aboutsummaryrefslogtreecommitdiffstats
path: root/src/lib/tls
Commit message (Collapse)AuthorAgeFilesLines
* Introduce TLS::Callbacks::tls_current_timestamp()René Meusel2022-05-1811-34/+44
|
* review commentsRené Meusel2022-04-053-2/+3
|
* include what you useRené Meusel2022-04-054-1/+4
|
* Remove redundant TLS_Policy::use_extended_master_secret()René Meusel2022-04-053-28/+0
| | | | | For TLS 1.2 EMS is always enabled and TLS 1.3 won't need this extension anyway.
* prepare TLS 1.2 for addition of TLS 1.3Hannes Rantzsch2022-04-0458-2722/+4168
| | | | | | | | Co-authored-by: René Meusel <[email protected]> Co-authored-by: Marek Kocik <[email protected]> Co-authored-by: Grzegorz Dulewicz <[email protected]> Co-authored-by: Pawel Bazelewski <[email protected]> Co-authored-by: Pawel Jarosz <[email protected]>
* Merge pull request #2947 from neXenio/tls13/transitionsRené Meusel2022-04-045-138/+249
|\ | | | | [TLS 1.3] Extract Handshake_Transitions from Handshake_State
| * Extract helper for handshake message transitionsRené Meusel2022-04-045-138/+249
| | | | | | | | | | | | | | The extracted class `Handshake_Transitions` will be used independently from the TLS 1.2 `Handshake_State` in the upcoming TLS 1.3 code base. Co-Authored-By: Hannes Rantzsch <[email protected]>
* | Additional convenience methods for TLS_Data_ReaderRené Meusel2022-04-041-2/+25
|/ | | | Co-Authored-By: Hannes Rantzsch <[email protected]>
* More clang-tidy fixesJack Lloyd2022-02-101-3/+2
|
* Use C++17's concat namespace featureJack Lloyd2022-02-0630-149/+30
|
* Constify these variablesJack Lloyd2022-02-061-3/+3
|
* Some fixes for modernize-loop-convertJack Lloyd2022-02-066-28/+36
|
* Fix clang-tidy readability-named-parameterJack Lloyd2022-02-065-25/+25
|
* Fix clang-tidy readability-container-size-empty warningsJack Lloyd2022-02-0613-25/+25
|
* Fix clang-tidy performance warningsJack Lloyd2022-02-069-14/+15
|
* Text_Policy ignores 25519 if unsupported by buildHannes Rantzsch2022-02-011-0/+5
| | | | Co-authored-by: René Meusel <[email protected]>
* Check the TLS record type immediately on decodingJack Lloyd2021-12-111-6/+26
| | | | | | | We would have rejected this later on anyway but there is no reason not to immediately close. GH #2754
* FIX: review commentRené Meusel2021-11-151-1/+1
| | | | Co-Authored-By: Hannes Rantzsch <[email protected]>
* detect unknown ciphers when parsing TLS sessionRené Meusel2021-10-291-1/+9
|
* remove default c'tor from TLS::CiphersuiteRené Meusel2021-10-283-22/+22
|
* Ciphersuite::by_id() ::from_name() return a std::optionalRené Meusel2021-10-288-20/+41
|
* Make get_byte take a compile-time constant indexJack Lloyd2021-04-1611-55/+55
| | | | Add get_byte_var for the few cases that need a variable index
* Merge GH #2709 Avoid using deprecated PBKDF interface within the libraryJack Lloyd2021-04-081-16/+24
|\
| * Avoid now-deprecated PBKDF interface within the libraryJack Lloyd2021-04-081-16/+24
| |
* | Avoid raw pointers in TLSJack Lloyd2021-04-0810-37/+39
|/
* Avoid raw pointers in Cipher_ModeJack Lloyd2021-04-071-2/+3
|
* KDF::createJack Lloyd2021-04-055-7/+7
|
* Merge GH #2697 More removal of raw pointersJack Lloyd2021-04-053-7/+7
|\
| * More raw pointer removalJack Lloyd2021-04-053-7/+7
| |
* | Remove obsolete commentJack Lloyd2021-04-051-13/+0
|/ | | | No TLS 1.0 anymore
* Post rebase fixesJack Lloyd2021-04-018-20/+6
|
* Remove SCSVJack Lloyd2021-04-014-25/+0
|
* Remove TLS 1.0/1.1 and DTLS 1.0Jack Lloyd2021-04-0123-349/+63
|
* Merge GH #2667 Make TLS::Stream compatible with Boost.Asio extensible modelJack Lloyd2021-03-312-103/+126
|\
| * TLS::Stream Asio extensible model compatibilityHannes Rantzsch2021-03-301-71/+81
| | | | | | | | | | Async functions can now handle generic completion tokens rather than callback functions only. Fixes #2648
| * fix: forward executor through async_shutdown wrapperHannes Rantzsch2021-03-291-19/+27
| |
| * add virtual destructors for asio error typesHannes Rantzsch2021-03-291-13/+18
| |
* | Add HTTP detection logic and update the Bogo shimJack Lloyd2021-03-291-0/+18
| |
* | Try to reject non-TLS messages very earlyJack Lloyd2021-03-291-0/+10
|/ | | | | | Otherwise sending a non-TLS message (eg sending HTTP to an HTTPS port) can easily lead to hangs as we wait for more of a client hello that is not coming.
* fix: TLS::Stream broke on being std::move'dHannes Rantzsch2021-03-121-31/+25
| | | | | | | | Fixes #2635 * Add a regression test * Avoid breaking Stream reference within StreamCore by inverting dependencies
* Remove old scalar typedefs when we are building the libraryJack Lloyd2021-03-071-1/+1
| | | | Update a few residual uses of byte typedef to uint8_t
* Cleanup to avoid unnecessary conditionalsJack Lloyd2021-02-151-6/+1
|
* Hash the entire client hello (except the cookie) for hello verifyJack Lloyd2021-02-153-16/+23
| | | | | This makes it simpler to statelessly verify a DTLS cookie without having to fully parse the initial client hello. (GH #2320)
* Correct ALPN callback documentationJack Lloyd2021-02-131-5/+13
|
* Remove support for SHA-1 signatures in TLS 1.2Jack Lloyd2021-02-135-39/+13
|
* Don't use shouting case for ASN1_{Type,Class} valuesJack Lloyd2021-01-131-11/+11
| | | | | Leftover from it being an old style enum, and now that we have split them there is not any further compatability concern.
* Split ASN1 tags enum class into 2 enum classessledgehammer_9992021-01-111-11/+11
| | | | This should improve type safety even more.
* Convert ASN1_Tag to an enum classJack Lloyd2020-12-201-13/+13
|
* Enable BoringSSL SSLv3 testsJack Lloyd2020-12-091-1/+1
| | | | | | Previously these tested SSLv3 functionality but now BoringSSL has also removed SSLv3 so the remaining test is just to confirm that SSLv3 can't be negotiated.
* Update the BoringSSL runner and update the shimJack Lloyd2020-12-058-4/+48
| | | | | | | Notable changes are checking if a message is sent past a flight boundary, and some new policy logic to distinguish between signature algorithms that we will accept and signature algorithms which we are willing to use ourselves.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-03 23:34:56 +0000