| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | Add missing dependencies | lloyd | 2013-04-19 | 1 | -0/+2 |
| | | |||||
| * | Avoid warning | lloyd | 2013-04-19 | 1 | -2/+2 |
| | | |||||
| * | Some small TLS doc updates | lloyd | 2013-04-19 | 1 | -0/+2 |
| | | |||||
| * | Avoid using representable value for internal null alert | lloyd | 2013-04-19 | 2 | -14/+7 |
| | | |||||
| * | Rename ARC4 to RC4 | lloyd | 2013-04-19 | 4 | -17/+16 |
| | | |||||
| * | Rewrite the TLS padding comparison to be constant time | lloyd | 2013-04-16 | 1 | -6/+6 |
| | | |||||
| * | Add a policy for Suite B 128-bit | lloyd | 2013-04-12 | 2 | -12/+33 |
| | | |||||
| * | Add datestamp to autogenerated tls_suite_info.cpp | lloyd | 2013-04-12 | 1 | -3/+2 |
| | | |||||
| * | Fix Ciphersuite::to_string when using non-GCM AEAD modes | lloyd | 2013-04-12 | 1 | -2/+2 |
| | | |||||
| * | Add support for AEAD modes in TLS. Add GCM ciphersuites. | lloyd | 2013-04-11 | 4 | -9/+239 |
| | | |||||
| * | In Channel, pre-size the IO buffers to 16K to avoid excess allocations. | lloyd | 2013-04-11 | 1 | -0/+7 |
| | | | | | Translate Integrity_Failure exceptions to bad_record_mac | ||||
| * | Only negotiate an AEAD mode when using 1.2 | lloyd | 2013-04-11 | 3 | -0/+12 |
| | | |||||
| * | Mark Channel IO buffers for zeroing | lloyd | 2013-04-10 | 3 | -7/+7 |
| | | |||||
| * | Make the IV length and MAC keylength explicit in the ciphersuite | lloyd | 2013-04-10 | 6 | -124/+145 |
| | | | | | Add support for alternate PRFs | ||||
| * | Make ciphersuite_list a virtual member of TLS::Policy | lloyd | 2013-04-10 | 4 | -21/+20 |
| | | | | | so it can be overridden by applications. | ||||
| * | Add a param to Connection_Cipher_State so it knows which direction | lloyd | 2013-04-10 | 3 | -1/+5 |
| | | | | | processing is happening. | ||||
| * | Have tls_suite_info.py generate the entire source file | lloyd | 2013-03-28 | 1 | -6/+6 |
| | | | | | | | | instead of just the switch. Next step should be having it be run by configure at build time and a copy of the the params included in build-data | ||||
| * | Add TLS::Policy::server_uses_own_ciphersuite_preferences() | lloyd | 2013-03-21 | 4 | -5/+33 |
| | | | | | | | Previously the server always took its most-preferred cipher out of the client's list, but this policy allows telling a server to follow the client's preferences insetad. | ||||
| * | Add the script that generates the switch in tls_suite_info.cpp | lloyd | 2013-03-16 | 1 | -1/+4 |
| | | |||||
| * | Move assert.h from internal to very public (included in types.h) | lloyd | 2013-03-13 | 9 | -9/+0 |
| | | | | | | | This reduces friction to writing an assert, so hopefully there will be more of them as a result. And we can use asserts in public headers now, very useful for templates. | ||||
| * | Pull the code doing TLS session crypto out to cryptobox for general | lloyd | 2013-03-04 | 1 | -101/+4 |
| | | | | | use and call it. | ||||
| * | Correct Doxygen comments | lloyd | 2013-03-02 | 2 | -2/+1 |
| | | |||||
| * | Add sync handshake function to Blocking_Client | lloyd | 2013-03-01 | 2 | -8/+32 |
| | | |||||
| * | Blocking_Client fixes. Add relnote | lloyd | 2013-02-28 | 4 | -16/+7 |
| | | |||||
| * | Initial blocking client interface for simple uses and 1.10 compat | lloyd | 2013-02-28 | 2 | -0/+174 |
| | | |||||
| * | Move the major TLS record MAC check and decrypt routines to their own | lloyd | 2013-02-11 | 1 | -75/+112 |
| | | | | | functions | ||||
| * | Move record decrypt to its own function | lloyd | 2013-02-11 | 1 | -86/+104 |
| | | |||||
| * | Simplify this catch | lloyd | 2013-02-11 | 1 | -6/+1 |
| | | |||||
| * | Prefer RC4 over AES. Gak. | lloyd | 2013-02-06 | 1 | -3/+3 |
| | | |||||
| * | Don't need to pass the sequence numbers struct in here, all we need is | lloyd | 2012-12-14 | 3 | -5/+3 |
| | | | | | the value we want to use this time. | ||||
| * | Re-add support for reading SSLv2 client hellos | lloyd | 2012-12-10 | 2 | -11/+22 |
| | | |||||
| * | Add a Record struct to combine the record contents, type, sequence #, | lloyd | 2012-12-10 | 5 | -82/+104 |
