Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Make MemoryRegion::set protected, change all callers | lloyd | 2010-10-29 | 2 | -2/+4 |
| | |||||
* | Cleanup | lloyd | 2010-10-29 | 3 | -3/+2 |
| | |||||
* | Remove socket dependency from TLS_Server, instead interacting with | lloyd | 2010-10-29 | 3 | -17/+20 |
| | | | | generic std::functions for I/O | ||||
* | Make TLS_Client entirely via callbacks, not talking to Socket directly | lloyd | 2010-10-19 | 2 | -43/+28 |
| | |||||
* | Make Record_Writer call a callback instead of writing directly to the socket | lloyd | 2010-10-19 | 5 | -10/+20 |
| | |||||
* | Run MAC as standalone object instead of running it through a Pipe at | lloyd | 2010-10-19 | 3 | -48/+56 |
| | | | | record layer. | ||||
* | Last u32bit->size_t for ssl | lloyd | 2010-10-15 | 10 | -101/+108 |
| | |||||
* | More size_t | lloyd | 2010-10-15 | 3 | -30/+30 |
| | |||||
* | Use size_t in ssl | lloyd | 2010-10-15 | 12 | -75/+75 |
| | |||||
* | Use size_t in filters | lloyd | 2010-10-12 | 2 | -2/+2 |
| | | | | | This breaks API for anyone creating their own Filter types, but it had to happen eventually. | ||||
* | Remove debug.h include | lloyd | 2010-10-07 | 1 | -1/+0 |
| | |||||
* | Split up src/cert/x509 into a set of modules, though mostly mutually | lloyd | 2010-09-17 | 1 | -1/+1 |
| | | | | dependent right now. | ||||
* | Require a TLS_Policy | lloyd | 2010-09-17 | 9 | -64/+60 |
| | |||||
* | Add a helper function for encoding TLS values with length tagging | lloyd | 2010-09-15 | 6 | -47/+60 |
| | |||||
* | Update/fix SSL deps | lloyd | 2010-09-15 | 1 | -6/+5 |
| | |||||
* | Hide a number of the internal SSL headers from the user, you can still | lloyd | 2010-09-15 | 18 | -28/+32 |
| | | | | see too much but better than before. | ||||
* | Update all uses of MemoryRegion::append to use either push_back or operator+= | lloyd | 2010-09-15 | 9 | -59/+61 |
| | |||||
* | Remove more implicit vector to pointer conversions | lloyd | 2010-09-14 | 1 | -1/+1 |
| | |||||
* | More changes to avoid vector to pointer implicit conversions | lloyd | 2010-09-14 | 4 | -9/+9 |
| | |||||
* | Remove constructors of MemoryVector and SecureVector that took two | lloyd | 2010-09-13 | 1 | -2/+8 |
| | | | | MemoryRegions and concatenated them. | ||||
* | More vector->pointer conversion removals. | lloyd | 2010-09-13 | 4 | -13/+14 |
| | | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length); | ||||
* | Anywhere where we use MemoryRegion::begin to get access to the raw pointer | lloyd | 2010-09-13 | 4 | -4/+6 |
| | | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector | ||||
* | Really fix RC4 suites - it was set to use a key of 128 bytes == 1024 bits! | lloyd | 2010-09-08 | 1 | -1/+1 |
| | | | | Tested against a GnuTLS server. | ||||
* | Rename MemoryRegion::destroy to MemoryRegion::clear to match STL | lloyd | 2010-09-08 | 1 | -2/+2 |
| | |||||
* | Fix RC4 suites | lloyd | 2010-09-08 | 1 | -1/+1 |
| | |||||
* | Big, invasive but mostly automated change, with a further attempt at | lloyd | 2010-09-07 | 2 | -2/+4 |
| | | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated. | ||||
* | Prevent loop variable shadowing | lloyd | 2010-09-07 | 1 | -12/+12 |
| | |||||
* | Remove trailing comma from enum decl | lloyd | 2010-09-07 | 1 | -1/+1 |
| | |||||
* | Add dependencies for SSL module | lloyd | 2010-09-03 | 1 | -0/+20 |
| | |||||
* | More Doxygen comments | lloyd | 2010-06-16 | 1 | -0/+8 |
| | |||||
* | More Doxygen updates/fixes | lloyd | 2010-06-15 | 1 | -0/+3 |
| | |||||
* | Fix a few hundred Doxygen warnings | lloyd | 2010-06-15 | 1 | -4/+4 |
| | |||||
* | Fix comparison to use IVs with a hypothetical negotiated TLS that uses | lloyd | 2010-06-09 | 2 | -2/+2 |
| | | | | a larger major version #. | ||||
* | Use "/*" instead of "/**" in starting comments at the begining of a file. | lloyd | 2010-06-07 | 30 | -42/+42 |
| | | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page. | ||||
* | OpenBSD doesn't have MSG_NOSIGNAL; you need to set up a signal handler | lloyd | 2010-06-01 | 1 | -1/+0 |
| | | | | | | | | to catch SIGPIPE instead. Simply avoid building the unix_socket module there. Yet another reason to move to a fully async/event-based interface that doesn't interact with sockets directly. | ||||
* | Use memcpy to copy gethostbyname's result to the socket info struct | lloyd | 2010-05-10 | 1 | -0/+5 |
| | | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases. | ||||
* | Remove add_entropy_vec. Much cleaner way of doing this: add the entire | lloyd | 2010-04-27 | 2 | -4/+4 |
| | | | | contents of all SSL/TLS handshake messages into the PRNG input. | ||||
* | Add the other parties Random value to the local PRNG state | lloyd | 2010-04-23 | 2 | -0/+4 |
| | |||||
* | Return SecureVector vals by const ref | lloyd | 2010-04-23 | 1 | -4/+4 |
| | |||||
* | Extension codes for ECC negotiation | lloyd | 2010-04-21 | 1 | -0/+3 |
| | |||||
* | If we couldn't agree on a suite, fail immediately | lloyd | 2010-04-20 | 1 | -0/+5 |
| | |||||
* | Compile fix | lloyd | 2010-04-20 | 1 | -1/+1 |
| | |||||
* | Expose function breaking down ciphersuite to algo values | lloyd | 2010-04-19 | 2 | -3/+5 |
| | |||||
* | Add codes for SHA-1 based ECC suites (RFC 4492). | lloyd | 2010-04-19 | 2 | -25/+81 |
| | |||||
* | Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8n | lloyd | 2010-04-17 | 3 | -0/+24 |
| | |||||
* | Add support for reading SSLv2 client hellos | lloyd | 2010-04-17 | 5 | -8/+86 |
| | |||||
* | Clean up ciphersuite handling | lloyd | 2010-04-17 | 7 | -91/+273 |
| | |||||
* | If the CBC padding is incorrect, then assume the pad size is zero and | lloyd | 2010-04-09 | 1 | -4/+10 |
| | | | | | | | | carry on with the procedure. This prevents a timing attack where an attacker could distinguish bad padding vs MAC failure. This timing channel used in the paper "Password Interception in a SSL/TLS Channel" by Vaudenay et. al. to attack SSL in certain fairly realistic use scenarios. | ||||
* | Present requested hostname (SNI extn) to TLS_Server user | lloyd | 2010-03-30 | 2 | -0/+6 |
| | |||||
* | Remove bad filename | lloyd | 2010-03-30 | 1 | -1/+0 |
| |