| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit
for the changes in 7c7fcecbe6a and 6d327f879c
Add Policy::check_peer_key_acceptable which lets the app set an arbitrary
callback for examining keys - both the end entity signature keys from
certificates and the peer PFS public keys. Default impl checks that the
algorithm size matches the min keylength. This centralizes this logic
and lets the application do interesting things.
Adds a policy for ECDSA group size checks.
Increases default policy minimums to 2048 RSA and 256 ECC.
(Maybe I'm an optimist after all.)
|
| |\
| |
| |
| | |
Merged recent changes and resolved minor conflicts in tls record classes.
|
| | |\ |
|
| | |/ |
|
| | |\ |
|
| | | |
| | |
| | |
| | | |
warnings.
|
| | | |
| | |
| | |
| | | |
compiler warnings
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Move disabling C4250 and C4251 to cmd line instead of header pragma.
This means these warnings will show up in application code. But disabling
warnings inside a library header is probably not good form.
|
| | | |
| | |
| | |
| | | |
Now allows up to 60 minute builds, so build normally.
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
| |/ /
| |
| |
| |
| |
| |
| | |
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
|
| | |
| |
| |
| | |
[ci skip]
|
| | | |
|
| |/ |
|
| |\
| |
| |
| |
| |
| |
| | |
validation
Previously an unknown extension would be rejected during parsing, which
prevents examining such a cert at all
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously unknown critical extensions were rejected during
X509_Certificate constructor, which inhibited inspecting other
parts of such a certificate. Refactored the certificate extensions
code so that the path validation routine performs this check only.
Additionally, added an interface for extensions to inspect the path
during path validation. TODOs were added in places where existing path
validation code can use the new interface.
Fixes GH #449.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
Only affects decoding of session ticket lifetimes.
GH #478
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With sufficient squinting, Transform provided an abstract base
interface that covered both cipher modes and compression algorithms.
However it mapped on neither of them particularly well. In addition
this API had the same problem that has made me dislike the Pipe/Filter
API: given a Transform&, what does it do when you put bits in? Maybe
it encrypts. Maybe it compresses. It's a floor wax and a dessert topping!
Currently the Cipher_Mode interface is left mostly unchanged, with the
APIs previously on Transform just moved down the type hierarchy. I
think there are some definite improvements possible here, wrt handling
of in-place encryption, but left for a later commit.
The compression API is split into two types, Compression_Algorithm and
Decompression_Algorithm. Compression_Algorithm's start() call takes
the compression level, allowing varying compressions with a single
object. And flushing the compression state is moved to a bool param on
`Compression_Algorithm::update`. All the nonsense WRT compression
algorithms having zero length nonces, input granularity rules, etc
as a result of using the Transform interface goes away.
|
| |\ \ \ |
|
| | |/ / |
|
| |\ \ \
| |/ /
|/| | |
|
| | | | |
|
| |/ / |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
manifesting as broken sockets.
Leave the client socket open until the alert has been sent.
|
| | |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL sends an empty record before each new data record in TLS v1.0
to randomize the IV, as a countermeasure to the BEAST attack. Most
implementations use 1/(n-1) splitting for this instead.
Bug introduced with the const time changes in 1.11.23
|
| | |
| |
| |
| | |
Fix exception message
|
| | |
| |
| |
| |
| |
| |
| | |
Fixes GH #460
Closes GH #474
[ci skip]
|
| |\ \
| | |
| | |
| | |
| | |
| | | |
Resolves problems with shared lib on OS X caused by incorrect dylib naming
Fixes GH #467
|
| | |/ |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Cast std::streamsize to size_t since MSVC is worried gcount() might
return a negative number.
The entropy callbacks took the entropy estimate as a size_t instead of
a double, which causes some verbose warnings due to the conversion.
|
| |\ \
| | |
| | |
| | | |
Fixes GH #461
|
| | | | |
|
| | |/ |
|
| |\ \
| |/
|/|
| |
| |
| |
| |
| | |
Apparently adding a dllexport annotation causes VC to want to emit
some object code somewhere, and since AutoSeeded_RNG is entirely
inline this fails with a link error (GH #451). GCC's visibility
attribute just changes what symbols are marked as exported, so did not
trigger the problem.
|
| |/
|
|
| |
GH #451
|
| | |
|
| | |
|
| | |
|
| |\
| |
| | |
Add more tests for ffi
|
| |/ |
|
| | |
|
