aboutsummaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* In the in-memory session manager, choose a random key at startup andlloyd2012-08-053-10/+28
| | | | | | | | encrypt all of the sessions, decrypting before return. This minimizes load on the locked memory (48 bytes master secret per session, vs 32 bytes for a single master key). It might also make recovering session data from memory dumps a little bit harder though this isn't worth counting on IMO
* Remove Channel::read_handshake. Have the server set expected next msglloyd2012-08-054-43/+15
| | | | in new_handshake_state.
* If we're negotiating a datagram protocol, allow a hello verifylloyd2012-08-031-2/+20
| | | | message. Add client-side hello verify handling.
* Take the initial record version from the Handshake_IO instance insteadlloyd2012-08-035-3/+24
| | | | of hardcoding it to SSLv3.
* Add Handshake_Hash::resetlloyd2012-08-033-3/+24
| | | | Add cookie support in Client_Hello.
* Add preliminary IO handler for datagram handshakes. Does not fragmentlloyd2012-08-032-0/+184
| | | | | outbound messages to MTU. Reassembly likely doesn't work, and is very vulnerable to DoS attacks.
* Rename all the message source files to msg_lloyd2012-08-0311-10/+10
|
* Combine Handshake_Writer and Handshake_Reader into Handshake_IO.lloyd2012-08-0320-245/+170
| | | | | | | | This is mostly just a minor code savings for TLS, but it actually seems important for DTLS because getting a handshake message can be a trigger for retransmitting previously sent handshake messages in some circumstances. Having the reading and writing all in one layer makes it a bit easier to accomplish that.
* Move the code that pretends a CCS message is a handshake message fromlloyd2012-08-023-40/+32
| | | | Channel to the handshake reader.
* Use TLS v1.0 PRF unless the version supports a ciphersuite specific PRFlloyd2012-08-021-4/+5
|
* Fix linklloyd2012-08-021-2/+3
|
* Fix emphasislloyd2012-08-021-3/+2
|
* Add TLS::Protocol_Version::supports_ciphersuite_specific_prflloyd2012-08-024-14/+16
|
* Fix DTLS HelloVerify message decodinglloyd2012-08-021-3/+12
|
* Use m_ namespace member vars in CurveGFplloyd2012-08-011-35/+36
|
* Move monty_invert to numthry.h and use it in CurveGFp as welllloyd2012-08-014-51/+48
|
* Remove z_size parameter to bigint_monty_redc because it should alwayslloyd2012-08-014-26/+12
| | | | | | | | | | | be 2*(p_size+1). Document that it clears the high part of z. Don't clear the workspace before calling Karatsuba in bigint_mul or bigint_sqr - they clear it every time anyway. Don't bother masking words in the Montgomery_Exponentiator as redc zeros those words. Also don't bother calling z.clear() as the multiply operation does that already.
* Cleanup BigInt::cmplloyd2012-08-014-41/+43
| | | | | | Move bigint_divcore to divide.cpp which is the only place it is used. Probably not computationally intensive enough to really be worth optimizing in asm.
* Move all BigInt constructors to the top of the decllloyd2012-08-011-81/+82
|
* Remove BigInt::assignlloyd2012-08-013-28/+27
|
* Remove BigInt(NumberType type, size_t n) and replace it with a staticlloyd2012-08-0110-37/+26
| | | | BigInt function power_of_2. (Power2 was the only available NumberType)
* Remove all support for octal BigInt conversions.lloyd2012-08-015-39/+35
|
* Remove BigInt::get_reglloyd2012-08-013-13/+6
|
* Remove BigInt::operator[]. Use BigInt::word_at, which checks sizeslloyd2012-08-014-14/+12
|
* Remove BigInt::operator[] returning a mutable word referencelloyd2012-08-013-13/+9
|
* Rename the version of BigInt::data returning a mutable pointerlloyd2012-08-015-38/+38
| | | | to BigInt::mutable_data. Update callers.
* Remove the mutable version of BigInt::get_reglloyd2012-07-315-22/+18
|
* m_ namespace BigInt memberslloyd2012-07-313-40/+40
|
* Remove BigInt::grow_reg which was only used by a few tests.lloyd2012-07-313-18/+8
|
* Rename activate to more descriptive change_cipher_speclloyd2012-07-295-28/+41
|
* Use unique_ptr for handshake state, avoid lots of delete+nullptr assignlloyd2012-07-294-48/+43
|
* Clang warning about missing result typelloyd2012-07-291-1/+1
|
* If we're going to reject an insecure renegotiation, do it immediately,lloyd2012-07-293-41/+63
| | | | | | | | | | | | | even before parsing the client hello, since there is nothing the client can say in the hello that will change our mind about it. Call Policy::acceptable_protocol_version on the final negotiated version, not what the client offered! Clean up the server version choosing logic a bit. Add Protocol_Version::best_known_match which returns the 'best' version we know of matching a particular version.
* Helper func for loading 24 bit valuelloyd2012-07-281-8/+15
|
* Pass protocol to initiate_handshakelloyd2012-07-282-5/+7
|
* OpenSSL gets cranky if we send application data mid handshakelloyd2012-07-281-3/+2
|
* Combine client initial handshake and renegotiation in initiate_handshake.lloyd2012-07-282-55/+39
| | | | | | One behavioral change is we now send SNI on renegotation hellos. This is probably harmless (?) and might be helpful for the server in finding the right certs.
* Fix DTLS version string.lloyd2012-07-285-15/+27
| | | | | | Pass version to ciphersuite_list, avoid negotiating RC4 with DTLS Disable ECC <= 192 bits.
* Make Handshake_Writer non-copyablelloyd2012-07-281-0/+6
|
* Add format() hook to Handshake_Writer, so that Handshake_Hash does notlloyd2012-07-286-39/+34
| | | | | | | | need to know what the handshake format is. Remove unused functions from Handshake_Hash and store all handshake data as a plain std::vector, since as handshake information it is not sensitive.
* Add Public_Key::estimated_strength which gives an approximation of howlloyd2012-07-2712-14/+99
| | | | | | | hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits.
* Small doc tweakslloyd2012-07-275-20/+23
|
* Have the release script pull the datestamp from monotone, so it doeslloyd2012-07-253-17/+60
| | | | not need to be manually set before a release.
* Build on Sheevapluglloyd2012-07-241-0/+2
|
* Update for 1.11.0 release1.11.0lloyd2012-07-194-4/+6
|
* In RSA and RW signers, add the message contents to the RNG statelloyd2012-07-192-5/+9
|
* Fix divisibility check in DL_Group::make_dsa_generatorlloyd2012-07-191-3/+4
|
* Move EGD to the end of the priority list for entropy sources, as itlloyd2012-07-181-6/+6
| | | | | really is quite rare at this point given that all modern Unices have a /dev/random.
* Add 1.8.14 release noteslloyd2012-07-183-3/+21
|
* Some changes to HMAC_RNG:lloyd2012-07-182-23/+13
| | | | | | | | | | | | | - Only give out half of K in each iteration. This prevents an attacker who recovers the PRF key and knows some RNG outputs from being able to determine other RNG outputs. - Don't reset the counter on a reseed, and every 1024 outputs (16 Kbytes with default PRF) initiate a poll. - Don't ever reseed when called with add_entropy, just give it to the extractor, as we know that eventually we'll reseed at which time that input will be incorporated.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-26 16:35:15 +0000