| Age | Commit message (Collapse) | Author |
|---|
|
Oops, I accidentally shadowed the outer scope's "decrypted" ByteBuffer
which caused us to throw away the buffer too early.
Fixes #4533.
|
|
This was another way to get a non-owning ByteBuffer wrapper.
|
|
|
|
|
|
|
|
|
|
As quite a few certificates use this extension, reading and using it to
find matching certificates is fairly useful :^)
|
|
Match the Core::IODevice::read_line() API change and return a chomped
string from here as well.
|
|
Almost everyone using this API actually wanted String instead of a
ByteBuffer anyway, and there were a bunch of slightly different ways
clients would convert to String.
Let's just cut out all the confusion and make it return String. :^)
|
|
This is a regression introduced in 1172746, where the padding would be
done without accounting for the added MAC bytes.
Fixes #4098.
|
|
And integrate AES-GCM.
|
|
Also adds a very primitive systemwide ca_certs.ini file.
|
|
This needs to be read out if we want to actually verify the cert chain.
|
|
|
|
handshake failure
Some TLS implementations (namely, AWS CloudFront) do this instead of
sending handshake_failure for some reason.
|
|
Mostly in comments, but sprintf() now prints "August" instead of
"Auguest" so that's something.
|
|
|
|
|
|
|
|
With two different sequence numbers to boot!
Fixes #3273
|
|
Apart from causing All AK:: and Crypto:: symbols being suddenly visible even though
they might not be supposed to be, the style guide also says this is wrong:
https://github.com/SerenityOS/serenity/blob/master/Documentation/CodingStyle.md#using-statements
|
|
I originally defined the bytes() method for the String class, because it
made it obvious that it's a span of bytes instead of span of characters.
This commit makes this more consistent by defining a bytes() method when
the type of the span is known to be u8.
Additionaly, the cast operator to Bytes is overloaded for ByteBuffer and
such.
|
|
https://github.com/SerenityOS/serenity/commit/bc7a149039538f26e10444f38db6682d5df57333#r41386045
|
|
A trace for proof:
buffer:
L91: 0:(packet.size() - header_size)
L98: (packet.size() - header_size):(packet.size() - header_size + mac_size)
L102: (packet.size() - header_size + mac_size):buffer.size()
(asserted at L103)
ct:
L88: 0:(header_size - 2)
L123: (header_size - 2):(header_size)
L111: (header_size):(header_size + iv_size)
L117: (header_size + iv_size):(header_size + iv_size + length)
(asserted at L113)
|
|
This shaves 2.5 more runtime seconds off 'disasm /bin/id', and makes the
Mode<T> interface a lot more allocation-friendly.
|
|
This function did a const_cast internally which made the call side look
"safe". This method is removed completely and call sites are replaced
with ByteBuffer::wrap(const_cast<void*>(data), size) which makes the
behaviour obvious.
|
|
|
|
This makes gemini.circumlunar.space (and some more gemini pages) work
again :^)
|
|
|
|
Previously, we would not care if the handshake timer timed out because
the server was too slow, or because we were too slow, this caused
connections to fail when the system was under heavy load.
This patch fixes this behaviour (and closes #2843) by checking if the
timeout delay was within margin of error of the max timeout.
|
|
|
|
|
|
This commit also adds a timeout timer to cancel the connection if the
server does not respond to the hello request in 10 seconds.
|
|
|
|
This makes it possible to build both of these on Linux.
|
|
Adds more TLS 1.2 error descriptions according to the specification:
https://tools.ietf.org/html/rfc5246#section-7.2.2
This changes the DecryptionFailed description, as the specification
says that this alert should NEVER be sent by a compliant server.
|
|
|
|
|
|
This seems like a better compromise between throughput and latency, and
it doesn't _really_ affect the performance, so let's just compromise.
|
|
This patchset drops the write notifier, and schedules writes only when
necessary.
As a result, the CPU utilisation no longer spikes to the skies :^)
|
|
The "ready to write" notifier we set up in generic socket connection is
really only meant to detect a successful connection. Once we have a TCP
connection, for example, it will fire on every event loop iteration.
This was causing IRC Client to max out the CPU by getting this no-op
notifier callback over and over.
Since this was only used by TLSv12, I changed that code to create its
own notifier instead. It might be possible to improve TLS performance
by only processing writes when actually needed, but I didn't look very
closely at that for this patch. :^)
|
|
Closes https://github.com/SerenityOS/serenity/issues/2080
|
|
|
|
Not particularly helpful, but better than nothing.
|
|
|
|
Contrary to popular belief, not every implementation of TLS follows the
specs.
Some of them just drop the connection without sending a proper
close_notify, and we should handle that gracefully.
|
|
|
|
This commit splits the TLSv12 file into multiple files, and also removes
some magic values, to make the code less horrible. :^)
|
|
Now we can talk to google.com
|
|
This is in preparation for the upcoming Galois/Counter mode, which
conventionally has 12 bytes of IV as opposed to CBC's 16 bytes.
...Also fixes a lot of style issues, since the author finally found the
project's clang config file in the repository root :^)
|
