summaryrefslogtreecommitdiff
path: root/lib/gnutls_int.h
Commit message (Collapse)AuthorAgeFilesLines
* priorities: reset the profile flags when appending new flagsNikos Mavrogiannopoulos2016-12-201-0/+10
| | | | | | That is, to avoid causing issues to applications calling gnutls_*priority_set() multiple times with different parameters. In that case if multiple profiles are used the outcome could be undefined. Now, the last call will prevail.
* Cache MAC algorithm used for PRF functionDmitry Eremin-Solenikov2016-12-141-0/+1
| | | | | | | | Instead of spreading checks all over the GnuTLS, cache used PRF after setting the cipher suite and reference the value later. Like in _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Reverted the behavior of sending a status request extension even without a ↵Nikos Mavrogiannopoulos2016-10-271-0/+5
| | | | | | | | | | | | | | | response That is, we no longer reply to a client's hello with a status request, with a status request extension. Although that behavior which was introduced in 6b76e0c899b1ff08df9bd9b41588f771f050be89 is legal, it creates incompatibility issues with gnutls 3.3.x branch. That is because versions prior 3.3.26 translates the presence of the extension as a guarrantee that the status response data will be sent. Even though, that is false assumption we replicate the previous behavior to allow such clients to connect to a gnutls 3.5.x server. Relates !66
* handshake: set a maximum number of warning messages that can be received per ↵Nikos Mavrogiannopoulos2016-10-141-3/+3
| | | | | | | handshake That is to avoid DoS due to the assymetry of cost of sending an alert vs the cost of processing.
* Added session-specific supplemental data handlingNikos Mavrogiannopoulos2016-10-061-0/+3
| | | | | This allows a caller to add supplemental data handling which will only be made available for a specific session.
* Added session-specific TLS extensionsNikos Mavrogiannopoulos2016-10-061-0/+2
| | | | | This allows a caller to add extensions which will be made available for a specific session.
* Increased the maximum size allowed for handshake messages to 128kbNikos Mavrogiannopoulos2016-09-191-1/+1
| | | | | This would allow the library to cope with larger packets, as well as TLS 1.3 hellos. Suggested by Hubert Kario.
* Added gnutls_certificate_set_ocsp_status_request_function2Nikos Mavrogiannopoulos2016-09-121-0/+2
| | | | | | | | | | | That introduces a new function to allow setting an OCSP status request handling function per certificate. Furthermore it repurposes the flag parameters to an index option on gnutls_certificate_set_ocsp_status_request_file. The changes above allow setting a different OCSP status response file per certificate, and a different function. The indexes they rely on to associate with existing certs are the indexes returned by the gnutls_certificate_set_key() and friends functions.
* several spacing fixes to keep syntax-check happyNikos Mavrogiannopoulos2016-09-111-7/+7
|
* Import DTLS sliding window validation from OpenConnect ESP codeDavid Woodhouse2016-09-021-1/+1
| | | | | | | | | | | In this implementation, the end of the sliding window is always advanced to the latest received packet, and we accept up to 64 packets before that one. We no longer refuse to accept packets because they are *too* far ahead of what we've already seen. Some of the test cases are fixed up accordingly. This matches the code in OpenConnect esp-seqno.c at commit 314ac65.
* Added support for decrypting PKCS#8 files which use HMAC-SHA256 as PRFNikos Mavrogiannopoulos2016-08-241-0/+1
| | | | This improves compatibility with new openssl versions.
* Support TCP Fast OpenTim Ruehsen2016-07-261-0/+12
| | | | | | | This introduces a new function gnutls_transport_set_fastopen(). Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com> Signed-off-by: Tim Ruehsen <tim.ruehsen@gmx.de>
* dtls: imported Fridolin's DTLS sliding window implementationNikos Mavrogiannopoulos2016-07-131-7/+6
| | | | This simplifies the current code, and reduces the memory needed.
