aboutsummaryrefslogtreecommitdiffstats
path: root/src/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Make TLS_Policy::check_cert pure virtuallloyd2010-11-292-9/+8
|
* If no TR1 is defined for use, error out here.lloyd2010-11-031-2/+4
| | | | | Also put using namespace inside the Botan namespace rather than in the global ns!
* Make MemoryRegion::set protected, change all callerslloyd2010-10-292-2/+4
|
* Cleanuplloyd2010-10-293-3/+2
|
* Remove socket dependency from TLS_Server, instead interacting withlloyd2010-10-293-17/+20
| | | | generic std::functions for I/O
* Make TLS_Client entirely via callbacks, not talking to Socket directlylloyd2010-10-192-43/+28
|
* Make Record_Writer call a callback instead of writing directly to the socketlloyd2010-10-195-10/+20
|
* Run MAC as standalone object instead of running it through a Pipe atlloyd2010-10-193-48/+56
| | | | record layer.
* Last u32bit->size_t for ssllloyd2010-10-1510-101/+108
|
* More size_tlloyd2010-10-153-30/+30
|
* Use size_t in ssllloyd2010-10-1512-75/+75
|
* Use size_t in filterslloyd2010-10-122-2/+2
| | | | | This breaks API for anyone creating their own Filter types, but it had to happen eventually.
* Remove debug.h includelloyd2010-10-071-1/+0
|
* Split up src/cert/x509 into a set of modules, though mostly mutuallylloyd2010-09-171-1/+1
| | | | dependent right now.
* Require a TLS_Policylloyd2010-09-179-64/+60
|
* Add a helper function for encoding TLS values with length tagginglloyd2010-09-156-47/+60
|
* Update/fix SSL depslloyd2010-09-151-6/+5
|
* Hide a number of the internal SSL headers from the user, you can stilllloyd2010-09-1518-28/+32
| | | | see too much but better than before.
* Update all uses of MemoryRegion::append to use either push_back or operator+=lloyd2010-09-159-59/+61
|
* Remove more implicit vector to pointer conversionslloyd2010-09-141-1/+1
|
* More changes to avoid vector to pointer implicit conversionslloyd2010-09-144-9/+9
|
* Remove constructors of MemoryVector and SecureVector that took twolloyd2010-09-131-2/+8
| | | | MemoryRegions and concatenated them.
* More vector->pointer conversion removals.lloyd2010-09-134-13/+14
| | | | | | | | | | | Add RandomNumberGenerator::random_vec, which takes an length n and returns a new SecureVector with randomized contents of that size. This nicely covers most of the cases where randomize was being called on a vector, and is a little cleaner in the code as well, instead of vec.resize(length); rng.randomize(&vec[0], vec.size()); we just write vec = rng.random_vec(length);
* Anywhere where we use MemoryRegion::begin to get access to the raw pointerlloyd2010-09-134-4/+6
| | | | | representation (rather than in an interator context), instead use &buf[0], which works for both MemoryRegion and std::vector
* Really fix RC4 suites - it was set to use a key of 128 bytes == 1024 bits!lloyd2010-09-081-1/+1
| | | | Tested against a GnuTLS server.
* Rename MemoryRegion::destroy to MemoryRegion::clear to match STLlloyd2010-09-081-2/+2
|
* Fix RC4 suiteslloyd2010-09-081-1/+1
|
* Big, invasive but mostly automated change, with a further attempt atlloyd2010-09-072-2/+4
| | | | | | | | | | | | | | harmonising MemoryRegion with std::vector: The MemoryRegion::clear() function would zeroise the buffer, but keep the memory allocated and the size unchanged. This is very different from STL's clear(), which is basically the equivalent to what is called destroy() in MemoryRegion. So to be able to replace MemoryRegion with a std::vector, we have to rename destroy() to clear() and we have to expose the current functionality of clear() in some other way, since vector doesn't support this operation. Do so by adding a global function named zeroise() which takes a MemoryRegion which is zeroed. Remove clear() to ensure all callers are updated.
* Prevent loop variable shadowinglloyd2010-09-071-12/+12
|
* Remove trailing comma from enum decllloyd2010-09-071-1/+1
|
* Add dependencies for SSL modulelloyd2010-09-031-0/+20
|
* More Doxygen commentslloyd2010-06-161-0/+8
|
* More Doxygen updates/fixeslloyd2010-06-151-0/+3
|
* Fix a few hundred Doxygen warningslloyd2010-06-151-4/+4
|
* Fix comparison to use IVs with a hypothetical negotiated TLS that useslloyd2010-06-092-2/+2
| | | | a larger major version #.
* Use "/*" instead of "/**" in starting comments at the begining of a file.lloyd2010-06-0730-42/+42
| | | | | This caused Doxygen to think this was markup meant for it, which really caused some clutter in the namespace page.
* OpenBSD doesn't have MSG_NOSIGNAL; you need to set up a signal handlerlloyd2010-06-011-1/+0
| | | | | | | | to catch SIGPIPE instead. Simply avoid building the unix_socket module there. Yet another reason to move to a fully async/event-based interface that doesn't interact with sockets directly.
* Use memcpy to copy gethostbyname's result to the socket info structlloyd2010-05-101-0/+5
| | | | | instead of doing cast+assign - GCC on SPARC rejects because the required alignment increases.
* Remove add_entropy_vec. Much cleaner way of doing this: add the entirelloyd2010-04-272-4/+4
| | | | contents of all SSL/TLS handshake messages into the PRNG input.
* Add the other parties Random value to the local PRNG statelloyd2010-04-232-0/+4
|
* Return SecureVector vals by const reflloyd2010-04-231-4/+4
|
* Extension codes for ECC negotiationlloyd2010-04-211-0/+3
|
* If we couldn't agree on a suite, fail immediatelylloyd2010-04-201-0/+5
|
* Compile fixlloyd2010-04-201-1/+1
|
* Expose function breaking down ciphersuite to algo valueslloyd2010-04-192-3/+5
|
* Add codes for SHA-1 based ECC suites (RFC 4492).lloyd2010-04-192-25/+81
|
* Add support for SEED ciphersuites. Tested against OpenSSL 0.9.8nlloyd2010-04-173-0/+24
|
* Add support for reading SSLv2 client helloslloyd2010-04-175-8/+86
|
* Clean up ciphersuite handlinglloyd2010-04-177-91/+273
|
* If the CBC padding is incorrect, then assume the pad size is zero andlloyd2010-04-091-4/+10
| | | | | | | | carry on with the procedure. This prevents a timing attack where an attacker could distinguish bad padding vs MAC failure. This timing channel used in the paper "Password Interception in a SSL/TLS Channel" by Vaudenay et. al. to attack SSL in certain fairly realistic use scenarios.