aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_cbc
Commit message (Collapse)AuthorAgeFilesLines
* Remove redundant checkJack Lloyd2017-10-201-3/+0
| | | | | | CBC mode already has this same size check. [ci skip]
* Use base CBC modes to implement TLS CBC ciphersuitesJack Lloyd2017-10-193-49/+36
| | | | | This reduces code and also lets TLS make use of parallel decryption which it was not doing before.
* Remove redundant parensJack Lloyd2017-10-031-1/+1
| | | | Sonar
* In TLS CBC padding check, only need to verify last 256 bytesJack Lloyd2017-09-291-8/+16
| | | | | No reason to scan the entire record since it's assured at most 256 bytes of padding are used. Inspired by GH #1227
* Add a test of TLS CBC padding verificationJack Lloyd2017-09-292-9/+12
| | | | See also GH #1227
* More include header cleanupsJack Lloyd2017-09-211-1/+0
|
* Change header guard format to BOTAN_FOO_H_Jack Lloyd2017-09-201-2/+2
| | | | | | ISO C++ reserves names with double underscores in them Closes #512
* Add API stability annotations.Jack Lloyd2017-09-191-3/+3
| | | | | Defined in build.h, all equal to BOTAN_DLL so ties into existing system for exporting symbols.
* Use constant_time_compare instead of same_memJack Lloyd2017-09-161-2/+2
| | | | New name, same great operation
* More MSVC warnings fixesJack Lloyd2017-08-311-5/+5
|
* Avoid false positive valgrind in TLS CBC decryptionJack Lloyd2017-08-291-2/+2
| | | | | | We poisoned the record before decrypting it, which caused failures with Camellia ciphersuites (or AES, on platforms that use T-tables). Instead poison it right after decrypting.
* Remove "Dirty hack" for multiple defines in lex_me_harder()Simon Warta2017-04-021-1/+3
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-182-51/+51
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* TLS CBC functionality now exposed to the library developer. Useful for ↵Juraj Somorovsky2016-11-191-1/+1
| | | | | | direct TLS CBC testing. CLI TLS server now catches an exception if an invalid connection is received (Otherwise, the server always stopped working)
* Cipher_Mode and AEAD_Mode improvementsDaniel Neus2016-11-082-2/+13
| | | | | | | | | | | | See PR #552 - Add Cipher_Mode::reset() which resets just the message specific state and allows encrypting again under the existing key - In Cipher_Mode::clear() (at some planes) use cipher->clear() instead of resetting the pointer which would make the cipher object unusable - EAX_Decryption::output_length() bugfix?! Now its possible to decrypt an empty ciphertext (just a tag) - Bugfix for GCM_Decryption::finish() - set tag length in GCM_Mode::name() - Cipher_Mode tests: add tests for reset()and process() - AEAD_Mode tests: add tests for reset(), clear(), update() and process()
* Simplify some code by using T::create_or_throwJack Lloyd2016-11-031-7/+2
|
* Merge GH #675 Lucky13 countermeasuresJack Lloyd2016-10-242-0/+82
|\
| * Final changes, now using the countermeasure from the Lucky 13 paper again ↵Juraj Somorovsky2016-10-231-36/+32
| | | | | | | | | | | | (or a countermeasure that is very similar to it). Timing differences in the test suite show at most 120 clock cycle difference (SHA-1/256/384).
| * SHA384 countermeasure (not perfect, but makes the attack harder)Juraj Somorovsky2016-10-221-19/+27
| |
| * Lucky 13 patch for SHA-1 and SHA-256Juraj Somorovsky2016-10-162-0/+78
| |
* | Maintainer mode fixesJack Lloyd2016-10-171-7/+3
|/
* Make TLS CBC optionalJack Lloyd2016-10-083-0/+576