| | | | | | and version into a single value. | ||||
| * | Change Credentials_Manager::trusted_certificate_authorities to return | lloyd | 2012-11-13 | 4 | -11/+17 |
| | | | | | | | | | | a list of Certificate_Stores instead of a list of actual certs, allowing for instance the ability to reference a DB cert store without actually pulling all the certs into memory. Add Certificate_Store::all_subjects which returns the DNs of all contained certificates. | ||||
| * | Changes so DTLS handshake can send messages under different epochs, eg | lloyd | 2012-11-12 | 7 | -55/+85 |
| | | | | | for retransmitting a flight. | ||||
| * | Remove Channel::m_max_fragment. Instead derive it from the server | lloyd | 2012-11-07 | 4 | -29/+27 |
| | | | | | | | hello. This also fixes a bug where a client which sent the fragment limit would enforce it even for servers which did not support the extension. | ||||
| * | Store the maximum fragment value instead of the code, convert to the | lloyd | 2012-11-07 | 2 | -37/+31 |
| | | | | | code on serialize/deserialize. | ||||
| * | Remove Channel::m_connection_closed, instead deriving it from other state | lloyd | 2012-11-07 | 2 | -8/+11 |
| | | |||||
| * | Pass read_record a callback mapping epoch to cipher state so it can | lloyd | 2012-11-06 | 4 | -53/+38 |
| | | | | | read out of order messages in DTLS. | ||||
| * | Add Channel::pending_state and Channel::active_state, use where possible | lloyd | 2012-11-06 | 2 | -73/+84 |
| | | |||||
| * | Store cipher states in Channel instead of Handshake_State. Keep all | lloyd | 2012-11-06 | 7 | -66/+145 |
| | | | | | | around by default, expiring them as they are no longer needed. Expiration logic for DTLS needs some work. | ||||
| * | Split asn1_obj.h into asn1_alt_name.h, asn1_attribute.h, and | lloyd | 2012-11-06 | 1 | -0/+6 |
| | | | | | asn1_time.h | ||||
| * | Move Channel::is_{active,closed} to source file | lloyd | 2012-11-01 | 2 | -2/+12 |
| | | |||||
| * | Add TLS::Policy::negotiate_heartbeat_support which controls if the | lloyd | 2012-10-13 | 5 | -3/+20 |
| | | | | | | | client will offer heartbeats (or if a server will negotiate them if the client offers). Defaults to false, which is probably the right behavior in terms of minimizing surprise and attack surface. | ||||
| * | Remove TLS::Policy::pref_version. Instead pass the version to offer to | lloyd | 2012-10-13 | 5 | -15/+19 |
| | | | | | | | | | the Client constructor. Defaults to the most recent version of TLS. Allows TLS or DTLS, and means that it's possible to back down on the offered version, without requiring a Policy implementation with mutable state. | ||||
| * | Add TLS::Server_Information to encapsulate the hostname/port pair. | lloyd | 2012-10-13 | 13 | -103/+179 |
| | | | | | | | | Add a service identifier as well, to help out clients which may want to negotiate multiple protocols over a single port and need to keep the sessions disambiguated. Not sure if that is useful, but it might be. | ||||
| * | Generate the fake pre master needed if the RSA computation fails ahead | lloyd | 2012-10-02 | 1 | -4/+16 |
| | | | | | of time. Otherwise we expose a timing channel WRT using the RNG. | ||||
| * | Missing return value | lloyd | 2012-09-19 | 1 | -0/+1 |
| | | |||||
| * | Inline Channel::{read,write}_cipher_state, only one caller each | lloyd | 2012-09-14 | 2 | -24/+11 |
| | | |||||
| * | Expose to public in TLS::Channel peer_supports_heartbeats, | lloyd | 2012-09-13 | 1 | -6/+16 |
| | | | | | heartbeat_sending_allowed, and secure_renegotiation_supported. | ||||
| * | Store the cipher states in the handshake state object as shared_ptrs. | lloyd | 2012-09-13 | 4 | -43/+94 |
| | | | | | | | One notable change here is that after we send a close_alert, we ignore any data that follows. That is somewhat unfortunate actually, but overall this change is important (for DTLS). | ||||
 |
index : botan.git | |
| Unnamed repository; edit this file 'description' to name the repository. |
| aboutsummaryrefslogtreecommitdiffstats |