aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl/rec_read.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Send the renegotiation extension SCSV in the the client hellos, andlloyd2012-06-121-0/+1
| | | | | have both clients and servers completely ignore renegotiation attempts.
* A bad decrypt on a TLS 1.0/1.1 message would cause a mostly infinitelloyd2011-12-311-1/+6
| | | | | loop (size_t overflow), likely causing a segfault. Not exploitable as far as I can tell, beyond the obvious crashing.
* I can't spelllloyd2011-05-131-2/+2
|
* Run MAC as standalone object instead of running it through a Pipe atlloyd2010-10-191-15/+18
| | | | record layer.
* Last u32bit->size_t for ssllloyd2010-10-151-8/+8
|
* More size_tlloyd2010-10-151-10/+10
|
* Remove debug.h includelloyd2010-10-071-1/+0
|
* More vector->pointer conversion removals.lloyd2010-09-131-1/+1
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-131-1/+1
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-071-1/+3
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Fix a few hundred Doxygen warningslloyd2010-06-151-4/+4
|
* Fix comparison to use IVs with a hypothetical negotiated TLS that useslloyd2010-06-091-1/+1
| | | | a larger major version #.
* Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-071-1/+1
| | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* Add support for reading SSLv2 client helloslloyd2010-04-171-0/+29
|
* If the CBC padding is incorrect, then assume the pad size is zero andlloyd2010-04-091-4/+10
| | | | | | | | carry on with the procedure. This prevents a timing attack where an attacker could distinguish bad padding vs MAC failure. This timing channel used in the paper "Password Interception in a SSL/TLS Channel" by Vaudenay et. al. to attack SSL in certain fairly realistic use scenarios.
* Add support for TLS v1.1's per-record random IV. Tested against GnuTLS server.lloyd2010-03-301-5/+12
|
* Rename pad_amount to block_size, more accurate/descriptivelloyd2010-03-301-5/+7
|
* Remove the bits for supporting compression - it was never actuallylloyd2010-03-251-11/+0
| | | | | supported, and compression can come later on when the overall architecture is more solid/stable.
* Make Record_Reader event driven. Callers (eg TLS_Client andlloyd2010-03-231-27/+41
| | | | | TLS_Server) are not; they instead loop blocking on the socket. Will move the event-driven behavior upwards as I go.
* Rename Policy to TLS_Policy.lloyd2010-02-161-1/+1
| | | | Put TLS_ in all the header guards to reduce the odds of conflicts.
* Various minor SSL fixeslloyd2010-02-141-3/+3
|
* Import latest version of Ajisai into src/ssl; once this hits mainlinelloyd2010-01-111-0/+204
I'll officially kill off Ajisai (instead of it just lingering as a zombine as it is currently). Apparently I broke something (or multiple things) during the import process; servers crash and clients gets MAC errors on connect.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-12 05:47:39 +0000