aboutsummaryrefslogtreecommitdiffstats
path: root/src/tls
Commit message (Collapse)AuthorAgeFilesLines
* Shuffle things around. Add NIST X.509 test to build.lloyd2014-01-0157-11634/+0
|
* Move add_alias and deref_alias from Library_State to SCAN_Namelloyd2013-12-252-3/+3
|
* Remove global_rng calls for setting up blinding, instead require a RNGlloyd2013-12-251-0/+4
| | | | | | be passed to the engine. Currently pubkey.cpp just passes along the global_rng but eventually we'll break this API and require a RNG to the constructor.
* Have default TLS policy reject SSLv3. Add TLS::Policy::acceptable_ciphersuitelloyd2013-12-102-7/+18
| | | | | to allow either party to filter out specific ciphersuites they don't wish to support for whatever reason.
* Support the normal names for CCM in TLS policy configlloyd2013-12-042-28/+18
|
* Disable RC4 in TLS by defaultlloyd2013-11-291-1/+1
|
* Give everything setting a feature test macro in build.h a version codelloyd2013-11-282-2/+2
| | | | | | so application code can check for the specific API it expects without having to keep track of what versions APIs x,y,z changed. Arbitrarily set all current API versions to 20131128.
* wget it ourselves, and include the hash of the file in the outputlloyd2013-11-281-1/+2
|
* Fix file rename in info.txt and add a check for this in configurelloyd2013-11-281-1/+1
|
* TLS in-memory session manager now requires a rng object as alloyd2013-11-282-5/+7
| | | | | constructor argument, previously it used the global rng which caused a serialization point across server threads.
* Add a basic DTLS policylloyd2013-11-201-0/+13
|
* Return a valuelloyd2013-11-091-1/+1
|
* Split TLS callbacks into a data callback and an alert callback.lloyd2013-11-058-37/+61
| | | | | In practice applications treated these two cases completely differently, so there was no reason to combine them into a single callback.
* Simplify AD processing in non-AEAD caselloyd2013-09-081-22/+12
|
* Add Brainpool curves to TLS, and prefer them by default.lloyd2013-09-082-0/+15
| | | | Remove 224-bit NIST curve from default parameter list.
* Remove Record structlloyd2013-09-075-196/+120
|
* Don't pass Record struct to handshake parserlloyd2013-09-063-14/+22
|
* Enable CCM ciphersuites in TLS. Disable SHA-1 for signatures in TLS v1.2lloyd2013-09-062-5/+57
|
* Correct Ciphersuite::valid and to_string for CCMlloyd2013-09-051-1/+11
|
* Add Cipher_Mode intermediate class. Add missing BOTAN_DLL exportslloyd2013-08-191-1/+1
|
* Remove unused fields. Thanks Clanglloyd2013-07-302-2/+0
|
* merge of 'a25b72d98eb3f88fcf577fabfcd430ef0758debc'lloyd2013-07-291-1/+10
|\ | | | | | | and 'e94f646a2b2fe793b40067b09c95a5871e52a43a'
| * Add sending std::vector to TLS::Channellloyd2013-07-011-1/+10
| |
* | Change default policy to prohibit DTLS to minimize surprise.lloyd2013-07-108-41/+64
|/ | | | | | | | | | Allow applications to send arbirary alert messages. Add a new optional parameter to Channel which specifies how large to make the IO buffers by default. Add Channel::reset_state, and reset the IO buffers and cipher specs after a fatal alert.
* Move cryptobox/raw_key.cpp to new module cryptobox_psk which allows itlloyd2013-06-052-2/+2
| | | | | | to be used in TLS without requiring pulling in CTR, Serpent, PBKDF2 and other code required by password-based cryptobox but not needed for TLS session encryption.
* Have TLS::Ciphersuite::valid check that all algorithms are available,lloyd2013-06-042-21/+84
| | | | | | | | | | | | | which allows us to remove a number of algorithms as hard dependencies and instead simply allow their use if they are included in the build. Currently all key exchange algorithms (RSA, DH, ECDH, SRP) remain as hard dependencies as msg_{client,server}_key.cpp directly manipulate those types. While theoretically optional, MD5, SHA-1, SHA-2, and SSL3-MAC remain hard dependencies as their availability affects protocol support as well as ciphersuites, though in principle being able to disable MD5/SHA-1 and requiring v1.2 or higher would be useful.
* Add Channel::send_warning_alert and send_fatal_alertlloyd2013-05-304-8/+18
|
* Change TLS::Ciphersuite constructor to be non-inline and to takelloyd2013-04-192-17/+37
| | | | | arguments by const char*. Reduces size of tls_suite_info.o by 80% on Linux with GCC 4.8
* Add missing dependencieslloyd2013-04-191-0/+2
|
* Avoid warninglloyd2013-04-191-2/+2
|
* Some small TLS doc updateslloyd2013-04-191-0/+2
|
* Avoid using representable value for internal null alertlloyd2013-04-192-14/+7
|
* Rename ARC4 to RC4lloyd2013-04-194-17/+16
|
* Rewrite the TLS padding comparison to be constant timelloyd2013-04-161-6/+6
|
* Add a policy for Suite B 128-bitlloyd2013-04-122-12/+33
|
* Add datestamp to autogenerated tls_suite_info.cpplloyd2013-04-121-3/+2
|
* Fix Ciphersuite::to_string when using non-GCM AEAD modeslloyd2013-04-121-2/+2
|
* Add support for AEAD modes in TLS. Add GCM ciphersuites.lloyd2013-04-114-9/+239
|
* In Channel, pre-size the IO buffers to 16K to avoid excess allocations.lloyd2013-04-111-0/+7
| | | | Translate Integrity_Failure exceptions to bad_record_mac
* Only negotiate an AEAD mode when using 1.2lloyd2013-04-113-0/+12
|
* Mark Channel IO buffers for zeroinglloyd2013-04-103-7/+7
|
* Make the IV length and MAC keylength explicit in the ciphersuitelloyd2013-04-106-124/+145
| | | | Add support for alternate PRFs
* Make ciphersuite_list a virtual member of TLS::Policylloyd2013-04-104-21/+20
| | | | so it can be overridden by applications.
* Add a param to Connection_Cipher_State so it knows which directionlloyd2013-04-103-1/+5
| | | | processing is happening.
* Have tls_suite_info.py generate the entire source filelloyd2013-03-281-6/+6
| | | | | | | instead of just the switch. Next step should be having it be run by configure at build time and a copy of the the params included in build-data
* Add TLS::Policy::server_uses_own_ciphersuite_preferences()lloyd2013-03-214-5/+33
| | | | | | Previously the server always took its most-preferred cipher out of the client's list, but this policy allows telling a server to follow the client's preferences insetad.
* Add the script that generates the switch in tls_suite_info.cpplloyd2013-03-161-1/+4
|
* Move assert.h from internal to very public (included in types.h)lloyd2013-03-139-9/+0
| | | | | | This reduces friction to writing an assert, so hopefully there will be more of them as a result. And we can use asserts in public headers now, very useful for templates.
* Pull the code doing TLS session crypto out to cryptobox for generallloyd2013-03-041-101/+4
| | | | use and call it.
* Correct Doxygen commentslloyd2013-03-022-2/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-22 06:48:16 +0000