summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Recent discussions about abort() potentially leaving key material inderaadt2019-01-261-5/+8
| | | | | | | | core files (which can depend upon various file layouts) have resonated with my hate for this function outside a purely debugging context. I also dislike how the report goes to stderr which may get lost or ignored. Increase the noise (with syslog_r) and use _exit(1) to gaurantee termination. ok jsing
* print errors to stderrtb2019-01-251-19/+21
|
* sort output suffixestb2019-01-251-2/+2
|
* I am retiring my old email address; replace it with my OpenBSD one.millert2019-01-2527-61/+61
|
* Add code to visualize the state machine. Both the state machine and thetb2019-01-242-5/+79
| | | | | | | output will have to be tweaked, but this may as well happen in-tree. To try it, pkg_add graphviz and run 'make handshake.svg' in this directory. Committing early so Bob's followers can play.
* Set pointer variables in tls13 handshake to NULL on clearbeck2019-01-241-1/+5
| | | | ok jsing@ bcook@
* set the NEGOTIATED flag in the flags argument rather thantb2019-01-241-4/+4
| | | | squeezing it into the table.
* Add server side of versions, keyshare, and client and server of cookiebeck2019-01-245-28/+742
| | | | | | | | extensions for tls1.3. versions is currently defanged to ignore its result until tls13 server side wired in full, so that server side code still works today when we only support tls 1.2 ok bcook@ tb@ jsing@
* move the extensions_seen into the handshake structbeck2019-01-243-6/+12
| | | | ok jsing@
* Remove SHA224 based sigalgs from use in TLS 1.2 as SHA224 is deprecated.beck2019-01-243-37/+22
| | | | | Remove GOST based sigalgs from TLS 1.2 since they don't work with TLS 1.2. ok jsing@
* Correct ECDSA_SECP512R1 typo to ECDSA_SECP521R1beck2019-01-232-6/+6
| | | | spotted by naddy@
* make whitespace inside curlies consistent; sort function prototypes.tb2019-01-231-24/+24
|
* Rename NUM_HANDSHAKE to handshake_count and make it a variabletb2019-01-233-13/+47
| | | | | | | | | so it can be used from regress. Update regress accordingly. Make sure the print target generates the entire table as it currently is in tls13_handshake.c discussed with beck and jsing ok jsing
* assert.h is often misused. It should not be used in a librarybeck2019-01-232-8/+5
| | | | ok bcook@ jsing@
* Modify sigalgs extension processing to accomodate TLS 1.3.beck2019-01-238-40/+93
| | | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2. - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 from a 1.3 handshake. ok jsing@ tb@
* revert previous, accidentally contained another diff in additionbeck2019-01-2310-408/+61
| | | | to the one I intended to commit
* Modify sigalgs extension processing for TLS 1.3.beck2019-01-2310-61/+408
| | | | | | | | | - Make a separate sigalgs list for TLS 1.3 including only modern algorithm choices which we use when the handshake will not negotiate TLS 1.2 - Modify the legacy sigalgs for TLS 1.2 to include the RSA PSS algorithms as mandated by RFC8446 when the handshake will permit negotiation of TLS 1.2 ok jsing@ tb@
* Sync the handshakes table with the generated table in regress.tb2019-01-231-19/+19
| | | | | | | This sorts the valid handshakes with respect to ascending flags value instead of the ad-hoc order produced by the algorithm. ok jsing
* incorrrect spellingtb2019-01-231-2/+2
|
* do not print the command in the print: targettb2019-01-231-2/+2
|
* Add a regression test that builds up the handshake state tabletb2019-01-232-1/+399
| | | | | | | from graph information and cross-checks it against the state table in tls13_handshake.c. with help from jsing
* Remove static from handshakes[][] so it is visible from regress/tb2019-01-231-2/+2
| | | | ok bcook
* No need to include <bsd.prog.mk> here.tb2019-01-232-4/+2
| | | | ok bcook
* sort sections, and add a missing verb to the EXAMPLES text;jmc2019-01-221-24/+24
|
* Wrap long lineotto2019-01-221-4/+4
|
* bump minors after symbol additiontb2019-01-223-3/+3
|
* Document SSL_get1_supported_ciphers(3) and SSL_get_client_ciphers(3).tb2019-01-221-7/+61
