Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | More Doxygen comments | lloyd | 2010-06-16 | 1 | -0/+8 |
| | |||||
* | More Doxygen updates/fixes | lloyd | 2010-06-15 | 1 | -0/+3 |
| | |||||
* | Fix a few hundred Doxygen warnings | lloyd | 2010-06-15 | 1 | -4/+4 |
| | |||||
* | Fix comparison to use IVs with a hypothetical negotiated TLS that uses | lloyd | 2010-06-09 | 2 | -2/+2 |
| | | | | a larger major version #. | ||||
* | Use "/*" instead of "/**" in starting comments at the begining of a file. | lloyd | 2010-06-07 | 30 | -42/+42 |
| | | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page. | ||||
* | OpenBSD doesn't have MSG_NOSIGNAL; you need to set up a signal handler | lloyd | 2010-06-01 | 1 | -1/+0 |
| | | | | | | | | to catch SIGPIPE instead. Simply avoid building the unix_socket module there. Yet another reason to move to a fully async/event-based interface that doesn't interact with sockets directly. | ||||
* | Use memcpy to copy gethostbyname's result to the socket info struct | lloyd | 2010-05-10 | 1 | -0/+5 |
| | | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases. | ||||
* | Remove add_entropy_vec. Much cleaner way of doing this: add the entire | lloyd | 2010-04-27 | 2 | -4/+4 |
| | | | | contents of all SSL/TLS handshake messages into the PRNG input. | ||||
* | Add the other parties Random value to the local PRNG state | lloyd | 2010-04-23 | 2 | -0/+4 |
| | |||||
* | Return SecureVector vals by const ref | lloyd | 2010-04-23 | 1 | -4/+4 |
| | |||||
* | Extension codes for ECC negotiation | lloyd | 2010-04-21 | 1 | -0/+3 |
| | |||||
* | If we couldn't agree on a suite, fail immediately | lloyd | 2010-04-20 | 1 | -0/+5 |
| | |||||
* | Compile fix | lloyd | 2010-04-20 | 1 | -1/+1 |
| | |||||
* | Expose function breaking down ciphersuite to algo values | lloyd | 2010-04-19 | 2 | -3/+5 |
| | |||||
* | Add codes for SHA-1 based ECC suites (RFC 4492). | lloyd | 2010-04-19 | 2 | -25/+81 |
| | |||||
* | Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8n | lloyd | 2010-04-17 | 3 | -0/+24 |
| | |||||
* | Add support for reading SSLv2 client hellos | lloyd | 2010-04-17 | 5 | -8/+86 |
| | |||||
* | Clean up ciphersuite handling | lloyd | 2010-04-17 | 7 | -91/+273 |
| | |||||
* | If the CBC padding is incorrect, then assume the pad size is zero and | lloyd | 2010-04-09 | 1 | -4/+10 |
| | | | | | | | | carry on with the procedure. This prevents a timing attack where an attacker could distinguish bad padding vs MAC failure. This timing channel used in the paper "Password Interception in a SSL/TLS Channel" by Vaudenay et. al. to attack SSL in certain fairly realistic use scenarios. | ||||
* | Present requested hostname (SNI extn) to TLS_Server user | lloyd | 2010-03-30 | 2 | -0/+6 |
| | |||||
* | Remove bad filename | lloyd | 2010-03-30 | 1 | -1/+0 |
| | |||||
* | Instead of just discarding the extension size, confirm that the | lloyd | 2010-03-30 | 1 | -1/+4 |
| | | | | | claimed length matches the length of the data left in the client hello packet. | ||||
* | Support TLS Extensions, specifically SNI | lloyd | 2010-03-30 | 1 | -35/+29 |
| | |||||
* | Constify assert_at_least. Add some helpers | lloyd | 2010-03-30 | 1 | -1/+17 |
| | |||||
* | Add some magic numbers for TLS extension codes | lloyd | 2010-03-30 | 1 | -0/+11 |
| | |||||
* | Add a class that knows how to decode a (very small subset of) TLS data | lloyd | 2010-03-30 | 6 | -61/+249 |
| | | | | | | formatting. Particularly useful in the ClientHello, but generally helps centralize the offset handling, which was particularly unreadable in the hello messages. | ||||
