| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Verification is deterministic and public, so really no RNG is ever needed.
Change provider handling - accepts "base", "openssl", or empty, otherwise
throws a Provider_Not_Found exception.
|
| |
|
|
|
|
|
|
| |
Instead the key types exposes operations like `create_encryption_op`
which will return the relevant operation if the algorithm supports it.
Changes pubkey.h interface, now RNG is passed at init time.
Blinder previous created its own RNG, now it takes it from app.
|
| |
|
|
|
| |
Now record layer only deals with an AEAD, and the weird complications
of CBC modes mostly hidden in tls_cbc.cpp
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
TLS message parsing:
- CertificateVerify
- HelloVerify
- ClientHello (with extensions)
- ServerHello (with extensions)
- NewSessionTicket
- Alert
TLS message processing:
- HelloVerify
TLS Policy tests
Unit tests with TLS client authentication
Added test_throws method that checks the correct exception message.
|
| | |
|
| | |
|
| |\ |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| |
| | |
The EtM and MtE codepaths had a lot of duplicated code.
Tests ok, also did manual testing against a few online machines
including the EtM test server at eid.vx4.net
|
| |\ \ |
|
| | |/
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The Cipher_Mode::update API is more general than needed to just
support ciphers (this is due to it previously being an API of
Transform which before 8b85b780515 was Cipher_Mode's base class)
Define a less general interface `process` which either processes the
blocks in-place, producing exactly as much output as there was input,
or (SIV/CCM case) saves the entire message for processing in `finish`.
These two uses cover all current or anticipated cipher modes.
Leaves `update` for compatability with existing callers; all that is
needed is an inline function forwarding to `process`.
Removes the return type from `start` - in all cipher implementations,
this always returned an empty vector.
Adds BOTAN_ARG_CHECK macro; right now BOTAN_ASSERT is being used
for argument checking in some places, which is not right at all.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
decoding.
If the client sent a signature_algorithms extension, we should negotiate a ciphersuite in
the shared union of the ciphersuite list and the extension, instead of ignoring it.
Found by Juraj Somorovsky GH #619
The TLS v1.2 spec says that clients should only send the signature_algorithms
extension in a hello for that version. Enforce that when decoding client hellos
to prevent this extension from confusing a v1.0 negotiation.
TLS v1.2 spec says ANON signature type is prohibited in the signature_algorithms extension
in the client hello. Prohibit it.
Reorder the TLS extensions in the client hello so there is no chance an empty extension is
the last extension in the list. Some implementations apparently reject such hellos, even
(perhaps especially) when they do not recognize the extension, this bug was mentioned on
the ietf-tls mailing list a while back.
|
| |\ |
|
| | |\
| | |
| | |
| | | |
which recently landed on master.
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit
for the changes in 7c7fcecbe6a and 6d327f879c
Add Policy::check_peer_key_acceptable which lets the app set an arbitrary
callback for examining keys - both the end entity signature keys from
certificates and the peer PFS public keys. Default impl checks that the
algorithm size matches the min keylength. This centralizes this logic
and lets the application do interesting things.
Adds a policy for ECDSA group size checks.
Increases default policy minimums to 2048 RSA and 256 ECC.
(Maybe I'm an optimist after all.)
|
| | |\ \
| | | |
| | | |
| | | | |
Merged recent changes and resolved minor conflicts in tls record classes.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
|
| | |_|/
|/| | |
|
| | | |
| | |
| | |
| | |
| | |
| | | |
Just to avoid the unused parameter warning (we want the parameter
to be named in the header for documentation purposes, but in that
case GCC warns that the param is unused).
|
| | | | |
|
| |\ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works
Split out the compat (std::function) based interface to Compat_Callbacks.
This avoids the overhead of empty std::functions when using the virtual
interface, and ensures the virtual interface works since there is no
callback path that does not involve a vtable lookup.
Rename the TLS::Callback functions. Since the idea is that often an owning
class will pass *this as the callbacks argument, it is good to namespace
the virtual functions so as not to conflict with other names chosen by
the class. Specifically, prefixes all cb functions with tls_
Revert changes to use the old style alert callback (with no longer used data/len
params) so no API changes are required for old code. The new Callbacks interface
continues to just receive the alert code itself.
Switch to virtual function interface in CLI tls_client for testing.
Inline tls_server_handshake_state.h - only used in tls_server.cpp
Fix tests - test looked like it was creating a new client object but it
was not actually being used. And when enabled, it failed because the queues
were not being emptied in between. So, fix that.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- Undid changes replacing Hanshake_IO, Handshake_Hash with
Handshake_Info.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- Removed proposed wrapper class to logically group TLS session
properties.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- Removed Certificate_Properties class used to wrap X509_CA parameters.
- Whitespace cleanup.
|
| | | | |
| | | |
| | | |
| | | |
| | | | |
- Added legacy constructor support for TLS::Channel, TLS::Client,
TLS::Server.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- extracted inner class TLS::Channel::Callbacks to stand-alone class
TLS::Callbacks.
- provided default implementations for TLS::Callbacks members executing
calls to std::function members for backward compatibility.
- applied changes to cli, tests and TLS::Channel related classes to be
compatible with new interface.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- Removed deprecated TLS-Alert-Callback parameters.
- Fixed improper naming of accessor for ALPN-Strings in tls_client.h
- Fixed erroneous indentation on Ciphersuite Constructor.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
- fixed broken tls_magic.h include
- added forward declarations for Handshake_IO and Handshake_Hash in
tls_handshake_msg.h
- comment after #endif in tls_server_handshake.h caused surplus #endif
in botan_all_internal.h
- removed unnecessary semicolons causing -Wpedantic warnings.
|
| | | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
-reduced number of parameters in various methods
-reduced cyclomatic complexity (McCabe-Metric)
-removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover
from heartbeat extension removal?)
|
| |\ \ \ \ |
|
| | | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Stores ciphersuites in a sorted std::vector, then lookups are done
by binary search instead of a switch lookup.
The loop that explicitly gathered all the ciphersuites out of the switch
statement can then be removed, as can Ciphersuite::all_known_ciphersuite_ids
which only existed to make the scan loop faster by avoiding having to
call by_id on the entire 0x0000-0xFFFF range.
Precomputes the result of Ciphersuite::valid at construction time.
|
| | | | | | |
|
| |/ / / / |
|
| | | | | |
|
| |/ / / |
|
| |\ \ \ |
|
| | | | | |
|
| | | |/
| |/| |
|
| |/ /
| |
| |
| |
| |
| | |
instead of trying (badly) to reconstruct it in to_string
Save all strings in Ciphersuite as const char*
|
| | |
| |
| |
| | |
warnings.
|
| |/
|
|
| |
compiler warnings
|
| |
|
|
|
|
| |
Only affects decoding of session ticket lifetimes.
GH #478
|
| |
|
|
|
|
|
|
| |
OpenSSL sends an empty record before each new data record in TLS v1.0
to randomize the IV, as a countermeasure to the BEAST attack. Most
implementations use 1/(n-1) splitting for this instead.
Bug introduced with the const time changes in 1.11.23
|
