Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Catch exceptions by reference not value | Jack Lloyd | 2018-03-16 | 1 | -1/+1 |
| | | | | Fixes a new warning in GCC 8 | ||||
* | Avoid std::bind in Channel::received_data | Jack Lloyd | 2018-03-05 | 1 | -2/+1 |
| | | | | | | Lambda works just as well here. GH #493 | ||||
* | Add missing overrides [ci skip] | Jack Lloyd | 2018-02-19 | 1 | -1/+1 |
| | |||||
* | Fix server use of EC point format extension | Jack Lloyd | 2018-02-13 | 1 | -1/+1 |
| | | | | | In the resumption case it would use that extension for any ECC ciphersuite, but is only allowed to do so if the client sent the extension. | ||||
* | Remove house curve support | Jack Lloyd | 2018-02-13 | 2 | -9/+0 |
| | |||||
* | Add a test of TLS handshake with custom curve (secp112r1 in this case) | Jack Lloyd | 2018-02-13 | 1 | -4/+21 |
| | |||||
* | Add callback for decoding TLS group params | Jack Lloyd | 2018-02-13 | 4 | -3/+20 |
| | |||||
* | Remove cruft | Jack Lloyd | 2018-02-13 | 4 | -114/+16 |
| | |||||
* | Use enums for TLS key exchange group params | Jack Lloyd | 2018-02-13 | 12 | -224/+246 |
| | |||||
* | Use shared representation of EC_Group | Jack Lloyd | 2018-01-31 | 1 | -1/+1 |
| | | | | Hide CurveGFp with an eye for eventual removal | ||||
* | Move generic TLS tests to test_tls.cpp | Jack Lloyd | 2018-01-28 | 2 | -5/+7 |
| | | | | | | Leaves unit_tls.cpp for the handshake level tests. Add some basic tests of the string<->enum conversions in tls_algos.h | ||||
* | Reorder signature scheme list | Jack Lloyd | 2018-01-28 | 1 | -12/+20 |
| | | | | Now PSS shows up first and we negotiate it by default ;) | ||||
* | Use enums to represent TLS signature and kex algorithms. | Jack Lloyd | 2018-01-28 | 22 | -716/+1144 |
| | | | | Adds support for PSS signatures (currently verifying only). | ||||
* | Avoid resuming a session if policy doesn't allow it | Jack Lloyd | 2018-01-28 | 2 | -3/+4 |
| | | | | Previously if the policy changed we'd continue to resume. #1431 | ||||
* | For TLS client auth add callback giving list of trusted CA names | Jack Lloyd | 2018-01-27 | 4 | -5/+40 |
| | | | | Fixes #1261 | ||||
* | Fix a few warnings | Jack Lloyd | 2018-01-27 | 1 | -2/+2 |
| | |||||
* | Make it possible to test custom extensions | Jack Lloyd | 2018-01-27 | 3 | -13/+59 |
| | |||||
* | Add an examine callback also | Jack Lloyd | 2018-01-27 | 7 | -11/+45 |
| | |||||
* | Add ability for application to control which TLS extensions are used | Jack Lloyd | 2018-01-27 | 9 | -1/+56 |
| | | | | GH #1186 | ||||
* | Remove vestigial support for TLS compression | Jack Lloyd | 2018-01-21 | 11 | -118/+60 |
| | | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit. | ||||
* | Avoid saving a resumed session multiple times | Jack Lloyd | 2017-12-07 | 1 | -1/+3 |
| | |||||
* | Handle #1303 on the server side | Jack Lloyd | 2017-12-07 | 1 | -1/+13 |
| | |||||
* | On resuming a client session, save the certificates that were used. | Jack Lloyd | 2017-12-07 | 3 | -3/+17 |
| | | | | GH #1303 | ||||
* | Fix formatting in TLS server code [ci skip] | Jack Lloyd | 2017-12-07 | 1 | -193/+179 |
| | |||||
* | Add copyright statements to files modified in the preceding 2 commits | Harry Reimann | 2017-12-04 | 13 | -0/+13 |
| | |||||
* | Move TLS signature and key exchange code into callbacks | Harry Reimann | 2017-12-04 | 7 | -96/+237 |
| | | | | | | | Give applications using an external crypto device for signature generation and/or verification and/or (ec)dh key exchange while establishing a TLS session hooks to implement the corresponding functionality. | ||||
* | Make support for certificate status messages optional via policy | Harry Reimann | 2017-12-04 | 6 | -10/+40 |
| | | | | | | | | Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message. | ||||
* | Merge GH #1316 Various TLS fixes | Jack Lloyd | 2017-11-28 | 4 | -9/+24 |
|\ | |||||
