Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Accept PKCS1v15 as an alias for EMSA3 | Jack Lloyd | 2018-08-02 | 1 | -2/+2 |
| | | | | Not sure why it didn't have this already | ||||
* | Correct Doxygen errors | Jack Lloyd | 2018-07-02 | 1 | -2/+2 |
| | |||||
* | TLS would try to negotiate x25519 even if disabled | Jack Lloyd | 2018-06-15 | 1 | -2/+6 |
| | | | | | | | | Also reorder ECC groups to actually match performance characteristics. I'm not sure when P-384 was slower than P-521 but it certainly isn't anymore. Fixes #1607 | ||||
* | Add 192-bit Suite B policy | Jack Lloyd | 2018-06-14 | 1 | -0/+36 |
| | | | | Since 128-bit policy is actually not even allowed since 2015. | ||||
* | Add message to BOTAN_ARG_CHECK and use it more widely | Jack Lloyd | 2018-05-13 | 1 | -0/+1 |
| | |||||
* | Slight refactoring to avoid GCC signed overflow warnings. [ci skip] | Jack Lloyd | 2018-05-08 | 1 | -4/+4 |
| | | | | Couldn't occur since length is 24 bits but GCC couldn't figure that out. | ||||
* | Fix some warnings new in GCC 8.1 | Jack Lloyd | 2018-05-07 | 6 | -43/+49 |
| | | | | | It thinks the typedefs are "locals" that are being conflicted with, which seems wrong to me but whatever. | ||||
* | Use bad_record_mac instead of decode_error for short TLS packets | Jack Lloyd | 2018-04-16 | 1 | -1/+8 |
| | | | | | Decode error seems more appropriate but it confuses some automated tools including older versions of TLS-Attacker. | ||||
* | Fix bug that broke session decryption (and thus resumption) | Jack Lloyd | 2018-04-09 | 1 | -1/+1 |
| | | | | Introduced in 3657639ab. Add a test that would have caught this | ||||
* | Fix off by one when decoding TLS-CBC ciphertexts | Jack Lloyd | 2018-04-09 | 3 | -27/+30 |
| | |||||
* | Fix interop bug in TLS server | Jack Lloyd | 2018-04-08 | 3 | -0/+33 |
| | | | | | The connection would fail if the client advertised any signature algorithm we did not support (eg RSA/SHA-224) | ||||
* | Add RAII versions of get_cipher_mode and get_aead | Jack Lloyd | 2018-04-07 | 2 | -4/+3 |
| | | | | See also #1526 | ||||
* | Export TLS::Extension | Jack Lloyd | 2018-03-31 | 1 | -1/+1 |
| | | | | Needed to avoid UbSan issue | ||||
* | Catch exceptions by reference not value | Jack Lloyd | 2018-03-16 | 1 | -1/+1 |
| | | | | Fixes a new warning in GCC 8 | ||||
* | Avoid std::bind in Channel::received_data | Jack Lloyd | 2018-03-05 | 1 | -2/+1 |
| | | | | | | Lambda works just as well here. GH #493 | ||||
* | Add missing overrides [ci skip] | Jack Lloyd | 2018-02-19 | 1 | -1/+1 |
| | |||||
* | Fix server use of EC point format extension | Jack Lloyd | 2018-02-13 | 1 | -1/+1 |
| | | | | | In the resumption case it would use that extension for any ECC ciphersuite, but is only allowed to do so if the client sent the extension. | ||||
* | Remove house curve support | Jack Lloyd | 2018-02-13 | 2 | -9/+0 |
| | |||||
* | Add a test of TLS handshake with custom curve (secp112r1 in this case) | Jack Lloyd | 2018-02-13 | 1 | -4/+21 |
| | |||||
* | Add callback for decoding TLS group params | Jack Lloyd | 2018-02-13 | 4 | -3/+20 |
| | |||||
* | Remove cruft | Jack Lloyd | 2018-02-13 | 4 | -114/+16 |
| | |||||
* | Use enums for TLS key exchange group params | Jack Lloyd | 2018-02-13 | 12 | -224/+246 |
| | |||||
* | Use shared representation of EC_Group | Jack Lloyd | 2018-01-31 | 1 | -1/+1 |
| | | | | Hide CurveGFp with an eye for eventual removal | ||||
* | Move generic TLS tests to test_tls.cpp | Jack Lloyd | 2018-01-28 | 2 | -5/+7 |
| | | | | | | Leaves unit_tls.cpp for the handshake level tests. Add some basic tests of the string<->enum conversions in tls_algos.h | ||||
* | Reorder signature scheme list | Jack Lloyd | 2018-01-28 | 1 | -12/+20 |
| | | | | Now PSS shows up first and we negotiate it by default ;) | ||||
* | Use enums to represent TLS signature and kex algorithms. | Jack Lloyd | 2018-01-28 | 22 | -716/+1144 |
| | | | | Adds support for PSS signatures (currently verifying only). | ||||
* | Avoid resuming a session if policy doesn't allow it | Jack Lloyd | 2018-01-28 | 2 | -3/+4 |
