| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2016-03-28 | libsec: fix tlsid for TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256, ↵ | cinap_lenrek | |
| TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 the previous cipher id's where fore TLS_ECDH_* not TLS_ECDHE_*... sorry :( | |||
| 2016-03-23 | add portable AES-GCM (Galois/Counter Mode) implementation to libsec and devtls | cinap_lenrek | |
| 2016-03-12 | libsec: remove weakCipher[] array check as we do not support any of these ↵ | cinap_lenrek | |
| weak ciphers | |||
| 2016-03-01 | libsec: fix verifyDHparams() for version <= TLS1.1 | cinap_lenrek | |
| for version <= TLS1.1, there is no sigalg field in the ServerKeyExchange message and the signature digest algorithm is fixed to md5+sha1 and we only support RSA signatures (TLS1.1 doesnt know about ECDSA). | |||
| 2016-02-19 | libsec: remove unused tlsSecKill() | cinap_lenrek | |
| 2016-02-18 | libsec: fix memset() size in tlsConnectionFree(), remove #include <bio.h> | cinap_lenrek | |
| 2016-02-17 | libsec: add libc.h include for aes_xts.c (drawterm) | cinap_lenrek | |
| 2016-02-11 | libsec: simplify pkcs1_decrypt() | cinap_lenrek | |
| 2016-02-11 | libsec: fix double free in pkcs1_decrypt(), handle bad epm length in ↵ | cinap_lenrek | |
| tlsSecRSAs(), cleanup | |||
| 2016-02-07 | libsec: fix missing error case unlock() in tlshands initCiphers() | cinap_lenrek | |
| 2016-02-06 | libsec: mpconv -> mpfmt | cinap_lenrek | |
| 2016-02-03 | libsec: refactor asn1 encoding of digest for rsa signatures, fix memory leak ↵ | cinap_lenrek | |
| in ecverify | |||
| 2016-02-01 | libsec: ecdsa client support for tlshand, cleanups | cinap_lenrek | |
| 2016-01-19 | libsec: add salsa20 stream cipher | cinap_lenrek | |
| 2016-01-06 | libsec: make sure theres no garbage after the asn.1 decode, cleanup | cinap_lenrek | |
| 2015-12-25 | libsec: implement TLS-PSK for tlsClient()/tlsServer() | cinap_lenrek | |
| 2015-12-21 | tls: implement chacha20/poly1305 aead cipher suits | cinap_lenrek | |
| 2015-12-16 | libsec: use tsmemcmp() when comparing hashes, use mpfield() for ecc, use ↵ | cinap_lenrek | |
| mptober() when right adjusting mpint to bytes | |||
| 2015-12-01 | libsec: fix genprime() to produce normalized result | cinap_lenrek | |
| this fixed bug "assert_failed_m-flags__mpnorm_since_283cc2200e34". | |||
| 2015-11-26 | libsec: add chacha20 poly1305 aead, allow 64 bit iv's for chacha, add tsmemcmp() | cinap_lenrek | |
| chacha20 comes in two variants: ietf rfc7539, using 96 bit iv and 32 bit counter and draft-agl-tls-chacha20poly1305 using 64 bit iv and a 64 bit counter. so setupChachastate() now takes a ivlen argument which sets the mode. add ccpoly_encrypt()/ccpoly_decrypt() routines. to implement timing safe ccpoly_decrypt(), a constant time memcmp was needed, so adding tsmemcmp() to libsec. | |||
| 2015-10-22 | libsec: add chacha cipher (from charles forsyth) | cinap_lenrek | |
| 2015-10-22 | libsec: add poly1305 | cinap_lenrek | |
| 2015-10-10 | libsec: remove rc4 cipher suits for tls | cinap_lenrek | |
| 2015-10-09 | libsec: clarify the code by declaring constant for DirectoryString and ↵ | cinap_lenrek | |
| handle conversion in mkstring() | |||
| 2015-10-09 | libsec: use the right string encoding for various x509 fields | cinap_lenrek | |
| C= has to be PrintableString, E= and DC= are IA5String, everything else is DirectoryString which can be PrintableString or UTF8String. | |||
| 2015-09-24 | libsec: cleanup newbytes()/newints()/newbits() and get rid of OFFSETOF() macro | cinap_lenrek | |
| 2015-09-23 | libsec: fix memory leaks in X509req() and X509gen() and return malloced pointer | cinap_lenrek | |
