aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Precompile the list of TLS ciphersuitesJack Lloyd2016-01-063-294/+458
| | | | | | | | | | This avoids a scan over the entire 0 - 0xFFFF space which is mostly empty, by instead keeping a second list in tls_suite_info which is exactly the keys for which the switch statement has values. This scan is only ever done once (when first needed) but removing it is sufficient to increase AFL's throuhput by 4x since it goes through a full startup on each test.
* String comparision fixesDaniel Neus2016-01-048-14/+14
| | | | fix PVS-Studio perfomance warnings
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-0310-12/+118
| | | | Interop tested with mbed TLS
* Merge pull request #378 from neusdan/warning_fixesJack Lloyd2015-12-261-1/+1
|\ | | | | Some trivial compiler and PVS-Studio warning fixes
| * some trivial compiler/PVS-Studio warning fixesDaniel Neus2015-12-221-1/+1
| |
* | Fix a few clang warnings. Set clang sanitizer flagsJack Lloyd2015-12-241-1/+1
|/
* Remove debug printfJack Lloyd2015-12-211-1/+0
|
* Remove all remaining uses of throwing a std:: exception directlyJack Lloyd2015-12-191-1/+1
| | | | See GH #340 and 6b9a3a5 for background
* CLI rewriteJack Lloyd2015-12-191-2/+0
| | | | | | | | | | | | | | | | | | The command line tools' origin as a collection of examples and test programs glued together led to some unfortunate problems; lots of hardcoded values, missing parameters, and obsolete crypto. Adds a small library for writing command line programs of the sort needed here (cli.h), which cuts the length of many of the commands in half and makes commands more pleasant to write and extend. Generalizes a lot of the commands also, eg previously only signing/verification with DSA/SHA-1 was included! Removes the fuzzer entry point since that's fairly useless outside of an instrumented build. Removes the in-library API for benchmarking.
* Missing addsJack Lloyd2015-12-113-3/+0
|
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-1110-19/+19
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* Fix bug causing TLS client to sometimes reject DHE server kexJack Lloyd2015-11-132-35/+16
| | | | | | Re-encoding the server key exchange meant that any leading zeros in the values for DHE (or SRP) would be stripped out. This would cause the signature check to fail.
* Add remove_all to TLS session manager interfaceJack Lloyd2015-11-135-44/+57
| | | | DB::spin now returns the number of rows affected
* Drop the DH group check to a weaker version of the checksJack Lloyd2015-11-131-2/+3
| | | | since the primality tests are expensive in CPU time.
* Add TLS_PSK testsJack Lloyd2015-11-133-14/+5
| | | | | | | | | | | Fix a bug which rejected any short server key exchanges. These can occur with a plain PSK with short or empty identity hints. Disable SHA-224 by default. Remove some vestigal RC4 cruft. Push more on the TLS corruption tests.
* Add check for path validation result in Credentials_Manager. GH #324Jack Lloyd2015-11-041-5/+8
|
* Merge pull request #314 from randombit/ct-tls-cbc-paddingJack Lloyd2015-10-2617-190/+382
|\ | | | | TLS improvements
| * Asan fix - referencing &vec[vec.size()] instead of vec.end()Jack Lloyd2015-10-261-22/+3
| | | | | | | | Convert to a const time algo
| * TLS improvementsJack Lloyd2015-10-2516-168/+379
| | | | | | | | | | | | | | | | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* | Fix cert validation bugs found by x509test.Jack Lloyd2015-10-231-7/+14
|/ | | | Add test suite with certs from x509test
* Remove use of lookup.h in favor of new T::create API.Jack Lloyd2015-09-215-25/+14
|
* Internal header cleanupsJack Lloyd2015-09-192-2/+1
| | | | Only user-visible change is the removal of get_byte.h
* Move Credentials_Manager to TLSJack Lloyd2015-08-293-1/+325
|
* Avoid a crash in the TLS server if the client sends ALPN but no nextJack Lloyd2015-08-281-1/+1
| | | | protocol handler was specified to the Server constructor. GH #252
* Remove unused pkcs8 includesSimon Warta2015-08-031-1/+0
| | | | Only botan-cli, botan-tests and the FFI module depend on PKCS8
* tls: Add missing overridesDaniel Seither2015-07-301-30/+30
|
* Silence some extra ';' warningsSimon Warta2015-07-221-1/+1
|
* Fix invalid iterator use in TLS clientJack Lloyd2015-07-051-1/+1
|
* More changes for use with debug STLSimon Warta2015-06-303-6/+12
|
* lib/tls: Convert &vec[0] to vec.data()Simon Warta2015-06-2312-44/+44
|
* Fix various bugs found by Coverity scanner.lloyd2015-05-153-0/+7
| | | | | | | Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit.
* Remove RC4 (and all support for stream ciphers) from TLSlloyd2015-05-153-50/+5
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-2018-316/+138
|
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-043-18/+14
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-161-3/+3
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-047-20/+45
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-034-6/+4
| | | | Remove global PRNG.
* Add missing files. Remove cipher lookup from engine code.lloyd2015-02-012-17/+10
|
* Add a runtime map of string->func() which when called returnlloyd2015-01-283-42/+58
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-2713-92/+116
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-232-13/+43
|
* Add support for configuring a TLS::Policy by text filelloyd2015-01-232-6/+163
|
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-213-3/+47
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-1118-286/+38
|
* Support any key length for TLS session encryption by hashing with HMAClloyd2015-01-101-4/+16
|
* Ensure all files have copyright and license info.lloyd2015-01-1057-57/+57
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-082-12/+26
|
* Support setting the number of pad bytes in a heartbeat message. Uselloyd2015-01-075-70/+86
| | | | | random instead of all-zero padding. Check on sanity of received pads to the extent possible. Bugzilla 269.
* Remove config used for testing DTLS-SRTPlloyd2015-01-041-3/+2
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-0411-134/+293
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 19:25:35 +0000