summaryrefslogtreecommitdiff
path: root/Libraries/LibTLS
AgeCommit message (Collapse)Author
2020-10-30LibTLS: (Almost) verify certificate chain against root CA certificatesAnotherTest
Also adds a very primitive systemwide ca_certs.ini file.
2020-10-30LibTLS: Also read out the Organisational Unit from the certificateAnotherTest
This needs to be read out if we want to actually verify the cert chain.
2020-10-30LibTLS: Move out Certificate to its own header fileAnotherTest
2020-10-26LibTLS: Treat a close_notify before agreeing on a cipher suite as a ↵Luke
handshake failure Some TLS implementations (namely, AWS CloudFront) do this instead of sending handshake_failure for some reason.
2020-10-02Everywhere: Fix typosNico Weber
Mostly in comments, but sprintf() now prints "August" instead of "Auguest" so that's something.
2020-08-25AK: Add Endian.h header to replace NetworkOrdered.h.asynts
2020-08-25Misc: Remove some unneeded includes of Timer.h and ElapsedTimer.h (#3286)Nico Weber
2020-08-24LibTLS: Fix some debug loggingAnotherTest
2020-08-24LibTLS: Do not process_message() the finished message twiceAnotherTest
With two different sequence numbers to boot! Fixes #3273
2020-08-23Meta: Fix wrong 'using namespace X' usagesBen Wiederhake
Apart from causing All AK:: and Crypto:: symbols being suddenly visible even though they might not be supposed to be, the style guide also says this is wrong: https://github.com/SerenityOS/serenity/blob/master/Documentation/CodingStyle.md#using-statements
2020-08-15AK: Rename span() to bytes() when appropriate.asynts
I originally defined the bytes() method for the String class, because it made it obvious that it's a span of bytes instead of span of characters. This commit makes this more consistent by defining a bytes() method when the type of the span is known to be u8. Additionaly, the cast operator to Bytes is overloaded for ByteBuffer and such.
2020-08-12LibTLS: Re-silence a debug log Ali Mohammad Pur
https://github.com/SerenityOS/serenity/commit/bc7a149039538f26e10444f38db6682d5df57333#r41386045
2020-08-11LibTLS: Avoid extra initialisation of buffers that are initialisedAnotherTest
A trace for proof: buffer: L91: 0:(packet.size() - header_size) L98: (packet.size() - header_size):(packet.size() - header_size + mac_size) L102: (packet.size() - header_size + mac_size):buffer.size() (asserted at L103) ct: L88: 0:(header_size - 2) L123: (header_size - 2):(header_size) L111: (header_size):(header_size + iv_size) L117: (header_size + iv_size):(header_size + iv_size + length) (asserted at L113)
2020-08-11LibCrypto+LibTLS+Kernel: Switch the Cipher::Mode interface to use SpanAnotherTest
This shaves 2.5 more runtime seconds off 'disasm /bin/id', and makes the Mode<T> interface a lot more allocation-friendly.
2020-08-06Refactor: Expose const_cast by removing ByteBuffer::warp(const void*, size_t)asynts
This function did a const_cast internally which made the call side look "safe". This method is removed completely and call sites are replaced with ByteBuffer::wrap(const_cast<void*>(data), size) which makes the behaviour obvious.
2020-08-05LibTLS + LibCrypto: Suppress unobserved Optoinal<T> return values.Brian Gianforcaro
2020-08-02ProtocolServer+LibTLS: Pipe certificate requests from LibTLS to clientsAnotherTest
This makes gemini.circumlunar.space (and some more gemini pages) work again :^)
2020-08-02LibTLS: Add (basic) support for sending client certificatesAnotherTest
2020-07-21LibTLS: Reschedule the timeout if we're too slowAnotherTest
Previously, we would not care if the handshake timer timed out because the server was too slow, or because we were too slow, this caused connections to fail when the system was under heavy load. This patch fixes this behaviour (and closes #2843) by checking if the timeout delay was within margin of error of the max timeout.
2020-06-04LibTLS: Simplify record padding logic and ASSERT more assumptionsAnotherTest
2020-06-01LibTLS: Put a little more debug spam behind TLS_DEBUGAndreas Kling
2020-05-30LibTLS: Avoid busy-wait between ClientHello and ServerHelloAnotherTest
This commit also adds a timeout timer to cancel the connection if the server does not respond to the hello request in 10 seconds.
2020-05-30Lagom: Adjust AK, LibCore and LibTLS to build on MacOSMarcin Gasperowicz
2020-05-27LibCrypto+LibTLS: Use AK/Random.hAndreas Kling
This makes it possible to build both of these on Linux.
2020-05-27LibTLS: Add more TLS 1.2 error descriptionsLuke
Adds more TLS 1.2 error descriptions according to the specification: https://tools.ietf.org/html/rfc5246#section-7.2.2 This changes the DecryptionFailed description, as the specification says that this alert should NEVER be sent by a compliant server.
2020-05-26LibTLS: Put lots of debug spam behind TLS_DEBUGAndreas Kling
2020-05-21LibTLS: Do not call on_tls_finished until the client has read app dataAnotherTest
2020-05-20LibTLS: Flush some packets as soon as more packets are writtenAnotherTest
This seems like a better compromise between throughput and latency, and it doesn't _really_ affect the performance, so let's just compromise.
2020-05-19LibTLS: Only try to flush data when neededAnotherTest
This patchset drops the write notifier, and schedules writes only when necessary. As a result, the CPU utilisation no longer spikes to the skies :^)
2020-05-18LibCore+LibTLS: Don't keep a "ready to write" notifier on all SocketsAndreas Kling
The "ready to write" notifier we set up in generic socket connection is really only meant to detect a successful connection. Once we have a TCP connection, for example, it will fire on every event loop iteration. This was causing IRC Client to max out the CPU by getting this no-op notifier callback over and over. Since this was only used by TLSv12, I changed that code to create its own notifier instead. It might be possible to improve TLS performance by only processing writes when actually needed, but I didn't look very closely at that for this patch. :^)
2020-05-14Build: Switch to CMake :^)Sergey Bugaev
Closes https://github.com/SerenityOS/serenity/issues/2080
2020-05-07LibTLS: Verify server certificate expiry dateAnotherTest
2020-05-05LibTLS: Try to disambiguate errors in case of failureAnotherTest
Not particularly helpful, but better than nothing.
2020-05-03LibTLS: Put some debug spam behind an #ifdefAndreas Kling
2020-05-03LibTLS: "Properly" handle the server dropping the connectionAnotherTest
Contrary to popular belief, not every implementation of TLS follows the specs. Some of them just drop the connection without sending a proper close_notify, and we should handle that gracefully.
2020-05-02LibTLS: Implement build_alert()AnotherTest
2020-05-02LibTLS: Split TLSv12 to sensible categorical filesAnotherTest
This commit splits the TLSv12 file into multiple files, and also removes some magic values, to make the code less horrible. :^)
2020-05-02LibTLS: Switch to Hash::Manager for hashing and add SHA1AnotherTest
Now we can talk to google.com
2020-05-02LibCrypto+LibTLS: Generalise the use of IV lengthAnotherTest
This is in preparation for the upcoming Galois/Counter mode, which conventionally has 12 bytes of IV as opposed to CBC's 16 bytes. ...Also fixes a lot of style issues, since the author finally found the project's clang config file in the repository root :^)
2020-05-02LibTLS: Make enough stuff work to have a demo runAnotherTest
...maybe, sometimes :^)