aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Fix various bugs found by Coverity scanner.lloyd2015-05-153-0/+7
| | | | | | | Uninitialized variables, missing divide by zero checks, missing virtual destructor, etc. Only thing serious is bug in TLS maximum fragment decoder; missing breaks in switch statement meant receiver would treat any negotiated max frament as 4k limit.
* Remove RC4 (and all support for stream ciphers) from TLSlloyd2015-05-153-50/+5
|
* Add ALPN (RFC 7301) and remove NPNlloyd2015-03-2018-316/+138
|
* Hide Algorithm_Factory and use the functions in lookup.h internally.lloyd2015-03-043-18/+14
| | | | | | Fix two memory leaks (in TLS and modes) caused by calling get_foo and then cloning the result before saving it (leaking the original object), a holdover from the conversion between construction techniques in 1.11.14
* Add new module `ffi` which provides a plain C interface, plus a newlloyd2015-02-161-3/+3
| | | | | | | | | | | | ctypes Python wrapper that uses it. The API is intentionally designed to have a very simple ABI (extern "C", all structs are opaque, no memory ownership passing the FFI boundary, limited set of simple types as args) so the ctypes wrapper is quite simple. Currently ffi provides ciphers, hashes, MACs, RNGs, PBKDF, KDF, bcrypt, and most public key operations. Remove the old boost.python wrapper and all the build code for it.
* Remove algo factory, engines, global RNG, global state, etc.lloyd2015-02-047-20/+45
| | | | | | | | | | | | | | | Convert all uses of Algorithm_Factory and the engines to using Algo_Registry The shared pool of entropy sources remains but is moved to EntropySource. With that and few remaining initializations (default OIDs and aliases) moved elsewhere, the global state is empty and init and shutdown are no-ops. Remove almost all of the headers and code for handling the global state, except LibraryInitializer which remains as a compatability stub. Update seeding for blinding so only one hacky almost-global RNG instance needs to be setup instead of across all pubkey uses (it uses either the system RNG or an AutoSeeded_RNG if the system RNG is not available).
* Convert PK operations to using Algo_Registry instead of Engine.lloyd2015-02-034-6/+4
| | | | Remove global PRNG.
* Add missing files. Remove cipher lookup from engine code.lloyd2015-02-012-17/+10
|
* Add a runtime map of string->func() which when called returnlloyd2015-01-283-42/+58
| | | | | | | | | | | | | | | | | Transforms and BlockCiphers. Registration for all types is done at startup but is very cheap as just a std::function and a std::map entry are created, no actual objects are created until needed. This is a huge improvement over Algorithm_Factory which used T::clone() as the function and thus kept a prototype object of each type in memory. Replace existing lookup mechanisms for ciphers, AEADs, and compression to use the transform lookup. The existing Engine framework remains in place for BlockCipher, but the engines now just call to the registry instead of having hardcoded lookups. s/Transformation/Transform/ with typedefs for compatability. Remove lib/selftest code (for runtime selftesting): not the right approach.
* Add typedefs for function signatures/types used in TLS for easier readinglloyd2015-01-2713-92/+116
|
* Add Strict_Policy. Disable server initiated renegotiation by default.lloyd2015-01-232-13/+43
|
* Add support for configuring a TLS::Policy by text filelloyd2015-01-232-6/+163
|
* Update TLS OCB ciphersuites to match draft-zauner-tls-aes-ocb-00lloyd2015-01-213-3/+47
| | | | | and enable them in the default build, though still not enabled in the runtime policy.
* Remove SSLv3 and handling of SSLv2 client hellos.lloyd2015-01-1118-286/+38
|
* Support any key length for TLS session encryption by hashing with HMAClloyd2015-01-101-4/+16
|
* Ensure all files have copyright and license info.lloyd2015-01-1057-57/+57
| | | | | Update license header line to specify the terms and refer to the file, neither of which it included before.
* Change TLS session encryption to use AES-256/GCM instead of CBC+HMAClloyd2015-01-082-12/+26
|
* Support setting the number of pad bytes in a heartbeat message. Uselloyd2015-01-075-70/+86
| | | | | random instead of all-zero padding. Check on sanity of received pads to the extent possible. Bugzilla 269.
