aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Catch exceptions by reference not valueJack Lloyd2018-03-161-1/+1
| | | | Fixes a new warning in GCC 8
* Avoid std::bind in Channel::received_dataJack Lloyd2018-03-051-2/+1
| | | | | | Lambda works just as well here. GH #493
* Add missing overrides [ci skip]Jack Lloyd2018-02-191-1/+1
|
* Fix server use of EC point format extensionJack Lloyd2018-02-131-1/+1
| | | | | In the resumption case it would use that extension for any ECC ciphersuite, but is only allowed to do so if the client sent the extension.
* Remove house curve supportJack Lloyd2018-02-132-9/+0
|
* Add a test of TLS handshake with custom curve (secp112r1 in this case)Jack Lloyd2018-02-131-4/+21
|
* Add callback for decoding TLS group paramsJack Lloyd2018-02-134-3/+20
|
* Remove cruftJack Lloyd2018-02-134-114/+16
|
* Use enums for TLS key exchange group paramsJack Lloyd2018-02-1312-224/+246
|
* Use shared representation of EC_GroupJack Lloyd2018-01-311-1/+1
| | | | Hide CurveGFp with an eye for eventual removal
* Move generic TLS tests to test_tls.cppJack Lloyd2018-01-282-5/+7
| | | | | | Leaves unit_tls.cpp for the handshake level tests. Add some basic tests of the string<->enum conversions in tls_algos.h
* Reorder signature scheme listJack Lloyd2018-01-281-12/+20
| | | | Now PSS shows up first and we negotiate it by default ;)
* Use enums to represent TLS signature and kex algorithms.Jack Lloyd2018-01-2822-716/+1144
| | | | Adds support for PSS signatures (currently verifying only).
* Avoid resuming a session if policy doesn't allow itJack Lloyd2018-01-282-3/+4
| | | | Previously if the policy changed we'd continue to resume. #1431
* For TLS client auth add callback giving list of trusted CA namesJack Lloyd2018-01-274-5/+40
| | | | Fixes #1261
* Fix a few warningsJack Lloyd2018-01-271-2/+2
|
* Make it possible to test custom extensionsJack Lloyd2018-01-273-13/+59
|
* Add an examine callback alsoJack Lloyd2018-01-277-11/+45
|
* Add ability for application to control which TLS extensions are usedJack Lloyd2018-01-279-1/+56
| | | | GH #1186
* Remove vestigial support for TLS compressionJack Lloyd2018-01-2111-118/+60
| | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* Avoid saving a resumed session multiple timesJack Lloyd2017-12-071-1/+3
|
* Handle #1303 on the server sideJack Lloyd2017-12-071-1/+13
|
* On resuming a client session, save the certificates that were used.Jack Lloyd2017-12-073-3/+17
| | | | GH #1303
* Fix formatting in TLS server code [ci skip]Jack Lloyd2017-12-071-193/+179
|
* Add copyright statements to files modified in the preceding 2 commitsHarry Reimann2017-12-0413-0/+13
|
* Move TLS signature and key exchange code into callbacksHarry Reimann2017-12-047-96/+237
| | | | | | | Give applications using an external crypto device for signature generation and/or verification and/or (ec)dh key exchange while establishing a TLS session hooks to implement the corresponding functionality.
* Make support for certificate status messages optional via policyHarry Reimann2017-12-046-10/+40
| | | | | | | | Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message.
* Merge GH #1316 Various TLS fixesJack Lloyd2017-11-284-9/+24
|\
| * Add an explicit catch for a server trying to negotiate SSLv3Jack Lloyd2017-11-281-1/+7
| | | | | | | | | | | | | | This was already caught with the policy check later but it's better to be explicit. (And in theory an application might implement their policy version check to be "return true", which would lead to us actually attempting to negotiate SSLv3).
| * Correct version selection logic in TLS serverJack Lloyd2017-11-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert.
| * Tighten up checks on signature key exchange messageJack Lloyd2017-11-281-1/+1
| | | | | | | | An empty extension is not allowed, but was previously accepted.
| * Return correct alert type on malformed DH/ECDH messages.Jack Lloyd2017-11-281-7/+11
| | | | | | | | | | | | | | | | In the client key exchange if the message was malformed (eg an completely empty ECDH share) a Decoding_Error would be thrown, then caught and a fake pre master secret generated. Move the parsing of the message out of the try/catch block, so the correct error is reported.
* | Run TLS hello random fields through SHA-256Jack Lloyd2017-11-281-1/+7
|/ | | | Avoids exposing RNG output on the wire. Cheap precaution.
* Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.Jack Lloyd2017-11-261-0/+3
| | | | | Otherwise this ended up as an assertion failure which translated to internal_error alert.
* Fix errors caught with tlsfuzzerJack Lloyd2017-11-263-10/+5
| | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
* Add <functional> include to TLS headers which use std::functionJack Lloyd2017-11-142-0/+2
|
* Remove final on TLS policy objects (GH #1292)Jack Lloyd2017-11-131-4/+4
|
* Add support for ARIA GCM ciphersuitesJack Lloyd2017-11-032-1/+19
| | | | Tested against OpenSSL master
* Avoid saving a session to SQL database with empty hostnameJack Lloyd2017-11-021-0/+3
| | | | This happens if the hostname is unknown or specified as an IP.
* Merge GH #1275 Avoid needless throw/catch during TLS handshakeJack Lloyd2017-10-261-1/+2
|\
| * Added missing include.Frank Schoenmann2017-10-251-0/+1
| |
| * Perform OIDS lookup before to prevent a guaranteed exception in EC_Group.Frank Schoenmann2017-10-251-1/+1
| |
* | Avoid sending OCSP status request on resumption client helloJack Lloyd2017-10-251-2/+0
|/ | | | | | | Causes the connection to break for some servers. Fixes GH #1276 Also avoid setting the same extension twice in the initial connection case. The extensions code dedups it so this wasn't a problem, but confusing.
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-1/+1
|
* Merge GH #1263 Support FFDHE negotiation in TLSJack Lloyd2017-10-229-28/+206
|\
| * Remove check for negotiated DH group in TLS clientRené Korthaus2017-10-201-29/+0
| | | | | | | | | | | | | | The server may not support the supported groups extension and choose an arbitrary group. RFC 7919 permits clients to continue if the group is acceptable under local policy, which we do now.
| * Fall back to default group if client does not send any DH groupsRené Korthaus2017-10-202-2/+19
| |
| * Add allowed values for allowed groupsRené Korthaus2017-10-181-3/+13
| |
| * Add supported groups TLS extension (RFC 7919)René Korthaus2017-10-1710-27/+207
| |
* | Remove redundant checkJack Lloyd2017-10-201-3/+0
| | | | | | | | | | | | CBC mode already has this same size check. [ci skip]