* Allow for conditional compilation of SSL 3.0 protocolNikos Mavrogiannopoulos2016-05-141-1/+4
| | | | | | | This allows to completely remove SSL 3.0 support by calling configure with the '--disable-ssl3' option. Resolves #93
* priorities: when without AES acceleration prefer stream ciphers (i.e., CHACHA20)Nikos Mavrogiannopoulos2016-05-061-0/+1
|
* handshake: enhance same certificate checks to apply to PSK/SRP usernameNikos Mavrogiannopoulos2016-04-291-0/+4
| | | | | | That is, unless GNUTLS_ALLOW_ID_CHANGE is specified, during a rehandshake clients will not be allowed to present another certificate than the original, or change their username for PSK or SRP ciphersuites.
* instead of assigning a variable per flag use the init flags directlyNikos Mavrogiannopoulos2016-04-281-8/+2
| | | | | That is store the flags provided in gnutls_init() in the session structure and use these flags directly when required.
* added flag in session to force sending a client certificateNikos Mavrogiannopoulos2016-04-281-0/+1
| | | | | | | | | This handles the use case of a client connecting to a server which incorrectly lists the CA certificates it supports. Without that change the only option was to avoid using the "automatic" client certificate functions, but rather utilize callbacks. With that approach this use case is handled by the "automatic" certificate selection functions.
* handshake: added support for ECDH with curve X25519Nikos Mavrogiannopoulos2016-04-241-1/+3
| | | | This follows draft-ietf-tls-rfc4492bis-07 and rfc7748
* session: removed unused parameters from RSA-EXPORT eraNikos Mavrogiannopoulos2016-04-231-3/+0
|
* gnutls_int.h: allow compiling with system (gnutls) headersNikos Mavrogiannopoulos2016-04-201-11/+6
|
* Updated false start support to be transparent to applications.Nikos Mavrogiannopoulos2016-04-151-5/+12
| | | | | | | That is, an additional flag GNUTLS_ENABLE_FALSE_START is introduced for gnutls_init(), and that enables support for false start. At this point false start will be performed by the handshake if possible, and gnutls_record_recv() will handle handshake completion.
* session resumption: lift the limitation of calling ↵Nikos Mavrogiannopoulos2016-03-311-0/+1
| | | | | | | | | | gnutls_session_get_data*() on non-resumed sessions This allows of obtaining the session data required for proper session resumption from any available session. This brings the API in par with expectations of its users. Resolves #79
* session tickets: avoid GCM for session tickets and rely on CBC and HMACNikos Mavrogiannopoulos2016-03-231-3/+0
| | | | The latter is more resilient against non-key renewal.
* Added gnutls_handshake_set_false_start_function()Nikos Mavrogiannopoulos2016-02-271-1/+6
| | | | | This function allows to use TLS False-start, by using the provided function to send data just after finished message.
* gnutls_int.h: increased MAX_SERVER_NAME_SIZE to 256 bytesNikos Mavrogiannopoulos2016-01-141-1/+1
|
* respect the max-record extension under DTLSNikos Mavrogiannopoulos2015-12-241-4/+4
| | | | | This resolves issue with max-record being negotiated but ignored. Resolves #61
* Do not allow certificate change during a rehandshakeNikos Mavrogiannopoulos2015-12-081-0/+5
| | | | | | That is require that the certificate of the peer remains the same and return GNUTLS_E_SESSION_CERTIFICATE_CHANGED otherwise. To revert to the previous behavior the GNUTLS_ALLOW_CERT_CHANGE flag was introduced.
