botan.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
*	Shuffle things around. Add NIST X.509 test to build.	lloyd	2014-01-01	1	-177/+0
\|
*	Move cryptobox/raw_key.cpp to new module cryptobox_psk which allows it	lloyd	2013-06-05	1	-1/+1
\| \| \| \| \| \|	to be used in TLS without requiring pulling in CTR, Serpent, PBKDF2 and other code required by password-based cryptobox but not needed for TLS session encryption.
*	Pull the code doing TLS session crypto out to cryptobox for general	lloyd	2013-03-04	1	-101/+4
\| \| \| \|	use and call it.
*	Add TLS::Server_Information to encapsulate the hostname/port pair.	lloyd	2012-10-13	1	-7/+19
\| \| \| \| \| \| \|	Add a service identifier as well, to help out clients which may want to negotiate multiple protocols over a single port and need to keep the sessions disambiguated. Not sure if that is useful, but it might be.
*	It seems other implementations define the secure renegotiation flag to	lloyd	2012-09-12	1	-4/+0
\| \| \| \| \| \| \| \|	be part of the connection rather than part of the session. That really does make more sense, so go with it. Changes the format of serialized sessions, but we already broke that with the crypto change.
*	Instead of using static salts in the KDF for generating the cipher and	lloyd	2012-08-09	1	-7/+22
\| \| \| \| \| \|	MAC keys for session encryption, randomly generate two 80-bit salt values which are included in the session blob and run the KDF over the master key and the random salts to create the keys.
*	Fairly huge update that replaces the old secmem types with std::vector	lloyd	2012-05-18	1	-13/+13
\| \| \| \| \| \|	using a custom allocator. Currently our allocator just does new/delete with a memset before deletion, and the mmap and mlock allocators have been removed.
*	Huge pile of post merge fixups, mtn really fucked that merge	lloyd	2012-04-25	1	-10/+13
\|
*	Limit the lifetime of tickets to Policy::session_ticket_lifetime()	lloyd	2012-04-04	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	seconds and report that value to the client in the NewSessionTicket message. After that point, a session ticket is ignored and a full renegotiation is forced. Only send a new session ticket on a new session, or on a resumed session where the client indicated it supports session tickets but for whatever reason didn't send one in the hello. Perhaps in this case, we should also remove the session from the session manager? Clean up server selection of the ciphersuite a bit, all in an anon function in tls_server instead of scattered over Server, Policy, and Server_Hello. Add Session::session_age and Session_Manager::session_lifetime
*	Rework session crypto code. Drop the 4 bytes of zeros reserved for	lloyd	2012-03-28	1	-37/+53
\| \| \| \| \| \| \| \| \|	flags; if params change just regen the magic value and drop old sessions. Check the magic value right from the start. Use constants for internal sizes. Increase default PBKDF2 iterations in the SQLite session manager to 64K.
*	Add encryption for the SQLite sessions database	lloyd	2012-03-22	1	-6/+6
\|
*	Server side handling of session tickets, though currently with a	lloyd	2012-03-22	1	-1/+1
\| \| \| \|	hard-coded key.
*	propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵	lloyd	2012-03-22	1	-2/+0
\|\ \| \| \| \| \| \| \| \| \| \|	f761c340d4390c232d1a9896f3fde5c9dec7858b) to branch 'net.randombit.botan.tls-session-ticket' (head bf9feb245aa7185e22948a21a3099acac7237b44)
\| *	Remove extra BER_Decoder object	lloyd	2012-03-22	1	-2/+0
\| \|
* \|	Basic protocol message flow for session tickets	lloyd	2012-03-20	1	-40/+48
\| \|
* \|	Small fixes, cleanups	lloyd	2012-03-19	1	-1/+1
\| \|
* \|	Various merge fixups.	lloyd	2012-03-16	1	-16/+17
\| \| \| \| \| \| \| \| \| \|	Use AES-256 so we don't encrypt session tickets with a weaker algo than the ciphersuites.
* \|	propagate from branch 'net.randombit.botan.tls-state-machine' (head ↵	lloyd	2012-03-16	1	-33/+69
\|\\| \| \| \| \| \| \| \| \| \| \|	c24b5d6b012131b177d38bddb8b06d73f81f70c4) to branch 'net.randombit.botan.tls-session-ticket' (head 9977d4c118e1ac26425cef676ebf26cd5b2a470e)
\| *	Indentation	lloyd	2012-02-27	1	-10/+10
\| \|
\| *	PEM encoding. Fix BER decoding. Encode the entire cert chain in the	lloyd	2012-01-24	1	-20/+48
\| \| \| \| \| \| \| \|	session.
\| *	Make the version number a proper class, makes many things much easier	lloyd	2012-01-23	1	-3/+8
\| \| \| \| \| \| \| \|	for such a minor change.
\| *	Since this branch is hugely API breaking already, go ahead and put	lloyd	2012-01-23	1	-3/+7
\| \| \| \| \| \| \| \| \| \|	everything into a new namespace (Botan::TLS), removing the TLS_ prefixes on everything.
* \|	Outline of RFC 5077 session tickets	lloyd	2012-01-11	1	-1/+91
\|/
*	Rename the session type to 'TLS_Session'. Split the manager out into	lloyd	2011-12-30	1	-0/+94
	its own file. Rename tls_state to tls_handshake_state.