| | | | | | | The text comes from OpenSSL, where it was still published under a free license. from schwarze
* Add a re-implementation of SSL_get1_supported_ciphers().tb2019-01-223-2/+38
| | | | | | | Part of OpenSSL 1.1 API (pre-licence-change). input schwarze ok jsing
* Provide SSL_get_client_ciphers().tb2019-01-223-2/+12
| | | | | | Part of OpenSSL 1.1 API, pre-licence change. ok jsing
* Add missing symbols from the EC_KEY_METHOD port.tb2019-01-221-0/+8
| | | | Reported by bcook and sthen
* add support for xchacha20 and xchacha20-poly1305dlg2019-01-2210-11/+399
| | | | | | | xchacha is a chacha stream that allows for an extended nonce, which in turn makes it feasible to use random nonces. ok tb@
* lenght -> lengthjsg2019-01-212-3/+3
|
* a few tweakstedu2019-01-211-5/+9
|
* Add example showing a proper comparison function, as many examples showotto2019-01-211-3/+40
| | | | the wrong idiom. ok tedu@ but probably needs some tweakin
* Use the actual handshake message type in the certificate request handler.jsing2019-01-211-4/+2
|
* Move ssl_cipher_list_to_bytes() and ssl_bytes_to_cipher_list() totb2019-01-212-116/+120
| | | | | | | a more appropriately licenced file. jsing and doug have rewritten these functions (including the comments) over the past years. ok jsing
* Provide the initial TLSv1.3 client implementation.jsing2019-01-215-25/+192
| | | | | | | | | Move tls13_connect() to a new tls13_client.c file and provide a legacy wrapper to it, which allocates a struct tls_ctx if necessary. Also move tls13_client_hello_send() to tls13_client.c and actual implement the building of a client hello. ok tb@
* Wire up the handshake message send and recv actions.jsing2019-01-212-4/+44
| | | | | | | This means that we actually receive and send handshake messages to and from the record layer. ok tb@
* In ssl_lib.c rev. 1.197, jsing@ added TLSv1.3 support to SSL_get_version(3).schwarze2019-01-211-2/+4
| | | | Document it.
* The main handshake loop can be shared between client and server.jsing2019-01-212-29/+15
| | | | | | | Pull the shared code up into a function and call it from tls13_connect() and tls13_accept() instead of duplicating it. "Yes, please!" tb@
* Use ssl_cipher_is_permitted() in ssl_cipher_list_to_bytes().tb2019-01-211-9/+6
| | | | ok jsing
* Add ssl_cipher_is_permitted(), an internal helper function thattb2019-01-213-2/+49
| | | | | | | will be used in a few places shortly, e.g. in ssl_cipher_list_to_bytes(). ok jsing
* Correct some rwstate handling that I broke when refactoring.jsing2019-01-211-3/+13
|
* Provide TLS 1.3 cipher AEAD/hash and legacy I/O handling functions.jsing2019-01-213-2/+210
| | | | | | | | | Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers. Also provide wire read/write callbacks that interface with BIO and functions that interface between SSL_read/SSL_write and the TLS 1.3 record layer API. ok tb@
* Move struct tls13_ctx into a header since other things need access to it.jsing2019-01-213-21/+21
| | | | | | | | While here, rename struct handshake to struct handshake_stage to avoid potential ambiguity/conflict with the handshake data struct. Also add forward and back pointers between SSL and struct tls13_ctx. ok tb@
* Ensure we free TLS 1.3 handshake state.jsing2019-01-211-6/+11
| | | | | | | | There is no guarantee that ssl3_clear() is called before ssl3_free(), so free things here. Also move the chunk in ssl3_clear() up so that it is with the "free" code rather than the "reinit" code. ok beck@ tb@
* Teach ssl_version_string() about TLS1_3_VERSION.jsing2019-01-211-1/+3
|
* Store the record version and make it available for use.jsing2019-01-212-10/+21
| | | | | | While here correct an int vs size_t mismatch. ok tb@
* Fix header guardtb2019-01-201-2/+5
|
* Provide a handshake message handling implementation for TLS 1.3.jsing2019-01-203-3/+213
| | | | | | | | It receives handshake messages by reading and parsing data from the record layer. It also provides support for building and sending handshake messages. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-03 08:28:03 +0000