aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib
Commit message (Collapse)AuthorAgeFilesLines
* CRL_Data is a struct not a classJack Lloyd2017-11-291-1/+2
|
* Merge GH #1316 Various TLS fixesJack Lloyd2017-11-287-25/+47
|\
| * Add an explicit catch for a server trying to negotiate SSLv3Jack Lloyd2017-11-281-1/+7
| | | | | | | | | | | | | | This was already caught with the policy check later but it's better to be explicit. (And in theory an application might implement their policy version check to be "return true", which would lead to us actually attempting to negotiate SSLv3).
| * Correct version selection logic in TLS serverJack Lloyd2017-11-281-0/+5
| | | | | | | | | | | | | | | | | | | | | | Due to an oversight in the logic, previously a client attempt to negotiate SSLv3 would result in the server trying to negotiate TLS v1.2. Now instead they get a protocol_error alert. Similarly, detect the the (invalid) case of a major number <= 2, which does not coorespond to any real TLS version. The server would again reply as a TLS v1.2 server in that case, and now just closes the connection with an alert.
| * Tighten up checks on signature key exchange messageJack Lloyd2017-11-281-1/+1
| | | | | | | | An empty extension is not allowed, but was previously accepted.
| * Return correct alert type on malformed DH/ECDH messages.Jack Lloyd2017-11-281-7/+11
| | | | | | | | | | | | | | | | In the client key exchange if the message was malformed (eg an completely empty ECDH share) a Decoding_Error would be thrown, then caught and a fake pre master secret generated. Move the parsing of the message out of the try/catch block, so the correct error is reported.
| * Increase HMAC key size limit to 4096 bytes.Jack Lloyd2017-11-282-5/+7
| | | | | | | | | | The previous limit of 512 bytes meant that TLS was unable to negotiate using FFDHE-6144 or FFDHE-8192 groups.
| * Correct definition of FFDHE 4096 groupJack Lloyd2017-11-281-11/+16
| | | | | | | | Was a copy+paste of FFDHE 3072
* | Run TLS hello random fields through SHA-256Jack Lloyd2017-11-281-1/+7
|/ | | | Avoids exposing RNG output on the wire. Cheap precaution.
* Fix DoxygenJack Lloyd2017-11-261-1/+1
|
* Merge GH #1302 Add PSK database interfaceJack Lloyd2017-11-268-1/+378
|\
| * PSK DatabaseJack Lloyd2017-11-268-1/+378
| |
* | Throw a Decoding_Error if TLS AEAD packet is shorter than the tag.Jack Lloyd2017-11-261-0/+3
| | | | | | | | | | Otherwise this ended up as an assertion failure which translated to internal_error alert.
* | Fix errors caught with tlsfuzzerJack Lloyd2017-11-263-10/+5
| | | | | | | | | | | | | | | | | | | | | | Don't send EC point format extension in server hello unless an EC suite was negotiated *and* the client sent the extension. Fix server FFDHE logic, this effectively disabled DHE ciphersuites for clients without FFDHE extension. Use unexpected_message alert in case of an unexpected message. (Previously an internal_error alert was sent.)
* | Merge #1313 Fix Doxygen comment on HashFunction::create_or_throwJack Lloyd2017-11-251-1/+1
|\ \
| * | Minor documentation fix in HashFunction::create_or_throw.Marcus Brinkmann2017-11-261-1/+1
| | |
* | | Merge #1312 Fix documentation of compression/decompression update function.Jack Lloyd2017-11-251-2/+2
|\ \ \
| * | | Fix documentation of compression/decompression update function.Marcus Brinkmann2017-11-261-2/+2
| |/ /
* | | Merge #1311 Add create and create_or_throw factories for ↵Jack Lloyd2017-11-252-0/+69
|\ \ \ | |_|/ |/| | | | | Compression_Algorithm and Decompression_Algorithm.
| * | Documentation fix in compression create/create_or_throw functions.Marcus Brinkmann2017-11-261-6/+4
| | |
| * | Add create and create_or_throw factories for Compression_Algorithm and ↵Marcus Brinkmann2017-11-252-0/+71
| |/ | | | | | | Decompression_Algorithm.
