summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Set BIO retry on TLS13_IO_WANT_POLLIN/TLS13_IO_WANT_POLLOUT.jsing2019-02-231-1/+3
| | | | | | | | | | | In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have bubbled up from the wire callbacks, in which case the BIO retry flag will already be set. However, if we return TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. ok beck@ tb@
* Test that all supported TLS ciphers actually work. Establishbluhm2019-02-218-26/+308
| | | | | | connections between client and server implemented with LibreSSL or OpenSSL with a fixed cipher on each side. Check the used cipher in the session print out.
* Wire up alert handling for TLSv1.3.jsing2019-02-212-9/+78
| | | | | | | | | In TLSv1.3 there are two types of alerts "closure alerts" and "error alerts". This makes the record layer more strict and handles closure of the read and write channels. The callback then handles the record layer to SSL mapping/behaviour. ok tb@
* Change the alert callback return type from int to void.jsing2019-02-212-9/+11
| | | | | | | | There is nothing for the handler to really signal, since it cannot change the fact that we received an alert. While here use TLS13_IO_FAILURE instead of hardcoding -1. ok tb@
* Fix a few cases where int was used instead of ssize_t.jsing2019-02-211-3/+3
|
* Convert openssl(1) pkeyutl to the newer style of option handling.inoguchi2019-02-171-198/+278
| | | | ok jsing@ tb@
* Add tests for pkeyutlinoguchi2019-02-161-6/+46
|
* Correct guards.jsing2019-02-141-3/+3
|
* Notify the record layer upon handshake completion.jsing2019-02-141-2/+4
| | | | ok tb@
* Switch to application traffic keys as appropriate.jsing2019-02-141-1/+17
| | | | | | | | | Switch the read traffic key to the server application traffic key once the server finished message has been processed. Switch the write traffic key to the client application traffic key after sending the client finished message. ok tb@
* Split tls13_record_layer_set_traffic_keys() into two separate functions.jsing2019-02-143-17/+23
| | | | | | | | | This allows the read traffic key to be set independently of the write traffic key. This will become necessary for KeyUpdate handling, however also allows for switching to application traffic keys at more appropriate stages of the handshake. ok tb@
* Provide a TLS 1.3 capable client method.jsing2019-02-143-5/+50
| | | | ok tb@
* one more error message that should go to stderrtb2019-02-131-2/+3
|
* Clean up some pesky trailing whitespace.jsing2019-02-131-10/+10
|
* Handle finished messages in TLSv1.3 client.jsing2019-02-132-14/+131
| | | | | | | This adds support for processing of the server finished message and generation of the client finished message. ok tb@
* New futex(2) based rwlock implementation based on the mutex code.mpi2019-02-131-1/+12
| | | | | | | | | This implementation reduces contention because threads no longer need to spin calling sched_yield(2) before going to sleep. Tested by many, thanks! ok visa@, pirofti@
* Xr the byteorder funcs; from tim kuijstenjmc2019-02-131-3/+4
|
* Implement handling of Certificate and CertificateVerify messages.jsing2019-02-112-31/+214
| | | | | | | This allows the TLS 1.3 client to process the certificates that the server has sent and verify that the server has possession of the private key. ok tb@
* getopt(3) returns int, not char. Fix type of ch variable to preventbluhm2019-02-112-6/+6
| | | | sign error during arm regress.
