aboutsummaryrefslogtreecommitdiffstats
path: root/src/libtls
Commit message (Collapse)AuthorAgeFilesLines
* certificate: Return signature scheme and parameters from issued_by() methodTobias Brunner2017-11-081-0/+2
| | | | | This also required some include restructuring (avoid including library.h in headers) to avoid unresolvable circular dependencies.
* private-key: Add optional parameters argument to sign() methodTobias Brunner2017-11-081-3/+4
|
* public-key: Add optional parameters argument to verify() methodTobias Brunner2017-11-081-3/+5
|
* Fixed some typos, courtesy of codespellTobias Brunner2017-08-072-2/+2
|
* Change interface for enumerator_create_filter() callbackTobias Brunner2017-05-261-17/+21
| | | | | This avoids the unportable 5 pointer hack, but requires enumerating in the callback.
* libtls: Replace expired certificates for unit testsTobias Brunner2017-03-241-68/+66
| | | | | | | | | | | | Only the tests with client authentication failed, the client accepted the trusted self-signed certificate even when it was expired. On the server the lookup (based on the pre-configured SAN) first found the ECDSA cert, which it dismissed for the RSA authentication the client used, and since only the first "pretrusted" cert is considered the following RSA cert was verified more thoroughly. The lookup on the client always uses the full DN of the server certificate not the pre-configured identity so it found the correct certificate on the first try.
* Fixed some typos, courtesy of codespellTobias Brunner2017-03-231-1/+1
|
* gmp: Support of SHA-3 RSA signaturesAndreas Steffen2016-09-221-10/+10
|
* Use standard unsigned integer typesAndreas Steffen2016-03-2412-54/+54
|
* credential-manager: Make online revocation checks optional for public key ↵Tobias Brunner2016-03-102-2/+3
| | | | enumerator
* unit-tests: Forward variable argument list in TEST_SUITE_DEPENDMartin Willi2015-07-121-2/+2
| | | | | For some plugin features, such as crypters or AEADs, we have some additional feature arguments, such as the key size.
* libtls: As client, reject DH exchanges using primes smaller than 1024 bitMartin Willi2015-05-261-0/+7
| | | | | | | | | | | | | | | | | | While the server signs the ephemeral DH parameters, it can be tricked to its lowest supported DH group by a man-in-the-middle: https://weakdh.org/imperfect-forward-secrecy.pdf While we at least use 2048-bit DH groups as server, the client accepts any DH prime the server sends. If it supports export ciphers, only a 512-bit prime may be used. As TLS does not define nor negotiate a DH group for cipher suites, the client actually must accept what the server offers. To avoid downgrades to weak DH groups, we must reject what we consider insecure. We set this limit to 1024-bit primes. While this breaks compatibility with TLS servers using weaker primes, this is what we expect servers at least use. Most browser vendors use the same limit in a similar fix.
* utils: Use chunk_equals_const() for all cryptographic purposesMartin Willi2015-04-142-2/+2
|
* diffie-hellman: Add a bool return value to set_other_public_value()Martin Willi2015-03-232-3/+18
|
* diffie-hellman: Add a bool return value to get_my_public_value()Martin Willi2015-03-232-2/+10
|
* diffie-hellman: Use bool instead of status_t as get_shared_secret() return valueMartin Willi2015-03-232-2/+2
| | | | | While such a change is not unproblematic, keeping status_t makes the API inconsistent once we introduce return values for the public value operations.
* tls-peer: Make sure to use the right trusted public key for peerTobias Brunner2015-03-091-4/+8
| | | | | | | | | In case a CA certificate uses the same subject DN as the server the previous code could end up trying to verify the server's signature with the CA certificate's public key. By comparing the certificate with the one sent by the peer we make sure to use the right one. Fixes #849.
* libtls: Add getters for TLS handshake authentication detailsMartin Willi2015-03-037-0/+49
|
* libtls: Merge trustchain auth verification details done during TLS handhsakeMartin Willi2015-03-032-0/+2
|
* libtls: Don't send TLS close notifies in EAP after application succeedsMartin Willi2015-02-193-3/+38
| | | | | | | | | | | | | With the introduction of PT-TLS, we started sending TLS close notifies after the application layer completes (7bbf7aa9). While this makes sense for TCP based transports, it is not required in EAP methods. In EAP, handshake completion can be directly signaled using the outer EAP-SUCCESS message. This also saves one round-trip in the EAP exchange. Windows 7/8 does not seem to like TLS close notifies at all in EAP, and either stalls (EAP-TTLS) or disconnects (PEAP). Fixes #556.
* libtls: Check for CHANGE_CIPHER_SPEC type only if upper layer returns NEED_MOREMartin Willi2015-01-121-6/+5
| | | | | | | A type is returned only if upper layers successfully created a record, that is returns NEED_MORE. If we do not check for the return value, we might check a previous record or the uninitialized type variable and falsely reset the sequence number.
