aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_extensions.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-86/+86
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Add OCSP stapling support to TLS clientJack Lloyd2016-11-261-7/+64
|
* Fix incompatability with (some) common TLS stackJack Lloyd2016-11-161-3/+8
| | | | | | | | Several sites including oracle.com seem to send extension 11 (point format) even if we (the client) did not send it. Then the handshake fails. To workaround this problem, simply always send this extension as the client, instead of only sending it if we wished to support compressed points.
* Add an in-house EC curve for TLS at compile-timeRené Korthaus2016-11-031-0/+10
| | | | | | One additional, application-specific curve can be added at compile time, using the new configure.py --house-curve=curve.pem,funky311,1.2.3.4,FEFF.
* X25519 key exchange for TLSJack Lloyd2016-10-211-3/+19
| | | | | Client interops with google.com, server not tested against an independent client yet.
* Minor improvementsRené Korthaus2016-10-031-9/+1
|
* Support encoding of supported point formats extensionRené Korthaus2016-10-031-0/+48
|
* TLS Server should respect client signature_algorithms. Stricter TLS hello ↵Jack Lloyd2016-09-211-5/+16
| | | | | | | | | | | | | | | | | | | | decoding. If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in the shared union of the ciphersuite list and the extension, instead of ignoring it. Found by Juraj Somorovsky GH #619 The TLS v1.2 spec says that clients should only send the signature_algorithms extension in a hello for that version. Enforce that when decoding client hellos to prevent this extension from confusing a v1.0 negotiation. TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension in the client hello. Prohibit it. Reorder the TLS extensions in the client hello so there is no chance an empty extension is the last extension in the list. Some implementations apparently reject such hellos, even (perhaps especially) when they do not recognize the extension, this bug was mentioned on the ietf-tls mailing list a while back.
* Address some issues with PR 492Jack Lloyd2016-08-131-0/+1
| | | | | | | | | | | | | | | | Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit for the changes in 7c7fcecbe6a and 6d327f879c Add Policy::check_peer_key_acceptable which lets the app set an arbitrary callback for examining keys - both the end entity signature keys from certificates and the peer PFS public keys. Default impl checks that the algorithm size matches the min keylength. This centralizes this logic and lets the application do interesting things. Adds a policy for ECDSA group size checks. Increases default policy minimums to 2048 RSA and 256 ECC. (Maybe I'm an optimist after all.)
* Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-121-15/+15
|\ | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-3/+3
| | | | | | | | warnings.
| * Change calls to 'get_byte' to explicitly cast parameters and eliminate ↵Dan Brown2016-04-271-12/+12
| | | | | | | | compiler warnings
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+15
|/ | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* Remove support for TLS v1.2 MD5 and SHA-224 signatures.Jack Lloyd2016-03-171-42/+3
| | | | | | | | | Remove support for weak ECC curves (anything under P-256) from TLS. This includes secp256k1 since we don't take advantage of the special form for any performance advantage; might as well use P-256. The manual still mentioned that it was possible to use MD5 in Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
* Remaining cppcheck fixes that are not covered by GH #444Daniel Neus2016-03-051-13/+5
|
* Make SRP6 support optional in TLSJack Lloyd2016-02-071-0/+6
| | | | | | | | Remove SRP_SHA from the default policy, since normal applications do not need it. Removes nullptr initializers of unique_ptrs in the Server_Key_Exchange constructor, that's the default unique_ptr already.
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-071-50/+0
|
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-3/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Mass-prefix member vars with m_René Korthaus2016-01-081-14/+14
|
* String comparision fixesDaniel Neus2016-01-041-2/+2
| | | | fix PVS-Studio perfomance warnings
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-031-2/+17
| | | | Interop tested with mbed TLS
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-1/+1
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Fix various bugs found by Coverity scanner.lloyd2015-05-151-0/+4
| | | | | | | Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit.
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-201-11/+28
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-26/+67
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Have TLS_Data_Reader decoding errors include the actual msg type namelloyd2014-04-121-1/+1
|
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-111-0/+8
| | | | offer. Previously the client only checked a couple of special cases.
* Move lib into srclloyd2014-01-101-0/+533