summaryrefslogtreecommitdiff
path: root/Userland/Libraries/LibTLS
AgeCommit message (Collapse)Author
2021-09-21Libraries: Use AK::Variant default initialization where appropriateBen Wiederhake
2021-09-19LibTLS: Use a setter for on_tls_ready_to_write with some more smartsAli Mohammad Pur
The callback should be called as soon as the connection is established, and if we actually set the callback when it already is, we expect it to be called immediately.
2021-09-19LibTLS: Don't close the underlying socket on EOFAli Mohammad Pur
2021-09-16LibTLS: Close the underlying socket on EOFAli Mohammad Pur
This is 23febbed41d8296cf9e532a17145822cd099b591 but without the bug that makes the CI hang :^)
2021-09-16Revert "LibTLS: Close the underlying socket on EOF"Brian Gianforcaro
This reverts commit 23febbed41d8296cf9e532a17145822cd099b591. It breaks the TestTLSHandshake test used in CI, it causes it to hang, and all CI jobs have been hanging.
2021-09-15LibTLS: Increase the maximum socket read size to 4MiBAli Mohammad Pur
There's no reason to limit ourselves to 4KiB, this socket is not blocking anyway.
2021-09-15LibTLS: Close the underlying socket on EOFAli Mohammad Pur
There's no reason to keep waiting when there's nothing else to come. This makes RequestServer not spin on Core::Socket::read() (in some scenarios).
2021-09-06Everywhere: Make ByteBuffer::{create_*,copy}() OOM-safeAli Mohammad Pur
2021-09-06Everywhere: Use OOM-safe ByteBuffer APIs where possibleAli Mohammad Pur
If we can easily communicate failure, let's avoid asserting and report failure instead.
2021-09-02Userland: Migrate to argument-less deferred_invokesin-ack
Only one place used this argument and it was to hold on to a strong ref for the object. Since we already do that now, there's no need to keep this argument around since this can be easily captured. This commit contains no changes.
2021-08-22Everywhere: Rename get in ConfigFile::get_for_{lib,app,system} to opennetworkException
This patch brings the ConfigFile helpers for opening lib, app and system configs more inline with the regular ConfigFile::open functions.
2021-08-16LibTLS: Add DHE_RSA AES GCM cipher suitesSamuel Bowman
This adds the following cipher suites: * DHE_RSA_WITH_AES_128_GCM_SHA256 * DHE_RSA_WITH_AES_256_GCM_SHA384
2021-08-16LibTLS: Implement the DHE_RSA key exchange algorithmSamuel Bowman
This adds two methods, handle_dhe_rsa_server_key_exchange and build_dhe_rsa_pre_master_secret, to TLSv12 and a struct, server_diffie_hellman_params, to Context, which are used to implement the DHE_RSA key exchange algorithm. This grants us the benefits of forward secrecy and access to sites which support DHE_RSA. It is worth noting that the signature of the server provided Diffie-Hellman parameters is not currently validated. This will need to be addressed to prevent man-in-the-middle attacks.
2021-08-08Everywhere: Replace AK::Singleton => SingletonAndreas Kling
2021-08-01Libraries: Remove unused header includesBrian Gianforcaro
2021-06-29LibCrypto: Replace from_base{2,8,10,16}() & to_base10 with from_base(N)Idan Horowitz
This allows us to support parsing and serializing BigIntegers to and from any base N (such that 2 <= N <= 36).
2021-06-28LibTLS: Ensure that on_tls_finished is called only onceAli Mohammad Pur
Connection state changes when the logical transport is closed should not trigger tls_finished.
2021-06-17Everywhere: Replace the multiple impls of print_buffer() with :hex-dumpAli Mohammad Pur
2021-06-08Everywhere: Replace Vector<T*> with nonnull entries with Vector<T&>Ali Mohammad Pur
2021-05-31AK: Replace ByteBuffer::grow with resize()/ensure_capacity()Gunnar Beutner
Previously ByteBuffer::grow() behaved like Vector<T>::resize(). However the function name was somewhat ambiguous - and so this patch updates ByteBuffer to behave more like Vector<T> by replacing grow() with resize() and adding an ensure_capacity() method. This also lets the user change the buffer's capacity without affecting the size which was not previously possible. Additionally this patch makes the capacity() method public (again).
2021-05-29LibTLS: Allow using other hash algorithms for HMACDexesTTP
The standard allows for ciphers to define which hash to use. Fixes #7348
2021-05-29LibTLS: Use a more precise KeyExchangeAlgorithm enumDexesTTP
The old enumeration didn't allow discriminating the key exchange algorithms used, but only allowed the handshake with the server. With this new enumeration, we can know which key exchange algorithm we are actually supposed to use :^)
2021-05-29LibTLS: Add IANA Hex codes for all recommended cipher suitesDexesTTP
Also sort the existing cipher suites, and remove the unsupported ones. We don't support any of these recommended ciphers, but at least we now know which ones we should focus on :^)
2021-05-19LibTLS: Enable the RSA_WITH_AES_256_GCM_SHA384 cipherDexesTTP
This is more of an example commit of how to add new ciphers to TLS.