* / Fix bzip2 compression issue.Jack Lloyd2017-11-251-2/+8
|/ | | | | | When finishing, bzip2 returns BZ_STREAM_END when it has produced all output. If we end up calling the compression routine again (even with avail_in == 0), bzip2 returns an error.
* Add Pipe::append_filterJack Lloyd2017-11-242-13/+23
| | | | | Similar to append but it only allows modfication before start_msg. See GH #1306
* Avoid uncontrolled recusion on indefinite length encodingsJack Lloyd2017-11-201-17/+26
| | | | | A sufficiently nested indefinite length construction would cause stack exhaustion and a crash. Found by OSS-Fuzz - issue 4353
* Add AES key wrap with paddingJack Lloyd2017-11-196-74/+290
|
* Constify variables in AES-NI codeJack Lloyd2017-11-181-104/+104
|
* Add a function for checking if poly_double_n supports a particular sizeJack Lloyd2017-11-183-6/+10
|
* Allow parsing and printing certificates with unknown public key algosJack Lloyd2017-11-182-6/+31
|
* Add feature macro for Sqlite3 being enabled in buildJack Lloyd2017-11-181-0/+3
|
* Fix encoding of subject key identifierJack Lloyd2017-11-165-23/+27
| | | | | | Changed in #884 - we were copying the entire public key as the public key id. Instead hash it with whatever hash we are using to sign the certificate.
* Optimize TwofishJack Lloyd2017-11-161-76/+156
| | | | | Interleaving two blocks is 40-50% faster for any mode that supports parallel operation.
* Fix secure_allocator with std::string on VS2013Daniel Neus2017-11-161-5/+21
| | | | Closes #1295
* Fix a memory leak in the case where certificate extension decoding fails.Jack Lloyd2017-11-162-30/+33
| | | | | | Introduced in #884 Found by OSS-Fuzz (bug 4249)
* Correct CAST-128 decryption with more than 1 blockJack Lloyd2017-11-161-32/+32
|
* Optimizations for CAST-128Jack Lloyd2017-11-161-45/+135
| | | | | Similarly to Blowfish, 2x unrolling produces a 50-60% perf boost due to increased ILP.
* Optimize BlowfishJack Lloyd2017-11-161-41/+82
| | | | | | | Doing two blocks at a time exposes more ILP and substantially improves performance. Idea from http://jultika.oulu.fi/files/nbnfioulu-201305311409.pdf
* Update ASN.1 fuzzerJack Lloyd2017-11-151-3/+3
|
* Correct handling of nested context specificJack Lloyd2017-11-151-4/+3
|
* Move ASN1 printer to the libraryJack Lloyd2017-11-154-0/+415
|
* Increase the size of an ASN.1 tag enum to 32-bitsJack Lloyd2017-11-151-1/+1
| | | | Fixes GH #751
* Remove debug abort [ci skip]Jack Lloyd2017-11-141-1/+0
|
* Consolidate function for testing for ASN.1 string typesJack Lloyd2017-11-143-27/+24
|
* Check for keyCertSign on non-CA certificates during validationJack Lloyd2017-11-141-0/+14
| | | | GH #1089
* Fix PKCS10 subject alt name usageJack Lloyd2017-11-144-7/+26
| | | | GH #1010
* Add a test for GH #1252Jack Lloyd2017-11-141-1/+7
|
* Avoid deprecated functions in FFIJack Lloyd2017-11-141-3/+3
|
* Use new APIs in path validation and name constraint handlingJack Lloyd2017-11-142-6/+14
|
* Store CRL_Entry data in shared_ptrJack Lloyd2017-11-142-41/+81
|
* Store X509_CRL data in shared_ptrJack Lloyd2017-11-142-69/+102
|
* Store PKCS10 request data in structureJack Lloyd2017-11-142-65/+85
|