* | Don't fail simply because the client sent a version code that we don't | lloyd | 2010-03-30 | 1 | -6/+0 |
| | | | | | | | | know about; just continue and the server will choose either whatever the client supports, if it knows about it, or else the latest version it supports. So for instance if a client attempts to negotiate TLS 1.2, we'll not know about that version and return a ServerHello for 1.1 instead. | ||||
* | Fix server handshake. | lloyd | 2010-03-30 | 2 | -15/+14 |
| | | | | Support TLS 1.1 servers | ||||
* | Fix DSA TLS servers | lloyd | 2010-03-30 | 1 | -1/+1 |
| | |||||
* | Add support for TLS v1.1's per-record random IV. Tested against GnuTLS server. | lloyd | 2010-03-30 | 7 | -12/+46 |
| | |||||
* | Rename pad_amount to block_size, more accurate/descriptive | lloyd | 2010-03-30 | 3 | -12/+20 |
| | |||||
* | Also remove compression bits from record writer | lloyd | 2010-03-25 | 1 | -14/+4 |
| | |||||
* | Remove single byte versions of read and write - caused problems with overloads | lloyd | 2010-03-25 | 1 | -3/+0 |
| | | | | for bind/function | ||||
* | Remove the bits for supporting compression - it was never actually | lloyd | 2010-03-25 | 2 | -19/+4 |
| | | | | | supported, and compression can come later on when the overall architecture is more solid/stable. | ||||
* | Use size_t for lengths in Socket interface | lloyd | 2010-03-25 | 3 | -9/+9 |
| | |||||
* | Remove printfs | lloyd | 2010-03-23 | 1 | -17/+0 |
| | |||||
* | Make Record_Reader event driven. Callers (eg TLS_Client and | lloyd | 2010-03-23 | 6 | -45/+132 |
| | | | | | TLS_Server) are not; they instead loop blocking on the socket. Will move the event-driven behavior upwards as I go. | ||||
* | Include <netinet/in.h>; needed on FreeBSD at least | lloyd | 2010-03-10 | 1 | -1/+2 |
| | |||||
* | Rename PK_Encryptor_MR_with_EME and PK_Decryptor_MR_with_EME to | lloyd | 2010-03-08 | 1 | -2/+2 |
| | | | | | PK_Encryptor_EME and PK_Decryptor_EME; the message recovery is somewhat implicit in the recovery of the plaintext. | ||||
* | Modify pubkey classes to take names instead of object pointers. | lloyd | 2010-03-08 | 3 | -65/+71 |
| | | | | | Remove use of look_pk from the source and examples, instead instantiate classes directly. | ||||
* | Remove some unnecessary usages of PK_Signing_Key | lloyd | 2010-03-04 | 2 | -53/+30 |
| | |||||
* | Client_Key_Exchange needs modification for DH changes | lloyd | 2010-03-04 | 1 | -14/+14 |
| | |||||
* | Unused variable warning in catch statement | lloyd | 2010-03-03 | 1 | -1/+1 |
| | |||||
* | Use the canonical header guard form in handshake_hash.h otherwise the | lloyd | 2010-02-17 | 1 | -2/+2 |
| | | | | alamgamation generator horks. | ||||
* | Add alert code for PSK/SRP (unknown identity) | lloyd | 2010-02-17 | 1 | -0/+2 |
| | |||||
* | Naming scheme for DL groups has changed | lloyd | 2010-02-17 | 1 | -1/+1 |
| | |||||
* | Remove use of old PKCS8_ and X509_ typedefs | lloyd | 2010-02-16 | 10 | -49/+62 |
| | |||||
* | Rename Policy to TLS_Policy. | lloyd | 2010-02-16 | 31 | -152/+103 |
| | | | | Put TLS_ in all the header guards to reduce the odds of conflicts. | ||||
* | Various minor SSL fixes | lloyd | 2010-02-14 | 13 | -42/+42 |
| | |||||
* | Import latest version of Ajisai into src/ssl; once this hits mainline | lloyd | 2010-01-11 | 33 | -0/+4350 |
I'll officially kill off Ajisai (instead of it just lingering as a zombine as it is currently). Apparently I broke something (or multiple things) during the import process; servers crash and clients gets MAC errors on connect. |