| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
The text comes from OpenSSL, where it was still published under a
free license.
from schwarze
|
| |
|
|
|
|
|
| |
Part of OpenSSL 1.1 API (pre-licence-change).
input schwarze
ok jsing
|
| |
|
|
|
|
| |
Part of OpenSSL 1.1 API, pre-licence change.
ok jsing
|
| |
|
|
| |
Reported by bcook and sthen
|
| |
|
|
|
|
|
| |
xchacha is a chacha stream that allows for an extended nonce, which
in turn makes it feasible to use random nonces.
ok tb@
|
| | |
|
| | |
|
| |
|
|
| |
the wrong idiom. ok tedu@ but probably needs some tweakin
|
| | |
|
| |
|
|
|
|
|
| |
a more appropriately licenced file. jsing and doug have rewritten
these functions (including the comments) over the past years.
ok jsing
|
| |
|
|
|
|
|
|
|
| |
Move tls13_connect() to a new tls13_client.c file and provide a legacy
wrapper to it, which allocates a struct tls_ctx if necessary. Also move
tls13_client_hello_send() to tls13_client.c and actual implement the
building of a client hello.
ok tb@
|
| |
|
|
|
|
|
| |
This means that we actually receive and send handshake messages to and from
the record layer.
ok tb@
|
| |
|
|
| |
Document it.
|
| |
|
|
|
|
|
| |
Pull the shared code up into a function and call it from tls13_connect()
and tls13_accept() instead of duplicating it.
"Yes, please!" tb@
|
| |
|
|
| |
ok jsing
|
| |
|
|
|
|
|
| |
will be used in a few places shortly, e.g. in
ssl_cipher_list_to_bytes().
ok jsing
|
| | |
|
| |
|
|
|
|
|
|
|
| |
Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers.
Also provide wire read/write callbacks that interface with BIO and
functions that interface between SSL_read/SSL_write and the TLS 1.3 record
layer API.
ok tb@
|
| |
|
|
|
|
|
|
| |
While here, rename struct handshake to struct handshake_stage to avoid
potential ambiguity/conflict with the handshake data struct. Also add
forward and back pointers between SSL and struct tls13_ctx.
ok tb@
|
| |
|
|
|
|
|
|
| |
There is no guarantee that ssl3_clear() is called before ssl3_free(), so
free things here. Also move the chunk in ssl3_clear() up so that it is with
the "free" code rather than the "reinit" code.
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
| |
While here correct an int vs size_t mismatch.
ok tb@
|
| | |
|
| |
|
|
|
|
|
|
| |
It receives handshake messages by reading and parsing data from the record
layer. It also provides support for building and sending handshake
messages.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
This is entirely self-contained and knows nothing about SSL or BIO. The
bottom of the stack is provided by wire read and write callbacks, with the
API to the record layer primarily being via
tls13_{read,write}_{application,handshake}_data().
This currently lacks some functionality, however will be worked on in tree.
ok tb@
|
| | |
|
| |
|
|
|
|
| |
Also check record size limits when reading records and setting data.
ok tb@
|
| | |
|
| |
|
|
| |
sets action->handshake_complete.
|
| | |
|
| |
|
|
| |
ok jsing
|
| |
|
|
| |
ok deraadt@ tedu@
|
| |
|
|
|
|
|
|
| |
Fix the tls13_handshake_advance_state_machine() return value, which
inadvertantly got flipped in an earlier commit. Also move this function
to a more suitable location.
ok tb@
|
| |
|
|
|
|
| |
A couple of cleanup/style tweaks while here.
ok tb@
|
| |
|
|
|
|
| |
of overloading/abusing action->sender.
ok jsing
|
| |
|
|
|
|
|
| |
Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, jsing
|
| |
|
|
|
|
|
| |
From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd
by David Benjamin.
ok djm, jsing
|
| |
|
|
|
|
|
|
| |
openssl x509 -fingerprint
openssl crl -fingerprint
from sha1 to sha256
ok jsing@
|
| | |
|
| |
|
|
|
| |
EVP_ENCODE_CTX_free(3). Docomuent them, in part using text
from OpenSSL that was still published under a free license.
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Check that the handshake message type received matches that required by the
state machine.
However, thanks to poor state design in the TLSv1.3 RFC, there is no way to
know if you're going to receive a certificate request message or not, hence
we have to special case it and teach the receive handler how to handle this
situation.
Discussed at length with beck@ and tb@ during the hackathon.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The I/O paths are from the tls13_handshake_send_action() and
tls13_handshake_recv_action() functions - both of these need to propagate
I/O conditions (EOF, failure, want poll in, want poll out) up the stack,
so we need to capture and return values <= 0. Use an I/O condition to
indicate successful handshake completion.
Also, the various send/recv functions are currently unimplemented, so
return 0 (failure) rather than 1 (success).
ok tb@
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
This is a self-contained struct and set of functions that knows how to
decode and read a TLS record from data supplied via a read callback, and
send itself via a write callback.
This will soon be used to build the TLSv1.3 record layer handling code.
ok beck@ tb@
|
| | |
|
