aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_channel.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Fix some warnings new in GCC 8.1Jack Lloyd2018-05-071-2/+2
| | | | | It thinks the typedefs are "locals" that are being conflicted with, which seems wrong to me but whatever.
* Avoid std::bind in Channel::received_dataJack Lloyd2018-03-051-2/+1
| | | | | | Lambda works just as well here. GH #493
* Remove vestigial support for TLS compressionJack Lloyd2018-01-211-2/+2
| | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* On resuming a client session, save the certificates that were used.Jack Lloyd2017-12-071-0/+5
| | | | GH #1303
* Convert http:// links to https:// where possibleJack Lloyd2017-10-241-1/+1
|
* Add comments explaining why its ok to rely on deprecated features here.Jack Lloyd2017-10-091-0/+4
| | | | [ci skip]
* Add a special Compat_Callbacks constructor to silence deprecation warnings.Jack Lloyd2017-10-091-1/+3
| | | | | | That way we avoid the warning internally even in amalgamation mode. GH #1243
* Add wrappers for reinterpret_cast between char* and uint8_t*Jack Lloyd2017-10-031-1/+1
| | | | | | | Generally speaking reinterpret_cast is sketchy stuff. But the special case of char*/uint8_t* is both common and safe. By isolating those, the remaining (likely sketchy) cases are easier to grep for.
* More include header cleanupsJack Lloyd2017-09-211-0/+2
|
* Correct failure when renegotiating with old serverJack Lloyd2017-06-041-1/+1
| | | | | | | | | | | | | | | | When renegotiating the client checks that the server hasn't changed its mind about supporting the renegotiation extension (this is a likely indicator of an attack). However due to a typo the client was actually comparing the value in the client hello of the first handshake against the server hello in the renegotiation handshake. Since Botan always sends the renegotiation extension, this would cause the check to fail when renegotiating with an old server that doesn't support the renegotiation extension. Reported on mailing list by Falko Strenzke. Tested patch against OpenSSL 0.9.8k
* Export tls_messages.h as a public headerRené Korthaus2016-12-231-1/+1
| | | | | | | TLS::Callbacks::inspect_handshake_message() allows applications to inspect all handshake messages, but this requires access to the types in tls_messages.h. As a matter of fact, this also exports tls_extensions.h as a public header.
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-35/+35
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Move TLS cert verification callback from Credentials_Manager to TLS::CallbacksJack Lloyd2016-11-231-12/+0
| | | | | | It is the only function in C_M which is called on to process session-specific (and adversarially provided) inputs, rather than passively returning some credential which is typically not session specific.
* Add new TLS callback for when session is activatedJack Lloyd2016-11-161-0/+2
| | | | | | The current session established cb happens before the session is activated, so it is not possible to send application data in response to the connection being made.
* TLS: Split CBC+HMAC modes to standalone AEAD_ModeJack Lloyd2016-10-071-6/+7
| | | | | Now record layer only deals with an AEAD, and the weird complications of CBC modes mostly hidden in tls_cbc.cpp
* Merge master into this branch, resolving conflicts with #457/#576Jack Lloyd2016-08-311-115/+160
|\ | | | | | | which recently landed on master.
| * Move some Callback functions to a source file.Jack Lloyd2016-08-311-0/+12
| | | | | | | | | | | | Just to avoid the unused parameter warning (we want the parameter to be named in the header for documentation purposes, but in that case GCC warns that the param is unused).
| * Changes to TLS::Callbacks for GH PR #457Jack Lloyd2016-08-161-15/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make TLS::Channel::m_callbacks a reference, so deriving from TLS::Callbacks works Split out the compat (std::function) based interface to Compat_Callbacks. This avoids the overhead of empty std::functions when using the virtual interface, and ensures the virtual interface works since there is no callback path that does not involve a vtable lookup. Rename the TLS::Callback functions. Since the idea is that often an owning class will pass *this as the callbacks argument, it is good to namespace the virtual functions so as not to conflict with other names chosen by the class. Specifically, prefixes all cb functions with tls_ Revert changes to use the old style alert callback (with no longer used data/len params) so no API changes are required for old code. The new Callbacks interface continues to just receive the alert code itself. Switch to virtual function interface in CLI tls_client for testing. Inline tls_server_handshake_state.h - only used in tls_server.cpp Fix tests - test looked like it was creating a new client object but it was not actually being used. And when enabled, it failed because the queues were not being emptied in between. So, fix that.
