summaryrefslogtreecommitdiff
path: root/lib/constate.c
Commit message (Collapse)AuthorAgeFilesLines
* security_parameters: simplified contents by keeping pointer to ↵Nikos Mavrogiannopoulos2017-08-021-54/+8
| | | | | | | | | cipher_suite_entry_st That, in addition to simplifying the contents, it allows faster access to ciphersuite's properties. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* record: more precise calculation of max recv sizeNikos Mavrogiannopoulos2017-07-131-0/+5
| | | | | | | | Previously we were using a rough calculation of the max recv size based on maximum values. Now we calculate the exact maximum value once the epoch is initialized and enforce it throughout the session. Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Eliminated access to obsolete priority cache fieldsNikos Mavrogiannopoulos2017-07-101-15/+0
| | | | Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* handshake: simplified the server-side ciphersuite negotiationNikos Mavrogiannopoulos2017-07-101-8/+17
| | | | | | | | | | | | | This eliminates all the back and forth loops in the previous code while keeping the same ciphersuite selection checks in place. The ciphersuite selection tests that were kept: * Check if key exchange supports the server public key and key usage flags * Check if DH or other parameters required for the ciphersuite are present * Find appropriate certificate for the credentials and ciphersuite * Check whether a curve is negotiated for the ECDH ciphersuites Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Removed support for compression mechanismsNikos Mavrogiannopoulos2017-06-221-48/+1
| | | | | | | | | | They are not required for TLS 1.3, and are deprecated for TLS 1.2. We eliminate them in order to reduce the complexity in the record packet handling. Resolves #212 Signed-off-by: Nikos Mavrogiannopoulos <nmav@redhat.com>
* Drop _gnutls_epoch_get_compressionDmitry Eremin-Solenikov2016-12-141-12/+0
| | | | | | This function is unused since long ago, let's drop it. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Rework setting next compression methodDmitry Eremin-Solenikov2016-12-141-4/+4
| | | | | | | | Only update compression method if all internal check succeed and next epoch will use this it. Also while we are at at, actually check for _gnutls_set_compression() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Rework setting next cipher suiteDmitry Eremin-Solenikov2016-12-141-3/+4
| | | | | | | | Only update cipher_suite if all internal check succeed and next epoch will use this ciphe suite. Also while we are at at, actually check for _gnutls_set_cipher_suite() return value. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Cache MAC algorithm used for PRF functionDmitry Eremin-Solenikov2016-12-141-0/+9
| | | | | | | | Instead of spreading checks all over the GnuTLS, cache used PRF after setting the cipher suite and reference the value later. Like in _gnutls_PRF_raw the GNUTLS_MAC_MD5_SHA1 means MD5+SHA1 combo. Signed-off-by: Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* dtls: imported Fridolin's DTLS sliding window implementationNikos Mavrogiannopoulos2016-07-131-1/+2
| | | | This simplifies the current code, and reduces the memory needed.
* Amend: Allow for conditional compilation of SSL 3.0 protocolNikos Mavrogiannopoulos2016-05-201-0/+2
| | | | This patch makes conditional several more SSL 3.0-only parts of codebase.
* Allow for conditional compilation of SSL 3.0 protocolNikos Mavrogiannopoulos2016-05-141-2/+3
| | | | | | | This allows to completely remove SSL 3.0 support by calling configure with the '--disable-ssl3' option. Resolves #93
* Modified the CHACHA20 cipher to conform to draft-ietf-tls-chacha20-poly1305-02Nikos Mavrogiannopoulos2015-11-071-4/+12
|
* Removed the 'gnutls_' prefix from files to simplify file namingNikos Mavrogiannopoulos2015-08-231-0/+729
View Lorry Controller Status