| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| | |
For example it used to return 0 on Linux/ARM...
If no QPC or asm version, use clock_gettime if available, or else
std::chrono::high_resolution_clock as a fallback.
|
| |
| |
| |
| |
| |
| | |
Fix policy files.
GH #614
|
|\ \ |
|
| |\ \
| | | |
| | | |
| | | | |
which recently landed on master.
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Adds copyright notices for Juraj Somorovsky and Christian Mainka of Hackmanit
for the changes in 7c7fcecbe6a and 6d327f879c
Add Policy::check_peer_key_acceptable which lets the app set an arbitrary
callback for examining keys - both the end entity signature keys from
certificates and the peer PFS public keys. Default impl checks that the
algorithm size matches the min keylength. This centralizes this logic
and lets the application do interesting things.
Adds a policy for ECDSA group size checks.
Increases default policy minimums to 2048 RSA and 256 ECC.
(Maybe I'm an optimist after all.)
|
| |\ \ \
| | | | |
| | | | |
| | | | | |
Merged recent changes and resolved minor conflicts in tls record classes.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Introduced a countermeasure against the logjam attack
Short TLS records (AES-CBC) now return BAD_RECORD_MAC
Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
* --policy works for TLS Server and TLS Client
* Example policy BSI_TR-02102-2.txt
* Fine granular configuration for TLS 1.0, 1.1, 1.2 and DTLS 1.0 and 1.2
* Minimum ecdh and rsa group size
|
| |_|/ /
|/| | | |
|
| | | | |
|
| | | | |
|
| | | | |
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
Just to avoid the unused parameter warning (we want the parameter
to be named in the header for documentation purposes, but in that
case GCC warns that the param is unused).
|
| | | | |
|
|\ \ \ \ |
|
| | | | | |
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works
Split out the compat (std::function) based interface to Compat_Callbacks.
This avoids the overhead of empty std::functions when using the virtual
interface, and ensures the virtual interface works since there is no
callback path that does not involve a vtable lookup.
Rename the TLS::Callback functions. Since the idea is that often an owning
class will pass *this as the callbacks argument, it is good to namespace
the virtual functions so as not to conflict with other names chosen by
the class. Specifically, prefixes all cb functions with tls_
Revert changes to use the old style alert callback (with no longer used data/len
params) so no API changes are required for old code. The new Callbacks interface
continues to just receive the alert code itself.
Switch to virtual function interface in CLI tls_client for testing.
Inline tls_server_handshake_state.h - only used in tls_server.cpp
Fix tests - test looked like it was creating a new client object but it
was not actually being used. And when enabled, it failed because the queues
were not being emptied in between. So, fix that.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Undid changes replacing Hanshake_IO, Handshake_Hash with
Handshake_Info.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Removed proposed wrapper class to logically group TLS session
properties.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Removed Certificate_Properties class used to wrap X509_CA parameters.
- Whitespace cleanup.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Modified TLS & DTLS tests to use both, legacy constructor and new
virtual callback interface based constructors.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Added legacy constructor support for TLS::Channel, TLS::Client,
TLS::Server.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- extracted inner class TLS::Channel::Callbacks to stand-alone class
TLS::Callbacks.
- provided default implementations for TLS::Callbacks members executing
calls to std::function members for backward compatibility.
- applied changes to cli, tests and TLS::Channel related classes to be
compatible with new interface.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- Removed deprecated TLS-Alert-Callback parameters.
- Fixed improper naming of accessor for ALPN-Strings in tls_client.h
- Fixed erroneous indentation on Ciphersuite Constructor.
|
| | | | |
| | | | |
| | | | |
| | | | | |
- Corrected TLS::Server constructor call in CLI TLS-Proxy.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- fixed broken tls_magic.h include
- added forward declarations for Handshake_IO and Handshake_Hash in
tls_handshake_msg.h
- comment after #endif in tls_server_handshake.h caused surplus #endif
in botan_all_internal.h
- removed unnecessary semicolons causing -Wpedantic warnings.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
- reduced number of parameters in various methods
- introduced structures and renamed variables to improve code
readability.
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
-reduced number of parameters in various methods
-reduced cyclomatic complexity (McCabe-Metric)
-removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover
from heartbeat extension removal?)
|
| | | | |
| | | | |
| | | | |
| | | | | |
Altivec code assumed big-endian.
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | | |
GH #611
|
| | | | |
| | | | |
| | | | |
| | | | | |
Really this should be configurable via flags...
|
| | | | |
| | | | |
| | | | |
| | | | | |
Fallout from #591
|
| | | | | |
|
| | | | | |
|
| | | | | |
|
|\ \ \ \ \
| |_|_|_|/
|/| | | |
| | | | |
| | | | |
| | | | | |
Add ARM32, ARM64, PPC32, PPC64, and MinGW x86-32 cross builds to Travis.
Add valgrind build to Travis.
|
| | | | |
| | | | |
| | | | |
| | | | | |
This seems to trigger under ARM
|
| | | | | |
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Convert Travis build configuration to a single var instead of 4 tuple.
Makes it much easier to review the builds in the Travis web UI.
Adds sanitizer builds for Clang on both Linux and OS X. Clang is a different
compiler from GCC and its sanitizers may catch things GCC does not.
I have no idea if Apple's Clang has some magic sanitizer sauce stock
LLVM does not, so maybe sanitizer build on OS X can be skipped.
Adds Linux cross compile targets for ARM32, ARM64, PPC64, and MinGW x86
using the cross compiler available in Trusty. All of them build and are
set up to run through qemu/wine. All of the tests currently fail and
so are marked as expected fail in the Travis matrix.
The ARM test runs seem to have thread problems; ARM32 thread creation just fails
with an exception, as if pthreads was disabled. All other tests pass ok for ARM32.
On Aarch64, it looks like there is a hard crash the first time the library tries
creating a thread. Both of these might be due to statically linking the binary?
I have been unable to convince Ubuntu's qemu-ppc64 to execute binaries compiled by
Ubuntu's ppc64 cross compiler. I'm downloading an Ubuntu ISO to try this in a VM.
Running under Wine exposes several issues, both in Wine and Botan. Many functions are
stubs and it appears that entropy collection fails as a result. This triggers a bug
in the FFI tests which causes a crash there.
A pox on time zones; _mkgmtime is a MSVC extension and is not available on MinGW GCC.
Add a last resort call that just uses the localzone variant instead.
Adds valgrind target, remove a bogus poison in pubkey.cpp (it was effectively
asserting that all of RSA was const time which is sadly not true at all).
Moves -Wshadow to maintainer mode for GCC - GCC 4.8 has a noisy variant of -Wshadow
which warns if a parameter masks a function name, but this comes up all the time
in constructors. Later GCCs no longer warn about this (even with -Wshadow), so the
warnings are never fixed, but they cause noise in CI output and hide interesting
warnings like
warning: vec_lvsl is deprecated for little endian; use assignment for unaligned loads and stores [-Wdeprecated]
__vector unsigned char perm = vec_lvsl(0, static_cast<u32bit*>(nullptr));
|
| | | | |
| | | | |
| | | | |
| | | | |
| | | | | |
Use the group name instead of repeating 2048 bit prime N times.
Split up reporting by cipher type.
|
| | | | | |
|
|\ \ \ \ \
| |/ / / /
|/| | | | |
|
| | | | | |
|
|\ \ \ \ \ |
|