* MAX_PK_PARAM_SIZE was moved to gnutls_int.hNikos Mavrogiannopoulos2015-12-061-1/+3
|
* Modified the CHACHA20 cipher to conform to draft-ietf-tls-chacha20-poly1305-02Nikos Mavrogiannopoulos2015-11-071-7/+1
|
* Tolerate priority strings with names of legacy ciphers and key exchangesNikos Mavrogiannopoulos2015-10-151-0/+2
| | | | | | That enables better backwards compatibility with old applications which disable or enable algorithms which no longer are supported. Relates #44
* use time_t for internal type to avoid warnings on signed/unsigned comparisonNikos Mavrogiannopoulos2015-09-191-1/+1
|
* Added API to generate private keys from a given seedNikos Mavrogiannopoulos2015-09-121-0/+3
| | | | | Currently it is restricted to RSA and FIPS 186-4 key generation with SHA384. Relates to #34
* Allow overriding the verification flags from the auto-verification functionsNikos Mavrogiannopoulos2015-08-241-1/+3
|
* Added simpler verification functions for clientsNikos Mavrogiannopoulos2015-08-241-0/+4
| | | | | | | | | | | | The major use-case for the TLS protocol is verification of PKIX certificates. However, certificate verification support while is similar for almost all projects it requires around 100 lines of code (a callback) to be duplicated to all applications. That patch set gets rid of the callback and simplifies certificate verification support, by introducing a very simple API; one that would accept the session and the hostname only. Resolves #27
* Added gnutls_session_set_verify_functionNikos Mavrogiannopoulos2015-08-241-0/+4
| | | | | That allows to set a verification callback per session rather than only globally on the credentials structure.
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-6/+6
|
* priorities: Added internal option to allow key usage violations in server sideNikos Mavrogiannopoulos2015-08-141-0/+1
|
* Re-enable the certificate key usage checks for compliance with ciphersuiteNikos Mavrogiannopoulos2015-08-141-0/+2
| | | | | | | | | | | | | There is a new attack on the TLS protocol which relies on using certificates for ECDSA as certificates for ECDH ciphersuites. That attack while it doesn't affect gnutls, which doesn't support static ECDH, assumes that implementations ignore the key usage bits in the certificate. We have done it since 3.1.0 for compatibility reasons (see http://www.gnutls.org/faq.html#key-usage-violation), but that clearly opens the door for real attacks in the future. For this reason the key usage bits will no longer be ignored. Resolves #24
* handshake: add FALLBACK_SCSV priority optionAlessandro Ghedini2015-08-011-0/+3
| | | | | This allows clients to enable the TLS_FALLBACK_SCSV mechanism during the handshake, as defined in RFC7507.
* As server don't try to send extensions we didn't receive.Nikos Mavrogiannopoulos2015-07-311-2/+2
|
* Always align in 16-byte boundary our input to cryptoNikos Mavrogiannopoulos2015-06-181-3/+1
| | | | That allows faster operations in almost all instruction sets.
* handshake_start_time was moved out of the DTLS-specific variablesNikos Mavrogiannopoulos2015-05-061-3/+3
|
* dtls: combined the total timeouts of DTLS and TLS handshakeNikos Mavrogiannopoulos2015-05-051-2/+0
| | | | That also makes the waits for packets more robust against blocking.
* use macro for DTLS default timeoutNikos Mavrogiannopoulos2015-04-301-0/+1
|
* GNUTLS_NONBLOCK can be used for non-DTLS sessions as wellNikos Mavrogiannopoulos2015-04-301-2/+3
|
* only send EtM extension if we have CBC ciphersuitesNikos Mavrogiannopoulos2015-04-011-0/+1
|
* Added the CHACHA20-POLY1305 ciphersuites (with random IDs)Nikos Mavrogiannopoulos2015-03-281-0/+20
|
* do not penalize CBC ciphers with the maximum send data sizeNikos Mavrogiannopoulos2015-03-281-6/+0
| | | | | | That reduced the maximum send size for CBC ciphers from 16384 to 16384-(block size), which was unnecessary and was causing issues: https://bugs.winehq.org/show_bug.cgi?id=37500
* gnutls_record_set_max_empty_records: removedNikos Mavrogiannopoulos2015-03-281-1/+0
|
View Lorry Controller Status