summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
* Move the TLSv1.3 code that interfaces with the legacy APIs/stack into ajsing2020-02-153-309/+330
| | | | | | separate file. Discussed with beck@ and tb@
* Remove #include that is not needed.jsing2020-02-151-3/+1
|
* no need to declare "extern optarg" and "extern optind"schwarze2020-02-143-9/+3
| | | | | | when <unistd.h> is included; patch from Jan Stary <hans at stare dot cz>; OK millert
* Standardize argument naming for "sourceaddr" and unify the wording a bit,schwarze2020-02-122-10/+9
| | | | similar to what deraadt@ recently did in other manual pages.
* correct Research Unix edition "appeared in" use in HISTORYjsg2020-02-081-3/+3
| | | | | | | | | | | | | | | | | Starting from "Combined Table of Contents" in Doug McIlroy's "A Research UNIX Reader" a table of which edition manuals appeared in. Checked against manuals from bitsavers/TUHS and source from TUHS where available. Ingo points out there are cases where something is included but not documented until a later release. bcd(6) v6 v7 printf(3) v2 v4 abort(3) v5 v6 system(3) v6 v7 fmod(3) v5 v6 ok schwarze@
* Re-enable the TLSv1.3 client since the known issues have been addressed.jsing2020-02-061-3/+1
| | | | ok tb@
* Add a workaround to make SSL_set_session() work with TLSv1.3.jsing2020-02-061-1/+9
| | | | | | | | While we do not currently do session resumption, just return the TLS_client_method() or TLS_server_method() when asked for a method that does TLSv1.3. ok tb@ (who also arrived at the same diff)
* Add support for handling hello retry requests in the TLSv1.3 client.jsing2020-02-061-5/+100
| | | | | | | | | In the case of a hello retry request, we need to replace the client hello with a synthetic handshake message, switch key share to that selected by the server, build and send a new client hello, then process the resulting server hello. ok tb@
* Correctly handle key share extensions in a hello retry request.jsing2020-02-062-4/+11
| | | | | | | | In a hello retry request the server will only send the selected group and not actually provide a key exchange. In this case we need to store the server selected group for further processing. ok tb@
* Reset the key share so that we do not have an existing peer public key.jsing2020-02-051-1/+7
|
* Refactor the server hello processing code in the TLSv1.3 client.jsing2020-02-052-22/+46
| | | | | | | | | | | | | Use flags to signal the need to switch to the legacy client and to identify a hello retry request. This allows the caller to take appropriate action, rather than trying to do this in the parsing/processing code. Split the key deriviation and record protection engagement code into a separate function, both for readability and reuse. Change handshake states outside of the processing code. ok tb@
* Remove the hello retry request processing code that was previously added.jsing2020-02-052-65/+16
| | | | | | | This got added to the wrong functions (server side, not client) - swap the now unimplemented send/recv functions between client and server. ok tb@
* Provide tls1_transcript_unfreeze() to avoid the need for manual flagsjsing2020-02-052-3/+10
| | | | | | mangling. ok tb@
* Pull the handshake message transcript code into its own function.jsing2020-02-052-7/+14
| | | | | | This is soon going to be used in the TLSv1.3 client code. ok tb@
* Rework tls13_legacy_handshake_message_{recv,sent}_cb() to usetb2020-02-053-16/+22
| | | | | | their own CBS as a preparation for upcoming HRR diffs. ok jsing
* Add support for TLSv1.3 key shares with secp256r1 and secp384r1 groups.jsing2020-02-041-5/+98
| | | | ok inoguchi@ tb@
* Free the transcript as soon as we initialise the transcript hash.jsing2020-02-042-2/+4
| | | | | | | | Unlike TLSv1.2 there is only a single hash in use, hence as soon as we know what the hash is and have initialised the transcript hash, we can free the transcript buffers. ok inoguchi@ tb@
* Add missing new line to printf. Make clean should not require SUDO.bluhm2020-02-022-7/+5
|
* Tweak regress to match change made to tls13_key_share_peer_public().jsing2020-02-011-2/+1
|
* Correctly unpack client key shares.jsing2020-02-012-14/+11
| | | | | | | | Even if we're not processing/using the peer public key from the key share, we still need to unpack it in order to parse the TLS extension correctly. Resolves issues with TLSv1.3 clients talking to TLSv1.2 server. ok tb@
* Disable TLSv1.3 client while some known issues are being addressed.jsing2020-02-011-1/+3
|
* Revise for TLSv1.3 key share changes.jsing2020-01-301-8/+27
|
* Provide struct/functions for handling TLSv1.3 key shares.jsing2020-01-308-130/+299
| | | | | | | Pull out the key share handling code and provide a clean/self contained interface. This will make it easier to support groups other than X25519. ok beck@ inoguchi@ tb@
* Factor out/rewrite the ECDHE EC point key exchange code.jsing2020-01-305-173/+188
| | | | | | | | | This reduces replication between the existing TLS client/server and allows the code to soon be reused for TLSv1.3. With feedback from inoguchi@ and tb@ ok inoguchi@ tb@
* Enable t_ptrace with an errno change compared to NetBSD.mpi2020-01-304-19/+31
| | | | | | | | Note that the last test triggers a kernel bug related to waitpid(9) and ptraced processes. This is now visible thanks to recent make(1) changes. guenther@ suggests to look at the logic behind `p_orphan' in FreeBSD to fix this bug.