* libtls: Catch POLLHUP/NVAL in TLS socket splicingMartin Willi2014-11-281-2/+2
| | | | | If one of the sockets gets disconnected, some systems return POLLHUP. Signal the socket as ready to let the read/write call fail properly.
* libtls: Use poll(2) instead of select() in tls_socketMartin Willi2014-11-211-8/+7
|
* tls: Fix an invalid free on CBC encryption failureMartin Willi2014-10-151-1/+0
|
* tls: Fix a memory leak if AEAD encryption failsMartin Willi2014-10-151-0/+1
|
* tls: Check all bytes of the padding if they equal the padding lengthMartin Willi2014-10-152-0/+16
|
* libtls: Link against ws_w32 on WindowsMartin Willi2014-06-041-0/+4
|
* unit-tests: Make sure plugins in the builddir are loadedTobias Brunner2014-05-191-1/+1
| | | | | | When running the tests in GDB the working directory apparently is different. With the relative path used previously the plugins would not be found and those installed on the system would get used.
* enum: Return boolean result for enum_from_name() lookupMartin Willi2014-05-161-2/+2
| | | | | | | | | | | Handling the result for enum_from_name() is difficult, as checking for negative return values requires a cast if the enum type is unsigned. The new signature clearly differentiates lookup result from lookup value. Further, this actually allows to convert real -1 enum values, which could not be distinguished from "not-found" and the -1 return value. This also fixes several clang warnings where enums are unsigned.
* tls: Move variable sized tls_record_t struct to end of tls_t dataMartin Willi2014-05-161-4/+4
| | | | clang complains about the the non-last variable length member.
* Implemented PT-EAP protocol (RFC 7171)Andreas Steffen2014-05-122-47/+70
|
* tls: Add a test case to check correct enum name mapping of cipher suitesMartin Willi2014-04-013-0/+250
|
* tls: Add socket based tests testing all supported suites with TLS 1.2/1.1/1.0Martin Willi2014-04-013-0/+527
|
* tls: Remove superfluous initializers in TLS AEAD implementationsMartin Willi2014-04-014-4/+0
|
* tls: Support a maximum TLS version to negotiate using TLS socket abstractionMartin Willi2014-04-012-2/+4
|
* tls: Support a null encryption flag on TLS socket abstractionMartin Willi2014-04-012-3/+16
|
* tls: Introduce a generic TLS purpose that accepts NULL encryption ciphersMartin Willi2014-04-013-0/+6
|
* tls: Export a function to list supported TLS cipher suitesMartin Willi2014-04-012-18/+66
|
* tls: Create a unit-test runnerMartin Willi2014-04-015-0/+93
|
* tls: Fix some TLS cipher suite enum namesMartin Willi2014-03-311-3/+3
| | | | | It is important to have them mapped correctly, as we use these official TLS identifiers to configure specific TLS suites.
* tls: Include TLS version announced in Client Hello in encrypted premasterMartin Willi2014-03-311-1/+7
| | | | | | While a hardcoded 1.2 version is fine when we offer that in Client Hello, we should include the actually offered version if it has been reduced before starting the exchange.
* tls: Check for minimal TLS record length before each record iterationMartin Willi2014-03-311-8/+8
| | | | | | Fixes fragment reassembling if a buffer contains more than one record, but the last record contains a partial TLS record header. Thanks to Nick Saunders and Jamil Nimeh for identifying this issue and providing a fix for it.
* tls: Fix AEAD algorithm filtering, avoid filtering all suites if no AEAD foundMartin Willi2014-03-311-19/+52
|
* tls: Offer TLS signature schemes in ClientHello in order of preferenceMartin Willi2014-03-311-90/+59
| | | | | Additionally, we now query plugin features to find out what schemes we exactly support.
* tls: Define AES-GCM cipher suites from RFC 5288/5289Martin Willi2014-03-311-0/+54
|
* tls: Implement the TLS AEAD abstraction for real AEAD modesMartin Willi2014-03-314-8/+262
|
* tls: Separate TLS protection to abstracted AEAD modesMartin Willi2014-03-318-325/+874
| | | | | | To better separate the code path for different TLS versions and modes of operation, we introduce a TLS AEAD abstraction. We provide three implementations using traditional transforms, and get prepared for TLS AEAD modes.
* libtls: Move settings to <ns>.tls with fallback to libtlsTobias Brunner2014-02-122-4/+9
|
* Build all shared libraries with -no-undefined and link them properlyTobias Brunner2013-09-121-0/+6
| | | | | | | | | | The flag is required to convince libtool on Cygwin to build DLLs. But on Windows these shared libraries can not have undefined symbols, so we have to link them explicitly to the libraries they reference. For plugins this is currently not done, so only the monolithic build is supported. The plugin loader wouldn't be able to load DLLs anyway, as it tries to load files that don't exist on Cygwin.
* Optimize TLS socket buffer for TLS_MAX_FRAGMENT_LENAndreas Steffen2013-08-191-2/+2
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-07-23 11:18:53 +0000