* Remove config used for testing DTLS-SRTPlloyd2015-01-041-3/+2
|
* Add DTLS-SRTP key establishment from RFC 5764 (required for WebRTC).lloyd2015-01-0411-134/+293
| | | | | | | | | | | | | | Github issue 27. Refactor server hello handling to make it easier to handle other extensions. The manual specified that 224 bit NIST primes were disabled by default for TLS but they were not. Additionaly disable the 256k1 curve and reorder the remaining curves by size. Rewrite the max fragment length extension code to roughly what an ideal compiler would have turned the original code into, using a switch instead of a lookup into a small constant std::map.
* Add ChaCha20Poly1305 TLS ciphersuites compatible with Google's implementationlloyd2014-12-317-95/+122
|
* Fix a couple things pointed out by VC++ warnings.lloyd2014-12-221-4/+0
|
* Add abstract database interface so applications can easily store infolloyd2014-12-207-244/+321
| | | | | | in places other than sqlite3, though sqlite3 remains the only implementation. The interface is currently limited to precisely the functionality the TLS session manager needs and will likely expand.
* Not helpfullloyd2014-11-161-1/+0
|
* A TLS Server can now process either TLS or DTLS but not either,lloyd2014-11-1510-75/+181
| | | | | with the setting set in the constructor. This prevents various surprising things from happening to applications and simplifies record processing.
* Replace Transformatio::nstart with start_raw so we can do a full setlloyd2014-11-051-3/+3
| | | | of overloads in the base class with the same name.
* Let TLS policy disable putting the timestamp in the hello random fieldslloyd2014-11-046-11/+25
|
* Typolloyd2014-11-041-1/+1
|
* Cleanup handling of TLS AEAD nonce sizes, push all knowledge of whatlloyd2014-11-036-186/+193
| | | | the nonce sizes should be down to the ciphersuite generating script.
* Various small fixes and cleanups, new is_prime utillloyd2014-11-031-4/+4
|
* Fix various warnings from VC++ 2014 and add missing includelloyd2014-10-314-6/+13
|
* No need to pass version by referencelloyd2014-10-312-2/+2
|
* Add TLS fallback signalling (draft-ietf-tls-downgrade-scsv-00)lloyd2014-10-319-26/+69
|
* If the server offers us a SCSV instead of a real ciphersuite send a fatal alertlloyd2014-10-303-0/+17
|
* Add support for DTLS handshake timeouts and retransmissions.lloyd2014-10-068-65/+224
|
* Specify version number in message when we reject due to policylloyd2014-10-062-2/+4
|
* Avoid initializer lists here, VC2013 doesn't like it. Github #18lloyd2014-05-012-5/+7
|
* Compile fixlloyd2014-04-131-2/+2
|
* Have TLS_Data_Reader decoding errors include the actual msg type namelloyd2014-04-1212-44/+47
|
* Verify that the server did not send any extension that the client didn'tlloyd2014-04-116-12/+41
| | | | offer. Previously the client only checked a couple of special cases.
* A std::deque's memory is not guaranteed to be contiguouslloyd2014-04-061-1/+1
|
* Add ECDHE_ECDSA CCM suiteslloyd2014-04-051-2/+14
|
* Compile fixeslloyd2014-02-082-1/+2
|
* Fix algo factory compilelloyd2014-01-182-2/+0
|
* Guess I won't be needing theselloyd2014-01-1817-17/+0
|
* More unique_ptrlloyd2014-01-182-2/+2
|
* Rename the various pubkey padding schemes to match the common names.lloyd2014-01-181-2/+2
| | | | Way back when, following IEEE 1363 naming seemed like a good idea. But not so much.
* Split up docs into the reference manual, the website, and everything else.lloyd2014-01-101-0/+2
| | | | | | | | | | | Add `website` target to makefile. Some progress towards fixing minimized builds. TLS now hard requires ECDSA and GCM since otherwise a minimized build has only insecure options. Remove boost_thread dependency in command line tool
* Move lib into srclloyd2014-01-1057-0/+11634