* Remove dead prototypes.jsing2020-01-291-10/+1
|
* If the TLSv1.3 code has not recorded an error and something already existsjsing2020-01-293-3/+9
| | | | | | | | on the error stack, refrain from pushing an 'unknown' error on the stack. This should allow libcrypto errors (including bio) to be visible, where we have nothing better to offer. ok tb@
* Remove unused stub implementation of tls13_accept(). The correcttb2020-01-291-11/+1
| | | | | | and used version is in tls13_server.c. ok inoguchi jsing
* Some of the test vectors that were added in the upstream committb2020-01-271-7/+9
| | | | | 4672ff74d68766e7785c2cac4c597effccef2c5c have a zero byte prepended. Run the secp224k1 ECDH tests and adjust this if needed.
* revert previous nc loop refactor from 1.211, breaks bluhm's stuffbeck2020-01-261-64/+36
| | | | will attempt again later, now that there is new regress
* Fix SSL_CIPHER_descriptioninoguchi2020-01-261-2/+2
| | | | ok jsing@
* Restrict to use up to TLSv1.2 for test_server_client in appstest.shinoguchi2020-01-261-7/+7
| | | | Currently, only s_client has TLSv1.3 and s_server does not.
* Avoid 32 bit right shift with unsigned int in crypto/cast/cast_lcl.hinoguchi2020-01-261-2/+2
| | | | ok tb@
* tweak previous; ok tbjmc2020-01-261-3/+3
|
* typotb2020-01-261-2/+2
|
* Document the change in EVP_chacha20(3).tb2020-01-261-3/+5
| | | | Discussed with jsing
* Improve the comment explaining why the previous change matches OpenSSL'stb2020-01-261-8/+15
| | | | | | behavior. ok jsing
* When an SSL method is set, bump the max version back to that of thejsing2020-01-261-1/+10
| | | | | | | | | | incoming method if it is a client. This addresses the case where TLS_method() is used to initialise a SSL_CTX, then a TLS_client_method() is then set, resulting in TLSv1.2 being used instead of TLSv1.3. This is observable in smtpd. ok beck@
* When switching back to a legacy client or server, ensure we reset thejsing2020-01-262-2/+4
| | | | | | | | handshake function pointer. Fixes an isssue found by jca@ with OpenVPN. ok beck@ tb@
* Fix basement bug where record layer would not correctly deal withbeck2020-01-261-1/+4
| | | | | | traffic retries when not yet encrypting. ok jsing@
* Add server side support for requesting client certificates in tls 1.3beck2020-01-261-4/+173
| | | | ok jsing@
* Add client certificate support for tls 1.3beck2020-01-262-15/+149
| | | | ok jsing@
* Add back the tests that were deleted in previous but not containedtb2020-01-261-1/+9
| | | | in OpenSSL's test suite.
* Add sigalgs for server side to enable client certificate processingbeck2020-01-261-5/+34
| | | | | | | | in tls 1.3 Will be used in a follow on commit to enable tls1.3 client certificates ok jsing@
* server sigalgs test is now bogus, disable for nowbeck2020-01-261-2/+3
|
* Adjust tests to match the change in EVP_chacha20().tb2020-01-262-11/+22
| | | | Test vectors taken from OpenSSL 1.1.1d (under OpenSSL's old license).
* Move pad and verify context into tls13_lib.cbeck2020-01-264-68/+60
| | | | ok jsing@
* Adjust EVP_chacha20()'s behavior to match OpenSSL's semantics:tb2020-01-261-7/+14
| | | | | | | | | | | | | | | | | The new IV is 128 bit long and is actually the 64 bit counter followed by 64 the bit initialization vector. This is needed by an upcoming change in OpenSSH and is a breaking change for all current callers. There are language bindings for Node.js, Rust and Erlang, but none of our ports use them. Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014 while the entirely incompatible version in OpenSSL was committed on Dec 9, 2015. Initial diff from djm and myself, further refinements by djm. Ports grepping by sthen ok jsing
* Add an underbar for consistency.tb2020-01-251-2/+2
|
* Disable cert interop tests for now.jsing2020-01-251-2/+2
| | | | | | | | The libressl TLSv1.3 client and server currently lack client certificate authentication support and this test expects all clients can auth with all servers. We can likely turn this back on in the near future.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 08:37:52 +0000