aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls/tls_session.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Remove deprecated headers, make more headers internalJack Lloyd2020-11-061-1/+1
| | | | | | | | | Now modules default to internal headers instead of defaulting to public; making a new public API should be a visible and intentional choice. Brings the public header count from over 300 to around 150. Also removes the deprecated tls_blocking interface
* Merge some of the ASN.1 headersJack Lloyd2020-10-311-1/+1
| | | | | Deprecate asn1_str.h asn1_time.h asn1_oid.h and alg_id.h with all contents moved to existing asn1_obj.h
* New TLS session encryption formatJack Lloyd2019-12-151-26/+93
| | | | | | | | | | | | | | | | | | | | | | | Changes: - Adds magic number/versioning to make future extensions possible - Adds key identifier to avoid needless decryption attempts, makes supporting ticket key rotation easier in the future - Avoids key collision; in current format if the seed is duplicated the same key + nonce are generated. This does not leak the master ticket key but is still bad. Now nonce is random, and key is generated via a distinct 128-bit long input. Chances of a duplicated key/nonce are now about 2^-112. - Include the whole header incl nonce as associated data - Use SHA-512-256 instead of SHA-256 This breaks all saved encrypted sessions as well as saved session tickets. But the cost then is just a full renegotiation. The session ticket format is not guaranteed to be stable even across minor releases.
* Fix bug that broke session decryption (and thus resumption)Jack Lloyd2018-04-091-1/+1
| | | | Introduced in 3657639ab. Add a test that would have caught this
* Add RAII versions of get_cipher_mode and get_aeadJack Lloyd2018-04-071-2/+2
| | | | See also #1526
* Remove vestigial support for TLS compressionJack Lloyd2018-01-211-4/+11
| | | | | It was never supported and never will be. Removing negotiation entirely simplifies the code a bit.
* More include header cleanupsJack Lloyd2017-09-211-0/+1
|
* Convert to using standard uintN_t integer typesJack Lloyd2016-12-181-21/+21
| | | | | | Renames a couple of functions for somewhat better name consistency, eg make_u32bit becomes make_uint32. The old typedefs remain for now since probably lots of application code uses them.
* Merge branch 'master' into Encrypt-then-MAC-with-policyJuraj Somorovsky2016-05-121-3/+2
|\ | | | | | | Merged recent changes and resolved minor conflicts in tls record classes.
| * Add explicit static_cast operations to eliminate implicit cast compiler ↵Dan Brown2016-04-271-3/+2
| | | | | | | | warnings.
* | Encrypt-then-MAC extension (RFC 7366)Juraj Somorovsky2016-05-111-0/+4
|/ | | | | | Introduced a countermeasure against the logjam attack Short TLS records (AES-CBC) now return BAD_RECORD_MAC Fixed a compatibility problem with OpenSSL and TLS 1.0 (BEAST countermeasure)
* Remove support for the TLS min fragment length extension.Jack Lloyd2016-02-071-4/+13
|
* Add extended master secret extension (RFC 7627) to TLSJack Lloyd2016-01-031-0/+4
| | | | Interop tested with mbed TLS
* Add remove_all to TLS session manager interfaceJack Lloyd2015-11-131-10/+9
| | | | DB::spin now returns the number of rows affected
* lib/tls: Convert &vec[0] to vec.data()Simon Warta2015-06-231-4/+4
|
* Support any key length for TLS session encryption by hashing with HMAClloyd2015-01-101-4/+16
|
* Ensure all files have copyright and license info.lloyd2015-01-101-1/+1
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-081-10/+26
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-041-6/+11
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Guess I won't be needing theselloyd2014-01-181-1/+0
|
* Move lib into srclloyd2014-01-101-0/+177