| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
It thinks the typedefs are "locals" that are being conflicted with,
which seems wrong to me but whatever.
|
|
|
|
|
|
| |
Lambda works just as well here.
GH #493
|
|
|
|
|
| |
It was never supported and never will be. Removing negotiation entirely
simplifies the code a bit.
|
|
|
|
| |
GH #1303
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
That way we avoid the warning internally even in amalgamation mode.
GH #1243
|
|
|
|
|
|
|
| |
Generally speaking reinterpret_cast is sketchy stuff. But the
special case of char*/uint8_t* is both common and safe. By
isolating those, the remaining (likely sketchy) cases are easier
to grep for.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When renegotiating the client checks that the server hasn't
changed its mind about supporting the renegotiation extension
(this is a likely indicator of an attack).
However due to a typo the client was actually comparing the
value in the client hello of the first handshake against the
server hello in the renegotiation handshake. Since Botan always
sends the renegotiation extension, this would cause the check to
fail when renegotiating with an old server that doesn't support
the renegotiation extension.
Reported on mailing list by Falko Strenzke. Tested patch against
OpenSSL 0.9.8k
|
|
|
|
|
|
|
| |
TLS::Callbacks::inspect_handshake_message() allows applications
to inspect all handshake messages, but this requires
access to the types in tls_messages.h. As a matter of fact,
this also exports tls_extensions.h as a public header.
|
|
|
|
|
|
| |
Renames a couple of functions for somewhat better name consistency,
eg make_u32bit becomes make_uint32. The old typedefs remain for now
since probably lots of application code uses them.
|
|
|
|
|
|
| |
It is the only function in C_M which is called on to process session-specific
(and adversarially provided) inputs, rather than passively returning some credential
which is typically not session specific.
|
|
|
|
|
|
| |
The current session established cb happens before the session is
activated, so it is not possible to send application data in
response to the connection being made.
|
|
|
|
|
| |
Now record layer only deals with an AEAD, and the weird complications
of CBC modes mostly hidden in tls_cbc.cpp
|
|\
| |
| |
| | |
which recently landed on master.
|
| |
| |
| |
| |
| |
| | |
Just to avoid the unused parameter warning (we want the parameter
to be named in the header for documentation purposes, but in that
case GCC warns that the param is unused).
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works
Split out the compat (std::function) based interface to Compat_Callbacks.
This avoids the overhead of empty std::functions when using the virtual
interface, and ensures the virtual interface works since there is no
callback path that does not involve a vtable lookup.
Rename the TLS::Callback functions. Since the idea is that often an owning
class will pass *this as the callbacks argument, it is good to namespace
the virtual functions so as not to conflict with other names chosen by
the class. Specifically, prefixes all cb functions with tls_
Revert changes to use the old style alert callback (with no longer used data/len
params) so no API changes are required for old code. The new Callbacks interface
continues to just receive the alert code itself.
Switch to virtual function interface in CLI tls_client for testing.
Inline tls_server_handshake_state.h - only used in tls_server.cpp
Fix tests - test looked like it was creating a new client object but it
was not actually being used. And when enabled, it failed because the queues
were not being emptied in between. So, fix that.
|
| |
| |
| |
| |
| | |
- Added legacy constructor support for TLS::Channel, TLS::Client,
TLS::Server.
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
- extracted inner class TLS::Channel::Callbacks to stand-alone class
TLS::Callbacks.
- provided default implementations for TLS::Callbacks members executing
calls to std::function members for backward compatibility.
- applied changes to cli, tests and TLS::Channel related classes to be
compatible with new interface.
|
| |
| |
| |
| |
| |
| | |
- Removed deprecated TLS-Alert-Callback parameters.
- Fixed improper naming of accessor for ALPN-Strings in tls_client.h
- Fixed erroneous indentation on Ciphersuite Constructor.
|
| |
| |
| |
| |
| |
| |
| | |
-reduced number of parameters in various methods
-reduced cyclomatic complexity (McCabe-Metric)
-removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover
from heartbeat extension removal?)
|
| | |
|
| | |
|
|\|
| |
| |
| | |
Merged recent changes and resolved minor conflicts in tls record classes.
|
| |
| |
| |
| | |
warnings.
|
| |
| |
| |
| | |
compiler warnings
|
|/
|
|
|
|
| |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
| |
|
|
|
|
|
| |
The signature of the alert callback remains unchanged to avoid
breaking applications, though now the buffer parameter is never set.
|
|
|
|
|
|
|
|
| |
As the alternatives are unfortunate for applications trying to catch
all library errors, and it seems deriving from std::runtime_error
causes problems with MSVC DLLs (GH #340)
Effectively reverts 2837e915d82e43
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use constant time operations when checking CBC padding in TLS decryption
Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes
from working: on decode the session id and hello cookie would be
swapped, causing confusion between client and server.
Various changes in the service of finding the above DTLS bug that
should have been done before now anyway - better control of handshake
timeouts (via TLS::Policy), better reporting of handshake state in the
case of an error, and finally expose the facility for per-message
application callbacks.
|
| |
|
| |
|
|
|
|
|
| |
Update license header line to specify the terms and refer to the file,
neither of which it included before.
|
|
|
|
|
| |
random instead of all-zero padding. Check on sanity of received pads
to the extent possible. Bugzilla 269.
|
|
|
|
|
| |
with the setting set in the constructor. This prevents various surprising
things from happening to applications and simplifies record processing.
|
| |
|
| |
|
| |
|
|
|