aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/finished.cpp
Commit message (Collapse)AuthorAgeFilesLines
* Rename all the message source files to msg_lloyd2012-08-031-104/+0
|
* Combine Handshake_Writer and Handshake_Reader into Handshake_IO.lloyd2012-08-031-3/+3
| | | | | | | | This is mostly just a minor code savings for TLS, but it actually seems important for DTLS because getting a handshake message can be a trigger for retransmitting previously sent handshake messages in some circumstances. Having the reading and writing all in one layer makes it a bit easier to accomplish that.
* Add a class that handles writing handshake messages instead of pushinglloyd2012-07-161-3/+3
| | | | that task to Record_Writer. Needed for DTLS work.
* Fairly huge update that replaces the old secmem types with std::vectorlloyd2012-05-181-7/+7
| | | | | | using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
* propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵lloyd2012-03-301-3/+4
|\ | | | | | | | | | | 63b88a65b699c95ef839bc18336bceccfbfabd2e) to branch 'net.randombit.botan.cxx11' (head 1adcc46808b403b8f6bf1669f022e65f9c30e8ea)
| * Add an abstraction for reading handshake messages (as DTLS handles itlloyd2012-03-051-2/+2
| | | | | | | | | | | | | | | | quite differently). Avoid using a queue for reading certificates. Hide the version code in the handshake state with a getter and setter.
| * Move the handshake serialization code to Record_Writerlloyd2012-03-031-1/+2
| |
* | Merge fixups. Add locking to default session manager. Use chrono liblloyd2012-02-201-1/+1
|/ | | | and unique_ptr.
* Support alternate PRF hashes in TLS 1.2. Add support for the SHA-384lloyd2012-01-281-16/+2
| | | | ciphersuites.
* Make Alert a first class object ala Version. Move the alert codes intolloyd2012-01-261-1/+1
| | | | the Alert class for namespacing.
* Make the version number a proper class, makes many things much easierlloyd2012-01-231-6/+4
| | | | for such a minor change.
* Since this branch is hugely API breaking already, go ahead and putlloyd2012-01-231-4/+8
| | | | | everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
* A change to Finished in 687c3c7dccdd2f5e4825bdb60155c7bfba22339f brokelloyd2012-01-201-3/+5
| | | | | | | | | SSLv3 handshakes: we need to copy the handshake state when we computed the finished data in the SSLv3 case because we need to add a little bit of data onto the end, but we don't want to include that data with the next computation. This meant that the finished message a client sent us was fine, but the one we sent out had a bad finished value and was rejected.
* Kinda maybe working TLS 1.2 for clients. Not well tested at all, but alloyd2012-01-191-6/+21
| | | | | | | | basic connection with a GnuTLS server does work. Currently we don't respect the signature_algorithms extension at all, and using SHA-256 with a 12-byte finished value is hardcoded though the spec is that it can depend on the ciphersuite (likely relevant for GOST ciphersuites in particular).
* Remove Handshake_Message::deserialize which was an unnecessary hook.lloyd2012-01-191-1/+1
| | | | | | Instead deserialize directly in the constructors that are passed the raw message data. This makes it easier to pass contextual information needed for decoding (eg, version numbers) where necessary.
* I'm not sure if I like this asthetically, but passing around thelloyd2012-01-191-54/+49
| | | | | | | | | | | | | | | | | | entire handshake state in many cases makes things simpler to update, in that each message type already knows what it needs depending on the version, params, etc, and this way a) that knowledge doesn't need to percolate up the the actual client and server handshake code and b) each message type can be updated for new formats/version without having to change its callers. Downside is it hides the dependency information away, and makes it non-obvious what needs to be created beforehand for each message to work correctly. However this is (almost) entirely predicated on the handshake message flows, and these we control with the next expected message scheme, so this should be fairly safe to do. This checkin only updates the ones where it was immediately relevant but for consistency probably all of them should be updated in the same way.
* Many renegotiation fixes. Add support for the secure renegotiationlloyd2011-12-301-7/+9
| | | | | extension (client side only at the moment). Add an interface that allows applications to request renegotiation.
* Clean up the ordering of constructor args to the various message typeslloyd2011-12-291-3/+4
|
* Working though hacking client verify (server side only). Only supportslloyd2011-12-281-3/+3
| | | | | TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested so far.
* Initial hooks for session resumptionlloyd2011-12-231-5/+5
|
* Rename ssl module to tlslloyd2011-12-231-0/+100