| | | | | Previously if the policy changed we'd continue to resume. #1431 | ||||
* | For TLS client auth add callback giving list of trusted CA names | Jack Lloyd | 2018-01-27 | 4 | -5/+40 |
| | | | | Fixes #1261 | ||||
* | Fix a few warnings | Jack Lloyd | 2018-01-27 | 1 | -2/+2 |
| | |||||
* | Make it possible to test custom extensions | Jack Lloyd | 2018-01-27 | 3 | -13/+59 |
| | |||||
* | Add an examine callback also | Jack Lloyd | 2018-01-27 | 7 | -11/+45 |
| | |||||
* | Add ability for application to control which TLS extensions are used | Jack Lloyd | 2018-01-27 | 9 | -1/+56 |
| | | | | GH #1186 | ||||
* | Remove vestigial support for TLS compression | Jack Lloyd | 2018-01-21 | 11 | -118/+60 |
| | | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit. | ||||
* | Avoid saving a resumed session multiple times | Jack Lloyd | 2017-12-07 | 1 | -1/+3 |
| | |||||
* | Handle #1303 on the server side | Jack Lloyd | 2017-12-07 | 1 | -1/+13 |
| | |||||
* | On resuming a client session, save the certificates that were used. | Jack Lloyd | 2017-12-07 | 3 | -3/+17 |
| | | | | GH #1303 | ||||
* | Fix formatting in TLS server code [ci skip] | Jack Lloyd | 2017-12-07 | 1 | -193/+179 |
| | |||||
* | Add copyright statements to files modified in the preceding 2 commits | Harry Reimann | 2017-12-04 | 13 | -0/+13 |
| | |||||
* | Move TLS signature and key exchange code into callbacks | Harry Reimann | 2017-12-04 | 7 | -96/+237 |
| | | | | | | | Give applications using an external crypto device for signature generation and/or verification and/or (ec)dh key exchange while establishing a TLS session hooks to implement the corresponding functionality. | ||||
* | Make support for certificate status messages optional via policy | Harry Reimann | 2017-12-04 | 6 | -10/+40 |
| | | | | | | | | Don't postpone the verification of a server certificate if certificate status messages are not expected in client handshake. When using an external crypto device it may be necessary to verify the certificate before using the public key for verification of the signature in the server key exchange message. | ||||
* | Merge GH #1316 Various TLS fixes | Jack Lloyd | 2017-11-28 | 4 | -9/+24 |
|\ | |||||
| * | Add an explicit catch for a server trying to negotiate SSLv3 | Jack Lloyd | 2017-11-28 | 1 | -1/+7 |
| | | | | | | | | | | | | | | This was already caught with the policy check later but it's better to be explicit. (And in theory an application might implement their policy version check to be "return true", which would lead to us actually attempting to negotiate SSLv3). | ||||
| * | Correct version selection logic in TLS server | Jack Lloyd | 2017-11-28 | 1 | -0/+5 |
| | | | | | | | | | | | | | | | | | | | | | | Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert. | ||||
| * | Tighten up checks on signature key exchange message | Jack Lloyd | 2017-11-28 | 1 | -1/+1 |
| | | | | | | | | An empty extension is not allowed, but was previously accepted. | ||||
| * | Return correct alert type on malformed DH/ECDH messages. | Jack Lloyd | 2017-11-28 | 1 | -7/+11 |
| | | | | | | | | | | | | | | | | In the client key exchange if the message was malformed (eg an completely empty ECDH share) a Decoding_Error would be thrown, then caught and a fake pre master secret generated. Move the parsing of the message out of the try/catch block, so the correct error is reported. | ||||
* | | Run TLS hello random fields through SHA-256 | Jack Lloyd | 2017-11-28 | 1 | -1/+7 |
|/ | | | | Avoids exposing RNG output on the wire. Cheap precaution. | ||||
* | Throw a Decoding_Error if TLS AEAD packet is shorter than the tag. | Jack Lloyd | 2017-11-26 | 1 | -0/+3 |
| | | | | | Otherwise this ended up as an assertion failure which translated to internal_error alert. | ||||
* | Fix errors caught with tlsfuzzer | Jack Lloyd | 2017-11-26 | 3 | -10/+5 |
| | | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.) | ||||
* | Add <functional> include to TLS headers which use std::function | Jack Lloyd | 2017-11-14 | 2 | -0/+2 |
| | |||||
* | Remove final on TLS policy objects (GH #1292) | Jack Lloyd | 2017-11-13 | 1 | -4/+4 |
| |