| * | Add an explicit catch for a server trying to negotiate SSLv3 | Jack Lloyd | 2017-11-28 | 1 | -1/+7 |
| | | | | | | | | | | | | | | This was already caught with the policy check later but it's better to be explicit. (And in theory an application might implement their policy version check to be "return true", which would lead to us actually attempting to negotiate SSLv3). | ||||
| * | Correct version selection logic in TLS server | Jack Lloyd | 2017-11-28 | 1 | -0/+5 |
| | | | | | | | | | | | | | | | | | | | | | | Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert. | ||||
| * | Tighten up checks on signature key exchange message | Jack Lloyd | 2017-11-28 | 1 | -1/+1 |
| | | | | | | | | An empty extension is not allowed, but was previously accepted. | ||||
| * | Return correct alert type on malformed DH/ECDH messages. | Jack Lloyd | 2017-11-28 | 1 | -7/+11 |
| | | | | | | | | | | | | | | | | In the client key exchange if the message was malformed (eg an completely empty ECDH share) a Decoding_Error would be thrown, then caught and a fake pre master secret generated. Move the parsing of the message out of the try/catch block, so the correct error is reported. | ||||
* | | Run TLS hello random fields through SHA-256 | Jack Lloyd | 2017-11-28 | 1 | -1/+7 |
|/ | | | | Avoids exposing RNG output on the wire. Cheap precaution. | ||||
* | Throw a Decoding_Error if TLS AEAD packet is shorter than the tag. | Jack Lloyd | 2017-11-26 | 1 | -0/+3 |
| | | | | | Otherwise this ended up as an assertion failure which translated to internal_error alert. | ||||
* | Fix errors caught with tlsfuzzer | Jack Lloyd | 2017-11-26 | 3 | -10/+5 |
| | | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.) | ||||
* | Add <functional> include to TLS headers which use std::function | Jack Lloyd | 2017-11-14 | 2 | -0/+2 |
| | |||||
* | Remove final on TLS policy objects (GH #1292) | Jack Lloyd | 2017-11-13 | 1 | -4/+4 |
| | |||||
* | Add support for ARIA GCM ciphersuites | Jack Lloyd | 2017-11-03 | 2 | -1/+19 |
| | | | | Tested against OpenSSL master | ||||
* | Avoid saving a session to SQL database with empty hostname | Jack Lloyd | 2017-11-02 | 1 | -0/+3 |
| | | | | This happens if the hostname is unknown or specified as an IP. | ||||
* | Merge GH #1275 Avoid needless throw/catch during TLS handshake | Jack Lloyd | 2017-10-26 | 1 | -1/+2 |
|\ | |||||
| * | Added missing include. | Frank Schoenmann | 2017-10-25 | 1 | -0/+1 |
| | | |||||
| * | Perform OIDS lookup before to prevent a guaranteed exception in EC_Group. | Frank Schoenmann | 2017-10-25 | 1 | -1/+1 |
| | | |||||
* | | Avoid sending OCSP status request on resumption client hello | Jack Lloyd | 2017-10-25 | 1 | -2/+0 |
|/ | | | | | | | Causes the connection to break for some servers. Fixes GH #1276 Also avoid setting the same extension twice in the initial connection case. The extensions code dedups it so this wasn't a problem, but confusing. | ||||
* | Convert http:// links to https:// where possible | Jack Lloyd | 2017-10-24 | 1 | -1/+1 |
| | |||||
* | Merge GH #1263 Support FFDHE negotiation in TLS | Jack Lloyd | 2017-10-22 | 9 | -28/+206 |
|\ | |||||
| * | Remove check for negotiated DH group in TLS client | René Korthaus | 2017-10-20 | 1 | -29/+0 |
| | | | | | | | | | | | | | | The server may not support the supported groups extension and choose an arbitrary group. RFC 7919 permits clients to continue if the group is acceptable under local policy, which we do now. | ||||
| * | Fall back to default group if client does not send any DH groups | René Korthaus | 2017-10-20 | 2 | -2/+19 |
| | | |||||
| * | Add allowed values for allowed groups | René Korthaus | 2017-10-18 | 1 | -3/+13 |
| | | |||||
| * | Add supported groups TLS extension (RFC 7919) | René Korthaus | 2017-10-17 | 10 | -27/+207 |
| | | |||||
* | | Remove redundant check | Jack Lloyd | 2017-10-20 | 1 | -3/+0 |
| | | | | | | | | | | | | CBC mode already has this same size check. [ci skip] |