aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls/tls_channel.cpp
Commit message (Collapse)AuthorAgeFilesLines
* In Channel, pre-size the IO buffers to 16K to avoid excess allocations.lloyd2013-04-111-0/+7
| | | | Translate Integrity_Failure exceptions to bad_record_mac
* Add a param to Connection_Cipher_State so it knows which directionlloyd2013-04-101-0/+2
| | | | processing is happening.
* Move assert.h from internal to very public (included in types.h)lloyd2013-03-131-1/+0
| | | | | | This reduces friction to writing an assert, so hopefully there will be more of them as a result. And we can use asserts in public headers now, very useful for templates.
* Simplify this catchlloyd2013-02-111-6/+1
|
* Don't need to pass the sequence numbers struct in here, all we need islloyd2012-12-141-1/+1
| | | | the value we want to use this time.
* Add a Record struct to combine the record contents, type, sequence #,lloyd2012-12-101-31/+23
| | | | and version into a single value.
* Changes so DTLS handshake can send messages under different epochs, eglloyd2012-11-121-31/+40
| | | | for retransmitting a flight.
* Remove Channel::m_max_fragment. Instead derive it from the serverlloyd2012-11-071-10/+19
| | | | | | hello. This also fixes a bug where a client which sent the fragment limit would enforce it even for servers which did not support the extension.
* Remove Channel::m_connection_closed, instead deriving it from other statelloyd2012-11-071-6/+11
|
* Pass read_record a callback mapping epoch to cipher state so it canlloyd2012-11-061-42/+15
| | | | read out of order messages in DTLS.
* Add Channel::pending_state and Channel::active_state, use where possiblelloyd2012-11-061-73/+80
|
* Store cipher states in Channel instead of Handshake_State. Keep alllloyd2012-11-061-16/+93
| | | | | around by default, expiring them as they are no longer needed. Expiration logic for DTLS needs some work.
* Move Channel::is_{active,closed} to source filelloyd2012-11-011-0/+10
|
* Inline Channel::{read,write}_cipher_state, only one caller eachlloyd2012-09-141-20/+11
|
* Store the cipher states in the handshake state object as shared_ptrs.lloyd2012-09-131-34/+42
| | | | | | One notable change here is that after we send a close_alert, we ignore any data that follows. That is somewhat unfortunate actually, but overall this change is important (for DTLS).
* Remove Channel::m_secure_renegotiation, instead derive from current state.lloyd2012-09-121-45/+23
|
* Formattinglloyd2012-09-111-2/+2
|
* Clean up the handling of close notify alerts a bit. Also returnlloyd2012-09-111-6/+7
| | | | | immediately from received_data when we see a fatal alert - we are uninterested in any further data at that point.
* Add helper functionlloyd2012-09-111-7/+5
|
* Set m_readbuf_pos == m_readbuf.size(), resizing the vector as neededlloyd2012-09-111-3/+1
| | | | rather than preallocating the maximum possible size.
* The write buffer is cleared and rewritten by write_record, so we don'tlloyd2012-09-111-1/+0
| | | | | | need to pre-size it. Reorganize Channel members a bit
* Pass the record sequence # up to Channellloyd2012-09-111-4/+5
|
* Move the record type checks up to Channel as besides that the recordlloyd2012-09-111-21/+20
| | | | reader doesn't care what the record type is.
* New logic for DTLS replay detection. Abstracts the sequence handlinglloyd2012-09-101-20/+27
| | | | out a bit. Handling of initial server record is pretty nasty.
* Remove redundant Channel::m_current_versionlloyd2012-09-091-21/+27
|
* Create the IO in Channel and then pass it down to new_handshake_statelloyd2012-09-091-8/+23
| | | | as the logic is the same for both cases.
* Hide Channel::m_rng and Channel::m_session_manager, add getterslloyd2012-09-091-2/+2
|
* Add support for key material exportlloyd2012-09-071-0/+33
|
* Remove Channel::m_peer_certs, instead retrieve directly from the state.lloyd2012-09-071-0/+7
| | | | | | | | This also very happily avoids a race in renegotiation. If you first negotiated using cert X, then renegotiated with Y, during the period between the certificate message and the finished message, Channel::peer_cert_chain would return Y instead of X. Now, it returns Y only after the finished message has been verified.
* Take version from pending state for creating cipher speclloyd2012-09-071-3/+3
|
* Inline Secure_Renegotiation_State into Channel as so much of the datelloyd2012-09-071-20/+36
| | | | is rederivable now that we hold both states in memory.
* Pass the current active state as well as the pending state which islloyd2012-09-071-1/+3
| | | | | quite helpful in the server. May also be useful for the renegotiation extension.
* Keep two handshake states around, swap them whenlloyd2012-09-071-58/+59
| | | | Channel::activate_session is called.
* Reindentlloyd2012-09-071-10/+11
|
* In Channel move some checks to after we've verified needed == 0 tolloyd2012-09-071-10/+7
| | | | | | avoid a conditional. Clean up record checking in the reader.
* Remove bogus forced 64 byte mtu.lloyd2012-09-071-1/+6
| | | | | | | Fix DTLS CCS sequence number reset. Handle (partially) explicit sequence numbers in records. Need to output the record.
* Have write_record resize the vector as it goes, thus the return valuelloyd2012-09-061-9/+9
| | | | is not needed. Doesn't actually cause reallocations as we preallocate.
* Inline current_protocol_version, fix fragment limit checklloyd2012-09-061-10/+11
|
* Make Channel::m_state privatelloyd2012-09-061-1/+19
|
* Pass process_handshake_msg a reference to the Handshake_Statelloyd2012-09-061-1/+4
|
* Inline Record_Reader to Channel as welllloyd2012-09-061-16/+42
|
* Inline Record_Writer to Channellloyd2012-09-061-15/+90
|
* Add Channel::send_recordlloyd2012-09-061-3/+8
|
* Add more functions to Channel, hiding Record_Reader entirely and mostlloyd2012-09-061-0/+34
| | | | of Record_Writer.
* Make a number of members of Channel private instead of protectedlloyd2012-09-061-6/+22
|
* Hoist m_rng to Channellloyd2012-09-061-0/+1
|
* Remove Record_Writer::send_alert. Move Alert serialization to Alert::serializelloyd2012-09-041-1/+1
|
* Use a std::function so handshake_io only has access Record_Writer'slloyd2012-09-041-1/+1
| | | | send function.
* DTLS needs some help with ChangeCipherSpec because it is not includedlloyd2012-08-081-1/+1
| | | | | | | | in the message_seq count. When we are asking for the next handshake msg, tell the handshake IO layer if we are expecting a CCS or not. Then DTLS just needs to track which epoch(s) it has seen the CCS for, and which epoch it is currently in. This is all ignored by the stream IO layer.
* Remove Handshake_IO::have_full_record and Handshake_IO::emptylloyd2012-08-071-3/+6
| | | | | Have get_next_record return NONE+empty vector if no record availabe. IO::empty was completely unused.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-28 11:18:14 +0000