aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
Commit message (Collapse)AuthorAgeFilesLines
* Add datestamp to autogenerated tls_suite_info.cpplloyd2013-04-121-3/+2
|
* Fix Ciphersuite::to_string when using non-GCM AEAD modeslloyd2013-04-121-2/+2
|
* Add support for AEAD modes in TLS. Add GCM ciphersuites.lloyd2013-04-114-9/+239
|
* In Channel, pre-size the IO buffers to 16K to avoid excess allocations.lloyd2013-04-111-0/+7
| | | | Translate Integrity_Failure exceptions to bad_record_mac
* Only negotiate an AEAD mode when using 1.2lloyd2013-04-113-0/+12
|
* Mark Channel IO buffers for zeroinglloyd2013-04-103-7/+7
|
* Make the IV length and MAC keylength explicit in the ciphersuitelloyd2013-04-106-124/+145
| | | | Add support for alternate PRFs
* Make ciphersuite_list a virtual member of TLS::Policylloyd2013-04-104-21/+20
| | | | so it can be overridden by applications.
* Add a param to Connection_Cipher_State so it knows which directionlloyd2013-04-103-1/+5
| | | | processing is happening.
* Have tls_suite_info.py generate the entire source filelloyd2013-03-281-6/+6
| | | | | | | instead of just the switch. Next step should be having it be run by configure at build time and a copy of the the params included in build-data
* Add TLS::Policy::server_uses_own_ciphersuite_preferences()lloyd2013-03-214-5/+33
| | | | | | Previously the server always took its most-preferred cipher out of the client's list, but this policy allows telling a server to follow the client's preferences insetad.
* Add the script that generates the switch in tls_suite_info.cpplloyd2013-03-161-1/+4
|
* Move assert.h from internal to very public (included in types.h)lloyd2013-03-139-9/+0
| | | | | | This reduces friction to writing an assert, so hopefully there will be more of them as a result. And we can use asserts in public headers now, very useful for templates.
* Pull the code doing TLS session crypto out to cryptobox for generallloyd2013-03-041-101/+4
| | | | use and call it.
* Correct Doxygen commentslloyd2013-03-022-2/+1
|
* Add sync handshake function to Blocking_Clientlloyd2013-03-012-8/+32
|
* Blocking_Client fixes. Add relnotelloyd2013-02-284-16/+7
|
* Initial blocking client interface for simple uses and 1.10 compatlloyd2013-02-282-0/+174
|
* Move the major TLS record MAC check and decrypt routines to their ownlloyd2013-02-111-75/+112
| | | | functions
* Move record decrypt to its own functionlloyd2013-02-111-86/+104
|
* Simplify this catchlloyd2013-02-111-6/+1
|
* Prefer RC4 over AES. Gak.lloyd2013-02-061-3/+3
|
* Don't need to pass the sequence numbers struct in here, all we need islloyd2012-12-143-5/+3
| | | | the value we want to use this time.
* Re-add support for reading SSLv2 client helloslloyd2012-12-102-11/+22
|
* Add a Record struct to combine the record contents, type, sequence #,lloyd2012-12-105-82/+104
| | | | and version into a single value.
* Change Credentials_Manager::trusted_certificate_authorities to returnlloyd2012-11-134-11/+17
| | | | | | | | | a list of Certificate_Stores instead of a list of actual certs, allowing for instance the ability to reference a DB cert store without actually pulling all the certs into memory. Add Certificate_Store::all_subjects which returns the DNs of all contained certificates.
* Changes so DTLS handshake can send messages under different epochs, eglloyd2012-11-127-55/+85
| | | | for retransmitting a flight.
* Remove Channel::m_max_fragment. Instead derive it from the serverlloyd2012-11-074-29/+27
| | | | | | hello. This also fixes a bug where a client which sent the fragment limit would enforce it even for servers which did not support the extension.
* Store the maximum fragment value instead of the code, convert to thelloyd2012-11-072-37/+31
| | | | code on serialize/deserialize.
