| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
| |
TLS::Callbacks::inspect_handshake_message() allows applications
to inspect all handshake messages, but this requires
access to the types in tls_messages.h. As a matter of fact,
this also exports tls_extensions.h as a public header.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Tested against BoringSSL (as client + server) and google.com (as client).
Fix a stupid crashing bug in NewHope's BoringSSL mode.
Remove unneeded error return from curve25519_donna - always returned 0.
Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which
means the default no-extra-configuration ciphersuite (for Botan client speaking
to Botan server) is a ciphersuite which is both implemented in constant time
on all platforms and (hopefully) provides post quantum security. Good Things.
|
| |
|
|
|
|
|
| |
Client interops with google.com, server not tested against an
independent client yet.
|
|
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit
for the changes in 7c7fcecbe6a and 6d327f879c
Add Policy::check_peer_key_acceptable which lets the app set an arbitrary
callback for examining keys - both the end entity signature keys from
certificates and the peer PFS public keys. Default impl checks that the
algorithm size matches the min keylength. This centralizes this logic
and lets the application do interesting things.
Adds a policy for ECDSA group size checks.
Increases default policy minimums to 2048 RSA and 256 ECC.
(Maybe I'm an optimist after all.)
|
|
|
|
|
|
| |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
|
|
|
|
| |
Performs content checks on the value (expected length, expected bytes)
and in constant time returns either the decrypted value or a random value.
|
|
|
|
|
| |
Otherwise a MITM who can in real time break any supported ECC curve can
downgrade us.
|
|
|
|
|
|
|
|
| |
Remove SRP_SHA from the default policy, since normal applications do
not need it.
Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange
constructor, that's the default unique_ptr already.
|
| |
|
|
|
|
| |
since the primality tests are expensive in CPU time.
|
|
|
|
| |
Convert to a const time algo
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
| |
|
| |
|
| |
|
|
|