| Commit message (Collapse) | Author | Age | Files | Lines |
|\
| |
| |
| |
| |
| |
| | |
validation
Previously an unknown extension would be rejected during parsing, which
prevents examining such a cert at all
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously unknown critical extensions were rejected during
X509_Certificate constructor, which inhibited inspecting other
parts of such a certificate. Refactored the certificate extensions
code so that the path validation routine performs this check only.
Additionally, added an interface for extensions to inspect the path
during path validation. TODOs were added in places where existing path
validation code can use the new interface.
Fixes GH #449.
|
| |
| |
| |
| |
| |
| | |
Only affects decoding of session ticket lifetimes.
GH #478
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
With sufficient squinting, Transform provided an abstract base
interface that covered both cipher modes and compression algorithms.
However it mapped on neither of them particularly well. In addition
this API had the same problem that has made me dislike the Pipe/Filter
API: given a Transform&, what does it do when you put bits in? Maybe
it encrypts. Maybe it compresses. It's a floor wax and a dessert topping!
Currently the Cipher_Mode interface is left mostly unchanged, with the
APIs previously on Transform just moved down the type hierarchy. I
think there are some definite improvements possible here, wrt handling
of in-place encryption, but left for a later commit.
The compression API is split into two types, Compression_Algorithm and
Decompression_Algorithm. Compression_Algorithm's start() call takes
the compression level, allowing varying compressions with a single
object. And flushing the compression state is moved to a bool param on
`Compression_Algorithm::update`. All the nonsense WRT compression
algorithms having zero length nonces, input granularity rules, etc
as a result of using the Transform interface goes away.
|
|\ \ \ |
|
| |/ / |
|
| | | |
|
|/ / |
|
| |
| |
| |
| |
| |
| | |
manifesting as broken sockets.
Leave the client socket open until the alert has been sent.
|
| |
| |
| |
| |
| |
| |
| |
| | |
OpenSSL sends an empty record before each new data record in TLS v1.0
to randomize the IV, as a countermeasure to the BEAST attack. Most
implementations use 1/(n-1) splitting for this instead.
Bug introduced with the const time changes in 1.11.23
|
| |
| |
| |
| | |
Fix exception message
|
|\ \
| | |
| | |
| | |
| | |
| | | |
Resolves problems with shared lib on OS X caused by incorrect dylib naming
Fixes GH #467
|
| |/ |
|
| | |
|
| |
| |
| |
| |
| |
| |
| |
| | |
Cast std::streamsize to size_t since MSVC is worried gcount() might
return a negative number.
The entropy callbacks took the entropy estimate as a size_t instead of
a double, which causes some verbose warnings due to the conversion.
|
|\ \
| | |
| | |
| | | |
Fixes GH #461
|
| | | |
|
| |/ |
|
|/
|
|
| |
GH #451
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
If the input lengths are exact multiples of 16 bytes then no padding
should be added. Previously 16 bytes of zero padding were added instead.
|
|
|
|
|
|
|
| |
Previously RSA and ElGamal stripped off leading zeros which were then
assumed by the padding decoders. Instead have them produce ciphertexts
with leading zeros. Changes EME_Raw to strip leading zeros to match
existing behavior.
|
|
|
|
|
| |
Performs content checks on the value (expected length, expected bytes)
and in constant time returns either the decrypted value or a random value.
|
|
|
|
|
|
|
|
|
| |
Remove support for weak ECC curves (anything under P-256) from TLS.
This includes secp256k1 since we don't take advantage of the special
form for any performance advantage; might as well use P-256.
The manual still mentioned that it was possible to use MD5 in
Policy::allowed_macs, but all HMAC-MD5 suites are already removed.
|
|
|
|
|
| |
Otherwise a MITM who can in real time break any supported ECC curve can
downgrade us.
|
|
|
|
| |
Avoids the test vector contortions in RSA-KEM
|
|\ |
|
| | |
|
| | |
|
| |
| |
| |
| |
| |
| | |
Add flags --policy, --print-certs, --tls1.0, --tls1.1, --tls1.2
Update todo
|
| |
| |
| |
| |
| | |
Could attempt to allocate (size_t)-1 words with predicably bad_alloc
results.
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | | |
get_system_timestamp_ns()
GH #422
|
|\ \ \ |
|
| | | | |
|
| |/ /
| | |
| | |
| | | |
equivalent to mlock on Unix to prevent swapping out of memory
|
|/ / |
|
| |
| |
| |
| | |
Prohibit unix_procs in BSI policy. See discussion in GH #446
|
| | |
|
|\ \ |
|
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
A module policy is a file specifying three types of modules: ones which
are required, ones which are prohibited, and ones which should be used
if otherwise available (this is mostly for platform specific modules).
Finally there are whatever modules which exist in the library of which
the policy makes no mention. These will be included if an explicit
dependency of some other module pulls them in (so there is no reason
to mention base, utils, ... in the file) but skipped otherwise.
For example policy 'sane' does not mention 'utils' or 'twofish' either
way. Since utils is a dependency of other modules which are included,
but Twofish does not. However unlike an explicitly prohibited module,
not mentioned can still be requested as part of the build (here with
--enable-module=twofish)
Also fixes some test bugs noticed by compiling in different build
configs. DLIES test didn't check that the KDF and MAC existed. Adds a
typedef for MessageAuthenticationCode because typing it twice in a
single line in the DLIES test made me think it's way too long. :) Also
fix some fuzzer build problems. Due to a copy and paste bug the PKCS
certificate (it was not).
Inspired by GH #439
|
|\ \ \
| | | |
| | | |
| | | | |
The Intel RNG may fail if heavily contended, so retry as needed.
|
| | | |
| | | |
| | | |
| | | | |
prevents filtering out any 0x00000000 outputs from RDRAND/RDSEED
|
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | |
| | | | |
* no spaces around if(), for() etc
* snake_case for plain functions
* anonymous namespace function instead private and static
* don't propagate failed poll to the calling application
* RdRand retires configurable in build.h
|