| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
CBC mode already has this same size check.
[ci skip]
|
|
|
|
|
| |
This reduces code and also lets TLS make use of parallel decryption
which it was not doing before.
|
| |
|
|
|
|
| |
[ci skip]
|
|
|
|
|
|
| |
That way we avoid the warning internally even in amalgamation mode.
GH #1243
|
|
|
|
|
| |
Things like -Wconversion and -Wuseless-cast that are noisy and
not on by default.
|
|
|
|
| |
Sonar
|
|
|
|
|
|
|
| |
Generally speaking reinterpret_cast is sketchy stuff. But the
special case of char*/uint8_t* is both common and safe. By
isolating those, the remaining (likely sketchy) cases are easier
to grep for.
|
|
|
|
| |
Sonar
|
|
|
|
| |
Sonar finds
|
|
|
|
| |
It is intended for derivation! Just not tested...
|
| |
|
|
|
|
| |
Flagged by Sonar and quite reasonable
|
|
|
|
|
| |
No reason to scan the entire record since it's assured at most
256 bytes of padding are used. Inspired by GH #1227
|
|
|
|
| |
See also GH #1227
|
|
|
|
| |
BOTAN_UNUSED "uses" the RNG :/
|
| |
|
| |
|
|
|
|
| |
We don't care because the whole file is itself deprecated.
|
|
|
|
|
| |
Done by a perl script which converted all classes to final, followed
by selective reversion where it caused compilation failures.
|
|
|
|
|
| |
Getting a little large to be all defined in a header, and sticking
it in a source file allows removing several includes from tls_policy.h
|
| |
|
|
|
|
| |
Some help from include-what-you-use
|
|
|
|
|
|
| |
ISO C++ reserves names with double underscores in them
Closes #512
|
| |
|
|
|
|
|
| |
Defined in build.h, all equal to BOTAN_DLL so ties into existing
system for exporting symbols.
|
|\ |
|
| |
| |
| |
| |
| |
| | |
Turning the policy off broke the server entirely.
Expose the new flag to Text_Policy
|
| |
| |
| |
| | |
Parallel of the server policy flag.
|
| |
| |
| |
| | |
New name, same great operation
|
| |
| |
| |
| |
| | |
This would do the wrong thing if TLS v1.2 was disabled but v1.0/v1.1
allowed.
|
| |
| |
| |
| |
| | |
This class is exposed but the extension types aren't, so calls to
these functions from outside the library would not link.
|
| |
| |
| |
| | |
Since we don't end up signing anything in any case.
|
| |
| |
| |
| |
| |
| |
| |
| | |
Previously if the client did not send signature_algorithms, or if
it only included algos not in the policy, we would just fallback to
the hardcoded SHA-1 default of TLS v1.2
Instead check the policy before accepting anything.
|
| | |
|
| |
| |
| |
| | |
Based on VC2017 output
|
| |
| |
| |
| |
| |
| | |
We poisoned the record before decrypting it, which caused failures
with Camellia ciphersuites (or AES, on platforms that use T-tables).
Instead poison it right after decrypting.
|
| |
| |
| |
| | |
From draft-ietf-tls-ecdhe-psk-aead-05, now with official codepoints.
|
| |
| |
| |
| |
| | |
This var is only used when encoding so was never read from, but
leaving it uninitialized is bad news. Flagged by Coverity.
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
When renegotiating the client checks that the server hasn't
changed its mind about supporting the renegotiation extension
(this is a likely indicator of an attack).
However due to a typo the client was actually comparing the
value in the client hello of the first handshake against the
server hello in the renegotiation handshake. Since Botan always
sends the renegotiation extension, this would cause the check to
fail when renegotiating with an old server that doesn't support
the renegotiation extension.
Reported on mailing list by Falko Strenzke. Tested patch against
OpenSSL 0.9.8k
|
| |
| |
| |
| |
| |
| | |
This way, the library user can improve the class by adding missing functions
or some other tweak they may find useful. Without any access to m_kv this is
impossible.
|
| | |
|
| |
| |
| |
| |
| | |
just to verify the implementation works fine across platforms and
compilers
|
| |
| |
| |
| |
| |
| |
| |
| |
| | |
* fixes for deprecated constructions in c++11 and later (explicit rule of 3/5 or implicit rule of 0 and other violations)
* `default` specifier instead of `{}` in some places(probably all)
* removal of unreachable code (for example `return` after `throw`)
* removal of compilation unit only visible, but not used functions
* fix for `throw()` specifier - used instead `BOTAN_NOEXCEPT`
* removed not needed semicolons
|
|/ |
|
|
|
|
| |
Sun CC for whatever reason becomes very confused by this.
|
|\ |
|
| | |
|
|/
|
|
|
|
|
| |
Currently untested by TLS crosstalk tests because it is not
supported on the server side.
Exposes the rest of TLS message types to application.
|
|
|
|
|
| |
Moves BSI policy file to test data dir where it can be compared with
what the hardcoded class outputs.
|