Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Prevent ping-ponging of close alerts by tracking both if a handshake | lloyd | 2011-12-30 | 4 | -18/+31 |
| | | | | | has been completed and if the connection has been definitely closed by a fatal alert or a close notify. | ||||
* | Full support for renegotiation including RFC 5746 extensions for | lloyd | 2011-12-30 | 8 | -42/+133 |
| | | | | | | | | | | | | | client and server. Server side can handle SCSV values as well, client always sends the extension instead. Handle an empty SNI extension coming back from the server - this is used to indicate that it understood the name. Also add better checking for extensions by passing in what the supposed size of the extension is. Only send the secure negotiation extension in the server hello if the client indicated support for it. | ||||
* | Server side handling of the secure renegotiation extension. | lloyd | 2011-12-30 | 3 | -2/+26 |
| | |||||
* | Many renegotiation fixes. Add support for the secure renegotiation | lloyd | 2011-12-30 | 13 | -36/+209 |
| | | | | | extension (client side only at the moment). Add an interface that allows applications to request renegotiation. | ||||
* | Reset the sequence numbers when we activate a connection state. This | lloyd | 2011-12-30 | 2 | -0/+9 |
| | | | | meant up until this point, renegotiation never worked. :( | ||||
* | About half an implementation of RFC 5746 | lloyd | 2011-12-29 | 10 | -68/+158 |
| | |||||
* | Add support for sending server name indicator in client hello | lloyd | 2011-12-29 | 13 | -75/+387 |
| | | | | | | | | Add support for sending and reading the SRP identifier extension. Add some helper classes for managing TLS extensions Add ciphersuite codes for SRP key exchange. | ||||
* | Clean up the ordering of constructor args to the various message types | lloyd | 2011-12-29 | 9 | -99/+108 |
| | |||||
* | SSLv3 clients will send this as a warning if the server requests a | lloyd | 2011-12-29 | 1 | -0/+1 |
| | | | | client cert and they don't have one. | ||||
* | Ref mozilla bug also | lloyd | 2011-12-29 | 1 | -2/+2 |
| | |||||
* | Only insert small fragments for application records. Handshakes would | lloyd | 2011-12-29 | 1 | -1/+1 |
| | | | | | | only be affected if the attacker can modify the handshake messages, which seems fairly unlikely, and some implementations are known to be unhappy with fragmented handshakes. | ||||
* | Don't buffer in the record writer at all - we immediately process and | lloyd | 2011-12-28 | 7 | -64/+42 |
| | | | | | | | | send out inputs as they are available. Thus, flushing is never required, and we avoid some unnecessary copying. If we are using a CBC mode cipher in SSLv3/TLSv1.0, send a 1-byte fragment to start to prevent the adaptive plaintext attack. | ||||
* | Fix for RC4 suites | lloyd | 2011-12-28 | 1 | -1/+2 |
| | |||||
* | Optimization/work on future optimization for the record writer; | lloyd | 2011-12-28 | 2 | -50/+67 |
| | | | | | | collects all the data into a single buffer and encrypts it in one go. Once the support is there for in-place encryption in the cipher modes this will help out substantially. | ||||
* | Rounding to nearest 0 should be a no-op | lloyd | 2011-12-28 | 1 | -0/+6 |
| | |||||
* | Add support for raw deflate in the zlib filter | lloyd | 2011-12-28 | 2 | -12/+35 |
| | |||||
* | Just print printable | lloyd | 2011-12-28 | 1 | -2/+0 |
| | |||||
* | Comment grammar | lloyd | 2011-12-28 | 1 | -2/+2 |
| | |||||
* | Fix | lloyd | 2011-12-28 | 1 | -0/+1 |
| | |||||
* | Cleaner | lloyd | 2011-12-28 | 2 | -3/+2 |
| | |||||
* | Fixes for DSA auth | lloyd | 2011-12-28 | 2 | -8/+11 |
| | |||||
* | Don't stall on error | lloyd | 2011-12-28 | 1 | -3/+6 |
| | |||||
* | Add non-null assertion, don't print msg if empty string | lloyd | 2011-12-28 | 2 | -1/+11 |
| | |||||
* | Assert there is nothing left over at the end of packet parsing. | lloyd | 2011-12-28 | 1 | -0/+6 |