| * Compatibility patch for TLS::Callback interfaceMatthias Gierlings2016-06-191-2/+26
| | | | | | | | | | - Added legacy constructor support for TLS::Channel, TLS::Client, TLS::Server.
| * Added virtual Callback InterfaceMatthias Gierlings2016-06-191-3/+3
| | | | | | | | | | | | | | | | | | - extracted inner class TLS::Channel::Callbacks to stand-alone class TLS::Callbacks. - provided default implementations for TLS::Callbacks members executing calls to std::function members for backward compatibility. - applied changes to cli, tests and TLS::Channel related classes to be compatible with new interface.
| * Implemented Feedback on GH #457Matthias Gierlings2016-06-191-1/+1
| | | | | | | | | | | | - Removed deprecated TLS-Alert-Callback parameters. - Fixed improper naming of accessor for ALPN-Strings in tls_client.h - Fixed erroneous indentation on Ciphersuite Constructor.
| * Reduction of code complexity in TLS classes.Matthias Gierlings2016-06-191-110/+119
| | | | | | | | | | | | | | -reduced number of parameters in various methods -reduced cyclomatic complexity (McCabe-Metric) -removed "TLSEXT_HEARTBEAT_SUPPORT" from tls_extensions.h (leftover from heartbeat extension removal?)
| * make sure kdf labels are always usedKai Michaelis2016-06-011-2/+1
| |
| * add label parameter to KDF::derive_keyKai Michaelis2016-05-191-1/+1
| |
* | Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-121-4/+3
|\| | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-2/+1
| | | | | | | | warnings.
| * Change calls to 'get_byte' to explicitly cast parameters and eliminate ↵Dan Brown2016-04-271-2/+2
| | | | | | | | compiler warnings
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-2/+4
|/ | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-071-23/+3
|
* Remove TLS heartbeat support.Jack Lloyd2016-02-071-52/+0
| | | | | The signature of the alert callback remains unchanged to avoid breaking applications, though now the buffer parameter is never set.
* Reroot the exception hierarchy into a toplevel Exception classJack Lloyd2015-12-111-5/+5
| | | | | | | | As the alternatives are unfortunate for applications trying to catch all library errors, and it seems deriving from std::runtime_error causes problems with MSVC DLLs (GH #340) Effectively reverts 2837e915d82e43
* TLS improvementsJack Lloyd2015-10-251-18/+20
| | | | | | | | | | | | | | Use constant time operations when checking CBC padding in TLS decryption Fix a bug in decoding ClientHellos that prevented DTLS rehandshakes from working: on decode the session id and hello cookie would be swapped, causing confusion between client and server. Various changes in the service of finding the above DTLS bug that should have been done before now anyway - better control of handshake timeouts (via TLS::Policy), better reporting of handshake state in the case of an error, and finally expose the facility for per-message application callbacks.
* lib/tls: Convert &vec[0] to vec.data()Simon Warta2015-06-231-9/+9
|
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-271-5/+5
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Support setting the number of pad bytes in a heartbeat message. Uselloyd2015-01-071-4/+6
| | | | | random instead of all-zero padding. Check on sanity of received pads to the extent possible. Bugzilla 269.
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-151-21/+29
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-311-2/+2
|
* Add support for DTLS handshake timeouts and retransmissions.lloyd2014-10-061-29/+64
|
* Avoid initializer lists here, VC2013 doesn't like it. Github #18lloyd2014-05-011-0/+4
|
* Move lib into srclloyd2014-01-101-0/+668