytes saved)
--- variable labelSeed moved to the heap (up to 128 bytes saved)
--- variable md5_result moved to the heap (up to 224 bytes saved)
--- variable sha_result moved to the heap (up to 224 bytes saved)

tls: refactoring PRF to reduce stack usage:
--- variable labelSeed moved to the heap (up to 128 bytes saved)
2014-08-05 15:28:30 -07:00
Moisés Guimarães e3db86753c tls: refactoring p_hash to reduce stack usage:
--- variable previous moved to the heap (up to 48 bytes saved)
--- variable current moved to the heap (up to 48 bytes saved)
--- variable hmac moved to the heap (sizeof(Hmac) bytes saved)
2014-08-05 15:28:30 -07:00
toddouska 7a95bc452d Merge branch 'master' into ti 2014-07-29 16:20:57 -07:00
Jonas Norling 277598e34a Use same sequence number calculation in tls.c and internal.c
The DTLS sequence number used when decrypting CCM/GCM was taken from
the internal state, instead of from the actual message record.

If any DTLS messages were dropped, the expectation of the next
sequence number was wrong. This lead to a failed MAC check on the next
message to arrive, and an alert was generated.
2014-07-28 15:10:17 -07:00
toddouska aba16ae239 Merge branch 'master' into ti 2014-07-24 20:15:18 -07:00
toddouska 4ebd5a0717 remove hard tabs 2014-07-24 20:12:10 -07:00
JacobBarthelmeh 3f2ee0801a declaration locations for ARM 2014-07-24 18:59:39 -06:00
toddouska 0c6a961e35 Merge branch 'master' into ti 2014-07-23 14:20:58 -07:00
Moisés Guimarães c20fdb037e io: refactoring EmbedOcspLookup:
--- single return point
--- changed stack reduction MEMORY_E to -1 to match XMALLOC fail at httpBuf
--- variable written removed
--- variable ocspRespSz renamed to ret (initialized with -1  and set only once with process_http_response result)
2014-07-23 13:20:23 -03:00
Moisés Guimarães 7dfb9e2d5f io: refactoring EmbedGenerateCookie to reduce stack usage:
--- use ShaHash instead of InitSha, ShaUpdate and ShaFinal (sizeof(Sha) saved)

io: refactoring EmbedOcspLookup to reduce stack usage:
--- variable domainName moved to the heap (80 bytes saved)
--- variable path moved to the heap (80 bytes saved)
2014-07-23 12:28:54 -03:00
toddouska ec0fd7e969 Merge branch 'master' into ti 2014-07-22 13:55:59 -07:00