| X509req() and X509gen() used to leak memory, and had no way for the caller to free the allocated certificate/certificate request buffer returned. this is not critical as these functions are only used in short lived rsa(2) helper programs. but i prefer to have library routines not leak memory as one does not know in advance where the code is going to be used. | |||
| 2015-09-23 | libsec: implement client certificate authentication for tls1.2 | cinap_lenrek | |
| we used to negotiate tls1.1 for client cert authentication because the signature generation was not implemented for tls1.2. this is now fixed and tls1.2 can be negotiated with client certs. | |||
| 2015-09-22 | libsec: handle missing signature case; can happen because some ciphers make ↵ | cinap_lenrek | |
| it optional | |||
| 2015-09-22 | libsec: make sure Elem is zero initialized so freevalfields() wont cause ↵ | cinap_lenrek | |
| accidents | |||
| 2015-09-22 | libsec: implement dh parameter signature verification, stop lying about ↵ | cinap_lenrek | |
| non-rsa ciphers, fix memory leaks in X509 code actually verify the diffie hellman parameter signature, this comes in two flavours. TLS1.2 uses X509 signature with a single hash specified by the signature algorithm field in the signature itself and pre TLS1.2 where md5+sha1 hashes of the signed blob are pkcs1 padded and encrypted with the rsa private key. stop advertizing non-rsa cipher suits (DSS and ECDSA), as we have not implmenented them. fix some memory leaks in X509 code while we'r at it. | |||
| 2015-09-22 | libsec: fix memory leak in ecmul() | cinap_lenrek | |
| 2015-09-14 | libsec: save some space making weakCipher bitamp of type char[] instead of int[] | cinap_lenrek | |
| 2015-09-14 | libsec: add TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256 and ↵ | cinap_lenrek | |
| TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 cipher suits | |||
| 2015-09-13 | libsec: send sigature_algoritms extension for TLS1.2, order ciphers | cinap_lenrek | |
| TLS1.2 requires the client to send the list of supported signature and hash algorithm pairs. some servers will simply reject the client hello otherwise. note that we do not implement any dh/ecdh param signature verification. order the cipher list to strogest first. aes128 is actually more secure than aes256. | |||
| 2015-09-12 | libsec: handle TLS 1.2 changes in CertificateRequest message | cinap_lenrek | |
| 2015-09-02 | libsec: add rfc5869 hmac-based key derivation function hkdf_x() | cinap_lenrek | |
| 2015-09-02 | libsec: generalize pbkdf2_hmac_sha1() to pbkdf2_x() passing the hmac as an ↵ | cinap_lenrek | |
| argument | |||
| 2015-09-02 | libsec: declare aes_setupEnc static | cinap_lenrek | |
| 2015-09-01 | libsec: add curve25519 diffie hellman | cinap_lenrek | |
| 2015-09-01 | libsec: remove flawed aes() digest and hmac_aes() implementations (thanks aiju) | cinap_lenrek | |
| 2015-08-28 | libsec: work arround 8c running out of registers compiling curve25519.c | cinap_lenrek | |
| 2015-08-28 | libsec: add curve25519() from http://code.google.com/p/curve25519-donna/ | cinap_lenrek | |
| this is a portable version of curve25519() by google. | |||
| 2015-08-27 | libsec: add TLS_RSA_WITH_AES_128_CBC_SHA256 and ↵ | mischief | |
| TLS_RSA_WITH_AES_256_CBC_SHA256 ciphers | |||
| 2015-08-26 | libsec: add q parameter to dh_new() for subgroup support, sanitize dh parameters | cinap_lenrek | |
| 2015-08-25 | fix fuckup | glenda | |
| 2015-08-25 | import E script from bell labs | mischief | |
| 2015-08-23 | libsec: fix probably_prime() endless loop for n == 3 | cinap_lenrek | |
| 2015-08-20 | libsec: add pbkdf2_hmac_sha1() (from wpapsk factotum module) | cinap_lenrek | |
| 2015-08-17 | libsec: TLS1.2 server support, make cipher list with most prefered first | cinap_lenrek | |
 |
index : plan9front.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| summaryrefslogtreecommitdiff |