summaryrefslogtreecommitdiff
path: root/Userland/Libraries/LibTLS
AgeCommit message (Collapse)Author
2021-11-11Everywhere: Pass AK::ReadonlyBytes by valueAndreas Kling
2021-11-11Everywhere: Pass AK::StringView by valueAndreas Kling
2021-11-10AK: Make ByteBuffer::try_* functions return ErrorOr<void>Andreas Kling
Same as Vector, ByteBuffer now also signals allocation failure by returning an ENOMEM Error instead of a bool, allowing us to use the TRY() and MUST() patterns.
2021-10-10LibTLS: Remove useless ByteBuffer allocation in TLSv12::read_line()Ali Mohammad Pur
2021-10-06LibTLS: Add missing headers to CipherSuite.hBen Wiederhake
2021-10-03LibTLS: Split large application data packets into chunksAli Mohammad Pur
Each TLS record has a limited max size, we should respect that and split the packets. Fixes RecordOverflow errors when a packet larger than 18432 bytes is sent over.
2021-10-01Libraries: Fix typosNico Weber
2021-09-28LibTLS: Mark the connection as finished and disconnected on TLS errorAli Mohammad Pur
2021-09-21Libraries: Use AK::Variant default initialization where appropriateBen Wiederhake
2021-09-19LibTLS: Use a setter for on_tls_ready_to_write with some more smartsAli Mohammad Pur
The callback should be called as soon as the connection is established, and if we actually set the callback when it already is, we expect it to be called immediately.
2021-09-19LibTLS: Don't close the underlying socket on EOFAli Mohammad Pur
2021-09-16LibTLS: Close the underlying socket on EOFAli Mohammad Pur
This is 23febbed41d8296cf9e532a17145822cd099b591 but without the bug that makes the CI hang :^)
2021-09-16Revert "LibTLS: Close the underlying socket on EOF"Brian Gianforcaro
This reverts commit 23febbed41d8296cf9e532a17145822cd099b591. It breaks the TestTLSHandshake test used in CI, it causes it to hang, and all CI jobs have been hanging.
2021-09-15LibTLS: Increase the maximum socket read size to 4MiBAli Mohammad Pur
There's no reason to limit ourselves to 4KiB, this socket is not blocking anyway.
2021-09-15LibTLS: Close the underlying socket on EOFAli Mohammad Pur
There's no reason to keep waiting when there's nothing else to come. This makes RequestServer not spin on Core::Socket::read() (in some scenarios).
2021-09-06Everywhere: Make ByteBuffer::{create_*,copy}() OOM-safeAli Mohammad Pur
2021-09-06Everywhere: Use OOM-safe ByteBuffer APIs where possibleAli Mohammad Pur
If we can easily communicate failure, let's avoid asserting and report failure instead.
2021-09-02Userland: Migrate to argument-less deferred_invokesin-ack
Only one place used this argument and it was to hold on to a strong ref for the object. Since we already do that now, there's no need to keep this argument around since this can be easily captured. This commit contains no changes.
2021-08-22Everywhere: Rename get in ConfigFile::get_for_{lib,app,system} to opennetworkException
This patch brings the ConfigFile helpers for opening lib, app and system configs more inline with the regular ConfigFile::open functions.
2021-08-16LibTLS: Add DHE_RSA AES GCM cipher suitesSamuel Bowman
This adds the following cipher suites: * DHE_RSA_WITH_AES_128_GCM_SHA256 * DHE_RSA_WITH_AES_256_GCM_SHA384
2021-08-16LibTLS: Implement the DHE_RSA key exchange algorithmSamuel Bowman
This adds two methods, handle_dhe_rsa_server_key_exchange and build_dhe_rsa_pre_master_secret, to TLSv12 and a struct, server_diffie_hellman_params, to Context, which are used to implement the DHE_RSA key exchange algorithm. This grants us the benefits of forward secrecy and access to sites which support DHE_RSA. It is worth noting that the signature of the server provided Diffie-Hellman parameters is not currently validated. This will need to be addressed to prevent man-in-the-middle attacks.
2021-08-08Everywhere: Replace AK::Singleton => SingletonAndreas Kling
2021-08-01Libraries: Remove unused header includesBrian Gianforcaro
2021-06-29LibCrypto: Replace from_base{2,8,10,16}() & to_base10 with from_base(N)Idan Horowitz
This allows us to support parsing and serializing BigIntegers to and from any base N (such that 2 <= N <= 36).
2021-06-28LibTLS: Ensure that on_tls_finished is called only onceAli Mohammad Pur
Connection state changes when the logical transport is closed should not trigger tls_finished.