| | |||||
* | Additional bits for SSLv3 client auth | lloyd | 2011-12-28 | 5 | -10/+41 |
| | |||||
* | Save peer certs in session info. Use helper function for handshake | lloyd | 2011-12-28 | 5 | -42/+30 |
| | | | | hashing. | ||||
* | Working though hacking client verify (server side only). Only supports | lloyd | 2011-12-28 | 19 | -65/+131 |
| | | | | | TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested so far. | ||||
* | Remove debug print, include info in the exception msg instead | lloyd | 2011-12-28 | 1 | -8/+3 |
| | |||||
* | Slightly better alert option for this case | lloyd | 2011-12-28 | 1 | -1/+1 |
| | |||||
* | We wouldn't send an alert before handshaking was complete because | lloyd | 2011-12-28 | 1 | -7/+4 |
| | | | | | | active == false, which made debugging hard and caused timeouts/hangs in clients if (for instance) a ciphersuite couldn't be negotiated. Always send alerts. | ||||
* | Make TLS_Session_Params a real class. Various cleanups. | lloyd | 2011-12-28 | 6 | -124/+193 |
| | |||||
* | Partial bits of the server side of client auth. Incomplete. | lloyd | 2011-12-28 | 6 | -39/+87 |
| | | | | | | Pass a session manager to TLS_Client's constructor. Currently unused. Add time-based session expiration to the in-memory session cache. | ||||
* | Make tls_session_key.h an internal header | lloyd | 2011-12-27 | 9 | -8/+18 |
| | |||||
* | Actually send the right info in a resumed session server hello | lloyd | 2011-12-27 | 1 | -7/+4 |
| | |||||
* | Force resumed session to use previous ciphersuite, etc | lloyd | 2011-12-27 | 4 | -26/+73 |
| | |||||
* | BER decoder extras needed by previous commit | lloyd | 2011-12-27 | 2 | -17/+68 |
| | |||||
* | Session deserialization | lloyd | 2011-12-27 | 3 | -6/+27 |
| | |||||
* | Half of session serialization | lloyd | 2011-12-27 | 5 | -77/+181 |
| | |||||
* | Clean up SessionKeys implementation | lloyd | 2011-12-27 | 2 | -108/+49 |
| | |||||
* | First rev of working session resumption (server side only). Only works | lloyd | 2011-12-27 | 7 | -65/+202 |
| | | | | with TLS at the moment, SessionKeys is a mess. | ||||
* | Avoid a memory leak if we were using DHE - kex_priv would get a copy | lloyd | 2011-12-27 | 2 | -23/+22 |
| | | | | of the server key and then we'd immediately overwrite the pointer. | ||||
* | Much smarter state transition checking: at each point in the | lloyd | 2011-12-27 | 5 | -159/+170 |
| | | | | | | | | handshake, keep track of exactly which handshake message type(s) we can expect and assert before processing that what we recieved is what we expected. Contrast with previous 'checking' which was more in the style 'could we perhaps plausibly do something with this message?' aka broken. | ||||
* | Make the server example less fragile, write a class that emulates the | lloyd | 2011-12-27 | 1 | -30/+118 |
| | | | | old blocking interface and use that. | ||||
* | Compile fix | lloyd | 2011-12-27 | 1 | -1/+1 |
| | |||||
* | Add the code for DHE/DSS with RC4, not 'official' but the codepoint | lloyd | 2011-12-27 | 2 | -0/+7 |
| | | | | | | | was included in a now-expired ID (draft-ietf-tls-56-bit-ciphersuites-01) and mentioned in Rescorla's SSL book. Not implemented by OpenSSL but does appear to be included in GnuTLS. | ||||
* | Compile fix, also save version # | lloyd | 2011-12-23 | 1 | -1/+2 |
| | |||||
* | Fix crash | lloyd | 2011-12-23 | 1 | -1/+6 |
| | |||||
* | Initial hooks for session resumption | lloyd | 2011-12-23 | 16 | -163/+280 |
| | |||||
* | Centralize a lot of the handshaking and message parsing in TLS_Channel | lloyd | 2011-12-23 | 12 | -679/+344 |
| | | | | Also delete the obsolete/never worked CMS examples | ||||
* | propagate from branch 'net.randombit.botan' (head ↵ | lloyd | 2011-12-23 | 32 | -265/+211 |
|\ | | | | | | | | | | | 6c2809f0c11ba10a137601a2e7eed7ac1f083002) to branch 'net.randombit.botan.tls-state-machine' (head a302f3e8a1d2571835d461a7af7b4e8e805de446) |