aboutsummaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add support for sending server name indicator in client hellolloyd2011-12-2911-70/+379
| | | | | | | | Add support for sending and reading the SRP identifier extension. Add some helper classes for managing TLS extensions Add ciphersuite codes for SRP key exchange.
* Clean up the ordering of constructor args to the various message typeslloyd2011-12-299-99/+108
|
* SSLv3 clients will send this as a warning if the server requests alloyd2011-12-291-0/+1
| | | | client cert and they don't have one.
* Ref mozilla bug alsolloyd2011-12-291-2/+2
|
* Only insert small fragments for application records. Handshakes wouldlloyd2011-12-291-1/+1
| | | | | | only be affected if the attacker can modify the handshake messages, which seems fairly unlikely, and some implementations are known to be unhappy with fragmented handshakes.
* Don't buffer in the record writer at all - we immediately process andlloyd2011-12-287-64/+42
| | | | | | | | send out inputs as they are available. Thus, flushing is never required, and we avoid some unnecessary copying. If we are using a CBC mode cipher in SSLv3/TLSv1.0, send a 1-byte fragment to start to prevent the adaptive plaintext attack.
* Fix for RC4 suiteslloyd2011-12-281-1/+2
|
* Optimization/work on future optimization for the record writer;lloyd2011-12-282-50/+67
| | | | | | collects all the data into a single buffer and encrypts it in one go. Once the support is there for in-place encryption in the cipher modes this will help out substantially.
* Rounding to nearest 0 should be a no-oplloyd2011-12-281-0/+6
|
* Add support for raw deflate in the zlib filterlloyd2011-12-282-12/+35
|
* Comment grammarlloyd2011-12-281-2/+2
|
* Fixlloyd2011-12-281-0/+1
|
* Cleanerlloyd2011-12-282-3/+2
|
* Fixes for DSA authlloyd2011-12-282-8/+11
|
* Add non-null assertion, don't print msg if empty stringlloyd2011-12-282-1/+11
|
* Assert there is nothing left over at the end of packet parsing.lloyd2011-12-281-0/+6
|
* Additional bits for SSLv3 client authlloyd2011-12-284-9/+37
|
* Save peer certs in session info. Use helper function for handshakelloyd2011-12-285-42/+30
| | | | hashing.
* Working though hacking client verify (server side only). Only supportslloyd2011-12-2817-62/+123
| | | | | TLS 1.0/1.1, SSLv3 uses a different hash format. Only RSA certs tested so far.
* Remove debug print, include info in the exception msg insteadlloyd2011-12-281-8/+3
|
* Slightly better alert option for this caselloyd2011-12-281-1/+1
|
* We wouldn't send an alert before handshaking was complete becauselloyd2011-12-281-7/+4
| | | | | | active == false, which made debugging hard and caused timeouts/hangs in clients if (for instance) a ciphersuite couldn't be negotiated. Always send alerts.
* Make TLS_Session_Params a real class. Various cleanups.lloyd2011-12-286-124/+193
|
* Partial bits of the server side of client auth. Incomplete.lloyd2011-12-286-39/+87
| | | | | | Pass a session manager to TLS_Client's constructor. Currently unused. Add time-based session expiration to the in-memory session cache.
* Make tls_session_key.h an internal headerlloyd2011-12-279-8/+18
|
* Actually send the right info in a resumed session server hellolloyd2011-12-271-7/+4
|
* Force resumed session to use previous ciphersuite, etclloyd2011-12-274-26/+73
|
* BER decoder extras needed by previous commitlloyd2011-12-272-17/+68
|
* Session deserializationlloyd2011-12-273-6/+27
|
* Half of session serializationlloyd2011-12-275-77/+181
|
* Clean up SessionKeys implementationlloyd2011-12-272-108/+49
|
* First rev of working session resumption (server side only). Only workslloyd2011-12-277-65/+202
| | | | with TLS at the moment, SessionKeys is a mess.
* Avoid a memory leak if we were using DHE - kex_priv would get a copylloyd2011-12-272-23/+22
| | | | of the server key and then we'd immediately overwrite the pointer.
* Much smarter state transition checking: at each point in thelloyd2011-12-275-159/+170
| | | | | | | | handshake, keep track of exactly which handshake message type(s) we can expect and assert before processing that what we recieved is what we expected. Contrast with previous 'checking' which was more in the style 'could we perhaps plausibly do something with this message?' aka broken.
* Compile fixlloyd2011-12-271-1/+1
|
* Add the code for DHE/DSS with RC4, not 'official' but the codepointlloyd2011-12-272-0/+7
| | | | | | | was included in a now-expired ID (draft-ietf-tls-56-bit-ciphersuites-01) and mentioned in Rescorla's SSL book. Not implemented by OpenSSL but does appear to be included in GnuTLS.
* Compile fix, also save version #lloyd2011-12-231-1/+2
|
* Fix crashlloyd2011-12-231-1/+6
|
* Initial hooks for session resumptionlloyd2011-12-2315-163/+277
|
* Centralize a lot of the handshaking and message parsing in TLS_Channellloyd2011-12-237-483/+308
| | | | Also delete the obsolete/never worked CMS examples
* Rename ssl module to tlslloyd2011-12-2329-0/+0
|
* First stab at an event driven TLS client.lloyd2011-12-237-228/+119
|
* Add code point for the SRP identifier extension and add a check for itlloyd2011-12-173-0/+13
| | | | | in the Client_Hello parser. Works, tested with GnuTLS command line client.
* Initial run at an SRP-6a implementation. Not entirely sure about thelloyd2011-12-174-0/+288
| | | | | interface but it's a plausible start. Will probably have more insights after adding TLS hooks.
* Add the 2048 bit SRP group from RFC 5054lloyd2011-12-171-0/+15
|
* Make this exception somewhat more understandable. I think.lloyd2011-12-171-1/+1
|
* Use LoadLibraryA instead of bare LoadLibrary so things work if used inlloyd2011-12-131-1/+1
| | | | an amalgamation and the app is compiled in Unicode mode.
* Fix PR 166lloyd2011-12-081-5/+9
|
* Add basic NaCl targetlloyd2011-12-081-0/+4
|
* LoadLibrary apparently works on MinGWlloyd2011-12-021-0/+1
|
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-27 10:34:34 +0000