openbsd/src/lib/libssl/Makefile, branch libressl-v3.2.3A mirror of https://github.com/libressl/openbsd.git
https://git.lua4.win/openbsd/atom?h=libressl-v3.2.32020-08-30T15:40:20+00:00Start replacing the existing TLSv1.2 record layer.2020-08-30T15:40:20+00:00jsing2020-08-30T15:40:20+00:00urn:sha1:5df2cd671a3bb55e3ec34638a6a36eef237c529f
This takes the same design/approach used in TLSv1.3 and provides an
opaque struct that is self contained and cannot reach back into other
layers. For now this just implements/replaces the writing of records
for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the
plaintext into the same buffer that is used to transmit to the wire.
ok inoguchi@ tb@
The check_includes step is incorrect dependency management model for2020-06-09T16:53:53+00:00deraadt2020-06-09T16:53:53+00:00urn:sha1:baa0c5c5165ab0d82f8bf0f78e00dcc807069782
how our tree gets built. If this was done in all the libraries (imagine
sys/dev), it would disrupt the development process hugely. So it should
not be done here either. use 'make includes' by hand instead.
Provide an easy way to get debug information from TLSv1.3 handshakes.2020-05-10T14:22:51+00:00jsing2020-05-10T14:22:51+00:00urn:sha1:7307f1dd5e30b646fc44384ead7b0ded4fb8f217
This makes it easier to debug TLSv1.3 handshake failures.
"Yes please!" tb@, ok beck@
Remove dtls1_enc().2020-03-13T16:40:42+00:00jsing2020-03-13T16:40:42+00:00urn:sha1:591b982ee293938f0df951b42722d3714201a5b8
Like much of the original DTLS code, dtls1_enc() is effectively a renamed
copy of tls1_enc(). Since then tls1_enc() has been modified, however the
non-AEAD code remains largely the same. As such, remove dtls1_enc() and
instead call tls1_enc() from the DTLS code.
The tls1_enc() AEAD code does not currently work correctly with DTLS,
however this is a non-issue since we do not support AEAD cipher suites with
DTLS currently.
ok tb@
Move the TLSv1.3 code that interfaces with the legacy APIs/stack into a2020-02-15T14:40:38+00:00jsing2020-02-15T14:40:38+00:00urn:sha1:facbfa56f3358d503aff3e7bd6136e5589043c37
separate file.
Discussed with beck@ and tb@
Provide struct/functions for handling TLSv1.3 key shares.2020-01-30T17:09:23+00:00jsing2020-01-30T17:09:23+00:00urn:sha1:8c4b49ffef3b61d982a273df3cd92b2e017aa065
Pull out the key share handling code and provide a clean/self contained
interface. This will make it easier to support groups other than X25519.
ok beck@ inoguchi@ tb@
Factor out/rewrite the ECDHE EC point key exchange code.2020-01-30T16:25:09+00:00jsing2020-01-30T16:25:09+00:00urn:sha1:c435cca7eec0ec8c6d2f34f5511be91edae36307
This reduces replication between the existing TLS client/server and allows
the code to soon be reused for TLSv1.3.
With feedback from inoguchi@ and tb@
ok inoguchi@ tb@
Add checks to ensure that lib{crypto,ssl,tls} public headers have actually2020-01-22T07:58:28+00:00jsing2020-01-22T07:58:28+00:00urn:sha1:dc84fb2cb29e63e7e897d76ae53fe48add525348
been installed prior to building.
Requested by and ok tb@
Split the TLSv1.3 guards into separate client and server guards.2020-01-22T01:21:43+00:00jsing2020-01-22T01:21:43+00:00urn:sha1:4c51eb4a7e69d292be8035dde8373d7945494bae
ok beck@ tb@
Provide an error framework for use with the TLSv1.3 code.2020-01-20T13:10:37+00:00jsing2020-01-20T13:10:37+00:00urn:sha1:6c57da956694b085fa306331ad12ba299e6715ff
This is based on the libtls error handling code, but adds machine readable
codes and subcodes. We then map these codes back to libssl error codes.
ok beck@ inoguchi@