aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* The client wasn't sending a next protocol message on a sessionlloyd2012-08-061-0/+11
| | | | resumption.
* A heartbeat request send by the counterparty during a handshake wouldlloyd2012-08-061-5/+8
| | | | be passed to the application callback as a heartbeat response.
* Move server-specific parts of the handshake state to a server subclass.lloyd2012-08-064-21/+29
|
* Move things that are client specific in the handshake state to alloyd2012-08-062-16/+28
| | | | subclass created by Client::new_handshake_state
* Make the handshake hash privatelloyd2012-08-067-33/+36
|
* Make handshake session keys private with get/setlloyd2012-08-066-24/+33
|
* Make the handshake Ciphersuite only available by const reference.lloyd2012-08-068-36/+35
| | | | Derive it when the server hello is set.
* Const Handshake_State args where possiblelloyd2012-08-063-5/+5
|
* Move Certificate message to it's own file.lloyd2012-08-064-68/+89
| | | | Remove ~Extensions declaration, not used anymore.
* Use unique_ptr in Server_Kex_Exchange and Extensionslloyd2012-08-064-37/+19
|
* Store record MAC objects in unique_ptrlloyd2012-08-063-21/+12
|
* Have all the TLS handshake messages stored in unique_ptrs with onlylloyd2012-08-0615-294/+436
| | | | const access after setting them. Fix some const issues.
* m_ namespace remaining TLS messageslloyd2012-08-065-78/+78
|
* In the in-memory session manager, choose a random key at startup andlloyd2012-08-053-10/+28
| | | | | | | | encrypt all of the sessions, decrypting before return. This minimizes load on the locked memory (48 bytes master secret per session, vs 32 bytes for a single master key). It might also make recovering session data from memory dumps a little bit harder though this isn't worth counting on IMO
* Remove Channel::read_handshake. Have the server set expected next msglloyd2012-08-054-43/+15
| | | | in new_handshake_state.
* If we're negotiating a datagram protocol, allow a hello verifylloyd2012-08-031-2/+20
| | | | message. Add client-side hello verify handling.
* Take the initial record version from the Handshake_IO instance insteadlloyd2012-08-035-3/+24
| | | | of hardcoding it to SSLv3.
* Add Handshake_Hash::resetlloyd2012-08-033-3/+24
| | | | Add cookie support in Client_Hello.
* Add preliminary IO handler for datagram handshakes. Does not fragmentlloyd2012-08-032-0/+184
| | | | | outbound messages to MTU. Reassembly likely doesn't work, and is very vulnerable to DoS attacks.
* Rename all the message source files to msg_lloyd2012-08-0311-10/+10
|
* Combine Handshake_Writer and Handshake_Reader into Handshake_IO.lloyd2012-08-0320-245/+170
| | | | | | | | This is mostly just a minor code savings for TLS, but it actually seems important for DTLS because getting a handshake message can be a trigger for retransmitting previously sent handshake messages in some circumstances. Having the reading and writing all in one layer makes it a bit easier to accomplish that.
* Move the code that pretends a CCS message is a handshake message fromlloyd2012-08-023-40/+32
| | | | Channel to the handshake reader.
* Use TLS v1.0 PRF unless the version supports a ciphersuite specific PRFlloyd2012-08-021-4/+5
|
* Add TLS::Protocol_Version::supports_ciphersuite_specific_prflloyd2012-08-024-14/+16
|
* Fix DTLS HelloVerify message decodinglloyd2012-08-021-3/+12
|
* Use m_ namespace member vars in CurveGFplloyd2012-08-011-35/+36
|
* Move monty_invert to numthry.h and use it in CurveGFp as welllloyd2012-08-014-51/+48
|
* Remove z_size parameter to bigint_monty_redc because it should alwayslloyd2012-08-014-26/+12
| | | | | | | | | | | be 2*(p_size+1). Document that it clears the high part of z. Don't clear the workspace before calling Karatsuba in bigint_mul or bigint_sqr - they clear it every time anyway. Don't bother masking words in the Montgomery_Exponentiator as redc zeros those words. Also don't bother calling z.clear() as the multiply operation does that already.
* Cleanup BigInt::cmplloyd2012-08-014-41/+43
| | | | | | Move bigint_divcore to divide.cpp which is the only place it is used. Probably not computationally intensive enough to really be worth optimizing in asm.
* Move all BigInt constructors to the top of the decllloyd2012-08-011-81/+82
|
* Remove BigInt::assignlloyd2012-08-012-25/+24
|
* Remove BigInt(NumberType type, size_t n) and replace it with a staticlloyd2012-08-019-37/+24
| | | | BigInt function power_of_2. (Power2 was the only available NumberType)
* Remove all support for octal BigInt conversions.lloyd2012-08-014-39/+25
|
* Remove BigInt::get_reglloyd2012-08-013-13/+6
|
* Remove BigInt::operator[]. Use BigInt::word_at, which checks sizeslloyd2012-08-014-14/+12
|
* Remove BigInt::operator[] returning a mutable word referencelloyd2012-08-013-13/+9
|
* Rename the version of BigInt::data returning a mutable pointerlloyd2012-08-015-38/+38
| | | | to BigInt::mutable_data. Update callers.
* Remove the mutable version of BigInt::get_reglloyd2012-07-315-22/+18
|
* m_ namespace BigInt memberslloyd2012-07-313-40/+40
|
* Remove BigInt::grow_reg which was only used by a few tests.lloyd2012-07-312-14/+4
|
* Rename activate to more descriptive change_cipher_speclloyd2012-07-295-28/+41
|
* Use unique_ptr for handshake state, avoid lots of delete+nullptr assignlloyd2012-07-294-48/+43
|
* If we're going to reject an insecure renegotiation, do it immediately,lloyd2012-07-293-41/+63
| | | | | | | | | | | | | even before parsing the client hello, since there is nothing the client can say in the hello that will change our mind about it. Call Policy::acceptable_protocol_version on the final negotiated version, not what the client offered! Clean up the server version choosing logic a bit. Add Protocol_Version::best_known_match which returns the 'best' version we know of matching a particular version.
* Helper func for loading 24 bit valuelloyd2012-07-281-8/+15
|
* Pass protocol to initiate_handshakelloyd2012-07-282-5/+7
|
* Combine client initial handshake and renegotiation in initiate_handshake.lloyd2012-07-282-55/+39
| | | | | | One behavioral change is we now send SNI on renegotation hellos. This is probably harmless (?) and might be helpful for the server in finding the right certs.
* Fix DTLS version string.lloyd2012-07-285-15/+27
| | | | | | Pass version to ciphersuite_list, avoid negotiating RC4 with DTLS Disable ECC <= 192 bits.
* Make Handshake_Writer non-copyablelloyd2012-07-281-0/+6
|
* Add format() hook to Handshake_Writer, so that Handshake_Hash does notlloyd2012-07-286-39/+34
| | | | | | | | need to know what the handshake format is. Remove unused functions from Handshake_Hash and store all handshake data as a plain std::vector, since as handshake information it is not sensitive.
* Add Public_Key::estimated_strength which gives an approximation of howlloyd2012-07-279-13/+68
| | | | | | | hard that key is to break. Use it in cert path validation, rejecting keys with estimated strength less than 80 bits.
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-04 23:30:25 +0000