aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_ciphersuite.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Add message to BOTAN_ARG_CHECK and use it more widelyJack Lloyd2018-05-131-0/+1
|
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-281-11/+39
| | | | Adds support for PSS signatures (currently verifying only).
* More include header cleanupsJack Lloyd2017-09-211-1/+0
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-2/+2
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Fix bad deref when ciphersuite value is larger than largest known idJack Lloyd2016-12-051-1/+1
| | | | Reported by @neverhub in GH #758 found by libFuzzer
* Simplify TLS::Ciphersuite::cbc_ciphersuiteJack Lloyd2016-11-251-3/+1
| | | | With RC4 removed, anything that is not AEAD is CBC
* Add CECPQ1 TLS ciphersuitesJack Lloyd2016-11-171-0/+6
| | | | | | | | | | | | | Tested against BoringSSL (as client + server) and google.com (as client). Fix a stupid crashing bug in NewHope's BoringSSL mode. Remove unneeded error return from curve25519_donna - always returned 0. Default policy prefers ChaChaPoly1305 over GCM and CECPQ1 over ECDH/DH, which means the default no-extra-configuration ciphersuite (for Botan client speaking to Botan server) is a ciphersuite which is both implemented in constant time on all platforms and (hopefully) provides post quantum security. Good Things.
* Make TLS CBC optionalJack Lloyd2016-10-081-0/+5
|
* Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-311-134/+15
|\ | | | | | | which recently landed on master.
| * Clean up TLS ciphersuite handlingJack Lloyd2016-08-161-33/+15
| | | | | | | | | | | | | | | | | | | | | | | | Stores ciphersuites in a sorted std::vector, then lookups are done by binary search instead of a switch lookup. The loop that explicitly gathered all the ciphersuites out of the switch statement can then be removed, as can Ciphersuite::all_known_ciphersuite_ids which only existed to make the scan loop faster by avoiding having to call by_id on the entire 0x0000-0xFFFF range. Precomputes the result of Ciphersuite::valid at construction time.
| * Save the IETF ciphersute name directly in TLS::CiphersuiteJack Lloyd2016-06-091-101/+0
| | | | | | | | | | | | instead of trying (badly) to reconstruct it in to_string Save all strings in Ciphersuite as const char*
* | Address some issues with PR 492Jack Lloyd2016-08-131-2/+3
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+6
|/ | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* Precompile the list of TLS ciphersuitesJack Lloyd2016-01-061-2/+4
| | | | | | | | | | This avoids a scan over the entire 0 - 0xFFFF space which is mostly empty, by instead keeping a second list in tls_suite_info which is exactly the keys for which the switch statement has values. This scan is only ever done once (when first needed) but removing it is sufficient to increase AFL's throuhput by 4x since it goes through a full startup on each test.
* Missing addsJack Lloyd2015-12-111-1/+0
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-1/+1
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-211-7/+3
|
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-041-6/+4
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-041-9/+30
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-211-2/+8
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-311-14/+27
|
* Cleanup handling of TLS AEAD nonce sizes, push all knowledge of whatlloyd2014-11-031-4/+6
| | | | the nonce sizes should be down to the ciphersuite generating script.
* If the server offers us a SCSV instead of a real ciphersuite send a fatal alertlloyd2014-10-301-0/+6
|
* Move lib into srclloyd2014-01-101-0/+236