* "non-existant" is one of those words that don't exist, so use "non-existent"phessler2019-02-101-2/+2
| | | | | | | instead From Pamela Mosiejczuk, many thanks! OK phessler@ deraadt@
* Preserve the transcript hash at specific stages of the TLSv1.3 handshake.jsing2019-02-102-2/+16
| | | | | | | | | There are various points where we need the hash of all messages prior to the current message. Support this by having the handshake code preserve the transcript hash prior to recording the current message, which avoids the need to sprinkle this throughout multiple handlers. ok inoguchi@ tb@
* Fix weird wrap showing cipher list in interactive modeinoguchi2019-02-096-13/+23
| | | | ok jsing@ tb@
* Rename the file that contains the transcript handling code.jsing2019-02-092-3/+3
| | | | ok inoguchi@ tb@
* Rename tls1_handshake_hash*() to tls1_transcript_hash*().jsing2019-02-097-29/+29
| | | | | | | | | While handshake hash is correct (in as far as it is a hash of handshake messages), using tls1_transcript_hash*() aligns them with the naming of the tls1_transcript*() functions. Additionally, the TLSv1.3 specification uses Transcript-Hash and "transcript hash", which this matches. ok inoguchi@ tb@
* Provide a reference from the TLSv1.3 context to the handshake state.jsing2019-02-092-19/+25
| | | | | | | This allows ctx->hs to be used throughout the TLSv1.3 code, rather than S3I(ctx->ssl)->hs_tls13. ok inoguchi@ tb@
* Summarize the 4 same name functions and move it to apps.cinoguchi2019-02-097-72/+26
| | | | ok tb@ jsing@
* Implement processing of EncryptedExtensions in the TLS 1.3 client.jsing2019-02-072-8/+28
| | | | ok bcook@ tb@
* Add islower check to show_ciphers in pkey.c and rsa.c.inoguchi2019-02-052-2/+10
| | | | | suggested by jsing@ ok tb@
* Convert openssl(1) pkey to the newer style of option handling.inoguchi2019-02-051-96/+171
| | | | ok jsing@
* Implement parsing and processing of TLSv1.3 ServerHello messages.jsing2019-02-043-11/+187
| | | | ok tb@
* Make it easier to build with LIBRESSL_HAS_TLS1_3 enabled.jsing2019-02-041-1/+4
| | | | ok tb@
* Document missing command line options for the rsautl command.tb2019-02-042-9/+16
| | | | ok jsing, "looks good!" jmc
* zap spaces before tabstb2019-02-031-5/+5
|
* Convert openssl(1) rsautl to the newer style of option handling.jsing2019-02-031-121/+196
| | | | ok beck@ inoguchi@ tb@
* Revert r1.38 as it introduces use of a stack value post function return.jsing2019-02-031-50/+86
| | | | | The deduplication is also not quite right - this will be revisited in due course.
* Use malloc() and memcpy() the test X25519 x25519_peer_public value.jsing2019-02-031-3/+6
| | | | | | | Otherwise, if tlsext_keyshare_server_build() fails we call free with a pointer to static memory and bad things happen. Reported by bcook@
* unwrap a line introduced in previous.tb2019-01-311-3/+2
|
* Correct handling of TLS sigalgs extension for TLSv1.0/TLSv1.1.jsing2019-01-301-33/+19
| | | | | | | | | | | | | When operating as a TLSv1.0 or TLSv1.1 server, we still have to parse the TLS sigalgs extension if presented by the client (which might be TLSv1.2 capable), rather than treating its presence as an error. While here, remove future version dependence issues by avoiding explicit version equality checks. Issue reported by bluhm@. ok bluhm@ tb@
* instead of calling abort() for 3 "must not use anymore" interfaces,deraadt2019-01-291-7/+4
| | | | | | call OPENSSL_assert() with the specific message, which due to recent changes will end up syslog :) ok jsing
* Remove SSLv23 padding mode from rsautl's usage (left behind in a removaltb2019-01-291-2/+1
| | | | | | from code and manual in 2017). Reported by KEINOS in github issue #101.
* spelling;jmc2019-01-281-3/+3
|
* Deduplicate a bunch of replicated code in the extension handlingbeck2019-01-281-86/+50
| | | | ok tb@
* Add tls_extension_seen(), a utility to know if a particular extensionbeck2019-01-282-9/+15
| | | | | has been seen in the handshake so far. Use it for keyshare. ok tb@
* zap a commented out line. 0RTT will need more thought thantb2019-01-271-2/+1
| | | | just uncommenting this.
* refactor and clean up the code generating dot output.tb2019-01-271-53/+76
|
* Recent discussions about abort() potentially leaving key material inderaadt2019-01-261-5/+8
| | | | | | | | core files (which can depend upon various file layouts) have resonated with my hate for this function outside a purely debugging context. I also dislike how the report goes to stderr which may get lost or ignored. Increase the noise (with syslog_r) and use _exit(1) to gaurantee termination. ok jsing
* print errors to stderrtb2019-01-251-19/+21
|
* sort output suffixestb2019-01-251-2/+2
|
* I am retiring my old email address; replace it with my OpenBSD one.millert2019-01-2527-61/+61
|
* Add code to visualize the state machine. Both the state machine and thetb2019-01-242-5/+79
| | | | | | | output will have to be tweaked, but this may as well happen in-tree. To try it, pkg_add graphviz and run 'make handshake.svg' in this directory. Committing early so Bob's followers can play.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-02 10:28:01 +0000