* Remove Channel::m_connection_closed, instead deriving it from other statelloyd2012-11-072-8/+11
|
* Pass read_record a callback mapping epoch to cipher state so it canlloyd2012-11-064-53/+38
| | | | read out of order messages in DTLS.
* Add Channel::pending_state and Channel::active_state, use where possiblelloyd2012-11-062-73/+84
|
* Store cipher states in Channel instead of Handshake_State. Keep alllloyd2012-11-067-66/+145
| | | | | around by default, expiring them as they are no longer needed. Expiration logic for DTLS needs some work.
* Split asn1_obj.h into asn1_alt_name.h, asn1_attribute.h, andlloyd2012-11-061-0/+6
| | | | asn1_time.h
* Move Channel::is_{active,closed} to source filelloyd2012-11-012-2/+12
|
* Add TLS::Policy::negotiate_heartbeat_support which controls if thelloyd2012-10-135-3/+20
| | | | | | client will offer heartbeats (or if a server will negotiate them if the client offers). Defaults to false, which is probably the right behavior in terms of minimizing surprise and attack surface.
* Remove TLS::Policy::pref_version. Instead pass the version to offer tolloyd2012-10-135-15/+19
| | | | | | | | the Client constructor. Defaults to the most recent version of TLS. Allows TLS or DTLS, and means that it's possible to back down on the offered version, without requiring a Policy implementation with mutable state.
* Add TLS::Server_Information to encapsulate the hostname/port pair.lloyd2012-10-1313-103/+179
| | | | | | | Add a service identifier as well, to help out clients which may want to negotiate multiple protocols over a single port and need to keep the sessions disambiguated. Not sure if that is useful, but it might be.
* Generate the fake pre master needed if the RSA computation fails aheadlloyd2012-10-021-4/+16
| | | | of time. Otherwise we expose a timing channel WRT using the RNG.
* Missing return valuelloyd2012-09-191-0/+1
|
* Inline Channel::{read,write}_cipher_state, only one caller eachlloyd2012-09-142-24/+11
|
* Expose to public in TLS::Channel peer_supports_heartbeats,lloyd2012-09-131-6/+16
| | | | heartbeat_sending_allowed, and secure_renegotiation_supported.
* Store the cipher states in the handshake state object as shared_ptrs.lloyd2012-09-134-43/+94
| | | | | | One notable change here is that after we send a close_alert, we ignore any data that follows. That is somewhat unfortunate actually, but overall this change is important (for DTLS).
* Update creators of Session to new constructorlloyd2012-09-122-2/+0
|
* It seems other implementations define the secure renegotiation flag tolloyd2012-09-123-16/+3
| | | | | | | | be part of the connection rather than part of the session. That really does make more sense, so go with it. Changes the format of serialized sessions, but we already broke that with the crypto change.
* A quite different approach to extension handling, store both inboundlloyd2012-09-128-282/+233
| | | | | | | | | and outbound extensions in an Extension, and pull out values as requested. This is to some extent just a cleanup but also assures us that the client and the server do agree on what extensions were set. Previously it was possible for extensions to mismatch, eg we set a field in the client hello structure but it didn't make it into an extension.
* Spellinglloyd2012-09-126-18/+17
|
* Duplicated extension checks!lloyd2012-09-121-12/+0
|
* Remove Channel::m_secure_renegotiation, instead derive from current state.lloyd2012-09-122-46/+23
|
* CBC overwrote (encrypted) the following block in write_record. Illoyd2012-09-121-1/+4
| | | | | | | | | | | | | | missed it before because the buffer was pre-sized to maximum allowable, thus it just encrypted something we never sent. However after the buffer sizes were set to zero, it would start encrypting ... something ... after the block. This would manifest by strange crashes during a full client renegotiation. The problem was that the buffer was sized up a bit for sending the unencrypted messages (client kex, etc) and so we had some wiggle room. However sending an encrypted client kex took more space than that (due to the MAC, etc) so a full renegotiation would cause values to be overwritten.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-23 16:59:57 +0000