2021-05-19LibTLS: Use RSA key exchange based on the cipherDexesTTP
After this, we aren't hardcoding RSA in everything we do anymore!
2021-05-19LibTLS: Generate cipher variants based on the cipherDexesTTP
This is better than using the AEAD flag :^)
2021-05-19LibTLS: Replace cipher selection with a variantDexesTTP
2021-05-19LibTLS: Rework method names and arrangement in cpp filesDexesTTP
This commit only moves and renames methods. The code hasn't changed.
2021-05-19LibTLS: Define cipher suite parameters and components in a macroDexesTTP
Instead of sprinkling the definition of the ciper suites all over the TLS implementation, let's regroup it all once and for all in a single place, and then add our new implementations there.
2021-05-19LibTLS: Move the asn certificate parser to Certificate.cppDexesTTP
2021-05-19LibTLS: Move the cipher list to the CipherSuite.h headerDexesTTP
2021-05-16AK+Userland: Remove nullability feature for the ByteBuffer typeGunnar Beutner
Nobody seems to use this particular feature, in fact there were some bugs which were uncovered by removing operator bool.
2021-05-16AK+Userland: Fix some compiler warnings and make variables const-refGunnar Beutner
This fixes a few compiler warnings and makes some variables const-ref in preparation for the next commit which changes how ByteBuffer works.
2021-05-14LibTLS: Actually verify the certificatsAli Mohammad Pur
This was likely commented out at some point to debug something.
2021-05-14LibCrypto+LibTLS: Avoid unaligned reads and writesAli Mohammad Pur
This adds an `AK::ByteReader` to help with that so we don't duplicate the logic all over the place. No more `*(const u16*)` and `*(const u32*)` for anyone. This should help a little with #7060.
2021-05-13LibTLS: Enable -Wvla for LibTLSAli Mohammad Pur
Fixes #7071.
2021-05-13LibTLS: Remove all uses of VLAsAli Mohammad Pur
2021-05-12LibCore+Everywhere: Move OpenMode out of IODeviceAli Mohammad Pur
...and make it an enum class so people don't omit "OpenMode".
2021-05-12LibTLS: Always send the signature_algorithms extensionAli Mohammad Pur
At some point since Sep 2018, OpenSSL added a ~~bug~~ feature that makes the default set of signature algorithms defined in TLSv1.2 unusable without reducing what they call the "security level", which caused communication with servers using more recent versions of openssl to fail with "internal error". This commit makes LibTLS always send its supported sigalgs, making the server not default to the insecure defaults, and thus enabling us to talk to such servers.
2021-05-01Everywhere: Turn #if *_DEBUG into dbgln_if/if constexprGunnar Beutner
2021-04-23LibTLS: Call the read hooks after processing messages tooAli Mohammad Pur
Otherwise the notification would be deferred until the next read event, which means the client will not get any events if the server initiates the appdata transfers.
2021-04-22AK+Userland: Use mpfard@serenityos.org for my copyright headersAli Mohammad Pur
2021-04-22Everything: Move to SPDX license identifiers in all files.Brian Gianforcaro
SPDX License Identifiers are a more compact / standardized way of representing file license information. See: https://spdx.dev/resources/use/#identifiers This was done with the `ambr` search and replace tool. ambr --no-parent-ignore --key-from-file --rep-from-file key.txt rep.txt *
2021-04-18LibTLS: Parse X.509 certificates with the new ASN.1 parserAnotherTest
As a nice side effect, also correctly test for certificate validity :^)
2021-04-10LibTLS: Remove excessive CloseNotify loggingJelle Raaijmakers
2021-04-10LibTLS: Convert some #ifs to dbgln_if()Jelle Raaijmakers
2021-04-10LibTLS: Support empty SNI data in ServerHelloJelle Raaijmakers
According to RFC6066, empty extension_data for an SNI extension is absolutely one of the possibilities - so let's support this instead of spamming the debug log.
2021-04-07LibTLS: Hide some debug spam, use more dbgln_if and if constexprLinus Groh
The debug console was full of 'Update hash with message of size x'.
2021-04-03LibTLS: Make the TLS connection options user-configurableAnotherTest
The user may now request specific cipher suites, the use of SNI, and whether we should validate certificates (not that we're doing a good job of that).
2021-04-03LibTLS: Remove long-outdated comment that no longer makes senseAnotherTest