2021-06-17Everywhere: Replace the multiple impls of print_buffer() with :hex-dumpAli Mohammad Pur
2021-06-08Everywhere: Replace Vector<T*> with nonnull entries with Vector<T&>Ali Mohammad Pur
2021-05-31AK: Replace ByteBuffer::grow with resize()/ensure_capacity()Gunnar Beutner
Previously ByteBuffer::grow() behaved like Vector<T>::resize(). However the function name was somewhat ambiguous - and so this patch updates ByteBuffer to behave more like Vector<T> by replacing grow() with resize() and adding an ensure_capacity() method. This also lets the user change the buffer's capacity without affecting the size which was not previously possible. Additionally this patch makes the capacity() method public (again).
2021-05-29LibTLS: Allow using other hash algorithms for HMACDexesTTP
The standard allows for ciphers to define which hash to use. Fixes #7348
2021-05-29LibTLS: Use a more precise KeyExchangeAlgorithm enumDexesTTP
The old enumeration didn't allow discriminating the key exchange algorithms used, but only allowed the handshake with the server. With this new enumeration, we can know which key exchange algorithm we are actually supposed to use :^)
2021-05-29LibTLS: Add IANA Hex codes for all recommended cipher suitesDexesTTP
Also sort the existing cipher suites, and remove the unsupported ones. We don't support any of these recommended ciphers, but at least we now know which ones we should focus on :^)
2021-05-19LibTLS: Enable the RSA_WITH_AES_256_GCM_SHA384 cipherDexesTTP
This is more of an example commit of how to add new ciphers to TLS.
2021-05-19LibTLS: Use RSA key exchange based on the cipherDexesTTP
After this, we aren't hardcoding RSA in everything we do anymore!
2021-05-19LibTLS: Generate cipher variants based on the cipherDexesTTP
This is better than using the AEAD flag :^)
2021-05-19LibTLS: Replace cipher selection with a variantDexesTTP
2021-05-19LibTLS: Rework method names and arrangement in cpp filesDexesTTP
This commit only moves and renames methods. The code hasn't changed.
2021-05-19LibTLS: Define cipher suite parameters and components in a macroDexesTTP
Instead of sprinkling the definition of the ciper suites all over the TLS implementation, let's regroup it all once and for all in a single place, and then add our new implementations there.
2021-05-19LibTLS: Move the asn certificate parser to Certificate.cppDexesTTP
2021-05-19LibTLS: Move the cipher list to the CipherSuite.h headerDexesTTP
2021-05-16AK+Userland: Remove nullability feature for the ByteBuffer typeGunnar Beutner
Nobody seems to use this particular feature, in fact there were some bugs which were uncovered by removing operator bool.
2021-05-16AK+Userland: Fix some compiler warnings and make variables const-refGunnar Beutner
This fixes a few compiler warnings and makes some variables const-ref in preparation for the next commit which changes how ByteBuffer works.
2021-05-14LibTLS: Actually verify the certificatsAli Mohammad Pur
This was likely commented out at some point to debug something.
2021-05-14LibCrypto+LibTLS: Avoid unaligned reads and writesAli Mohammad Pur
This adds an `AK::ByteReader` to help with that so we don't duplicate the logic all over the place. No more `*(const u16*)` and `*(const u32*)` for anyone. This should help a little with #7060.
2021-05-13LibTLS: Enable -Wvla for LibTLSAli Mohammad Pur
Fixes #7071.
2021-05-13LibTLS: Remove all uses of VLAsAli Mohammad Pur
2021-05-12LibCore+Everywhere: Move OpenMode out of IODeviceAli Mohammad Pur
...and make it an enum class so people don't omit "OpenMode".
2021-05-12LibTLS: Always send the signature_algorithms extensionAli Mohammad Pur
At some point since Sep 2018, OpenSSL added a ~~bug~~ feature that makes the default set of signature algorithms defined in TLSv1.2 unusable without reducing what they call the "security level", which caused communication with servers using more recent versions of openssl to fail with "internal error". This commit makes LibTLS always send its supported sigalgs, making the server not default to the insecure defaults, and thus enabling us to talk to such servers.
2021-05-01Everywhere: Turn #if *_DEBUG into dbgln_if/if constexprGunnar Beutner
2021-04-23LibTLS: Call the read hooks after processing messages tooAli Mohammad Pur
Otherwise the notification would be deferred until the next read event, which means the client will not get any events if the server initiates the appdata transfers.
2021-04-22AK+Userland: Use mpfard@serenityos.org for my copyright headersAli Mohammad Pur