| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
| |
|
|
|
|
|
| |
No resources to free with actual OS features but might be
of use for later.
|
|
|
|
| |
For now only used by the TLS server.
|
|
|
|
|
|
|
|
|
| |
Prefer using wrappers in mem_utils for this.
Current exception is where memcpy is being used to convert between
two different types, since copy_mem requires input and output
pointers have the same type. There should be a new function to
handle conversion-via-memcpy operation.
|
|
|
|
| |
Coverity find
|
|
|
|
|
|
|
| |
Killing the process seems to result in the coverage info being lost.
I think because gcov writes during an exit handler which ends up
not running if we SIGTERM
|
|
|
|
| |
Fixes #1422
|
|\ |
|
| | |
|
|/ |
|
| |
|
| |
|
|
|
|
| |
Allows cleaning up header includes, also somewhat smaller binaries.
|
|
|
|
| |
Sonar finds
|
| |
|
| |
|
|
|
|
| |
Found by Coverity
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
|
|
| |
Previously if the client did not send signature_algorithms, or if
it only included algos not in the policy, we would just fallback to
the hardcoded SHA-1 default of TLS v1.2
Instead check the policy before accepting anything.
|
|
|
|
|
|
| |
Based on the work by @slicer4ever, adds support for
Windows sockets to http_util. As a bonus, we get Windows support
for tls_client and tls_server CLI.
|
| |
|
|
|
|
|
|
| |
direct TLS CBC testing.
CLI TLS server now catches an exception if an invalid connection is received (Otherwise, the server always stopped working)
|
|
|
|
|
|
| |
Still not a hard error even in maintainer mode because sometimes
system headers pull in C style casts via macros (eg MAP_FAILED).
But, it not being a hard error makes it easy to backslide.
|
|
|
|
|
|
|
| |
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
| |
|
|
|
|
|
|
|
| |
In some cases this can offer better optimization, via devirtualization.
And it lets the user know the class is not intended for derivation.
Some discussion in GH #402
|
|
|
|
| |
Avoids various static init and destruction hassles.
|
|
|
|
|
|
|
| |
for when a command wants an RNG but doesn't much care what kind.
This adds a place where a future --rng-type= option can be consulted
to eg use the system RNG or a user seeded DRBG.
|
|
|
|
| |
See GH #340 and 6b9a3a5 for background
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The command line tools' origin as a collection of examples and test
programs glued together led to some unfortunate problems; lots of
hardcoded values, missing parameters, and obsolete crypto.
Adds a small library for writing command line programs of the sort
needed here (cli.h), which cuts the length of many of the commands in
half and makes commands more pleasant to write and extend.
Generalizes a lot of the commands also, eg previously only
signing/verification with DSA/SHA-1 was included!
Removes the fuzzer entry point since that's fairly useless outside of
an instrumented build.
Removes the in-library API for benchmarking.
|
|
|