summaryrefslogtreecommitdiff
path: root/src/lib/libc/stdlib/merge.c (unfollow)
Commit message (Collapse)AuthorFilesLines
2022-07-24Provide record layer callbacks for QUIC.jsing7-16/+217
QUIC uses TLS to complete the handshake, however unlike normal TLS it does not use the TLS record layer, rather it provides its own transport. This means that we need to intercept all communication between the TLS handshake and the record layer. This allows TLS handshake message writes to be directed to QUIC, likewise for TLS handshake message reads. Alerts also need to be sent via QUIC, plus it needs to be provided with the traffic keys that are derived by TLS. ok tb@
2022-07-24Move tls13_phh_done_cb() after tl13_phh_received_cb().jsing1-12/+12
This is the order that they're called/run in.
2022-07-24Provide QUIC encryption levels.jsing6-20/+33
QUIC wants to know what "encryption level" handshake messages should be sent at. Provide an ssl_encryption_level_t enum (via BoringSSL) that defines these (of course quictls decided to make this an OSSL_ENCRYPTION_LEVEL typedef, so provide that as well). Wire these through to tls13_record_layer_set_{read,write}_traffic_key() so that they can be used in upcoming commits. ok tb@
2022-07-24Rely on tlsext_parse() to set a decode_error alerttb1-79/+47
Instead of setting the alert manually in various parse handlers, we can make use of the fact that tlsext_parse() sets the alert to decode_error by default. This simplifies the code quite a bit. ok jsing
2022-07-24Start making ts opaquetb10-50/+134
Move the not yet exposed EssCertIDv2 struct internals to ts_local.h and move the ASN.1 function prototypes that we don't want to expose with them. Include ts_local.h where necessary or where it will be needed soon. ok jsing
2022-07-23Fix file names in comments.tb1-7/+7
2022-07-22Convert TLS transcript from BUF_MEM to tls_buffer.jsing2-29/+16
ok beck@ tb@
2022-07-22Extend TLS buffer regress to cover read/write usage.jsing1-13/+219
2022-07-22Add read and write support to tls_buffer.jsing4-13/+139
tls_buffer was original created for a specific use case, namely reading in length prefixed messages. This adds read and write support, along with a capacity limit, allowing it to be used in additional use cases. ok beck@ tb@
2022-07-22Simplify tls13_server_encrypted_extensions_recvtb1-8/+2
We can rely on tlsext_client_parse() to set the alert, so no need to do this in the error path. ok jsing
2022-07-22Remove redundant length checks in parse functionstb1-21/+1
The main parsing function already checks that the entire extension data was consumed, so the length checks inside some of the parse handlers are redundant. They were also not done everywhere, so this makes the parse handlers more consistent. Similar diff was sent by jsing a long while back ok jsing
2022-07-21Make test table based, extend it a littletb1-69/+117
2022-07-20Simplify tlsext_supported_groups_server_parsetb1-45/+31
Add an early return in the s->internal->hit case so that we can unindent a lot of this code. In the HRR case, we do not need to check that the list of supported groups is unmodified from the first CH. The CH extension hashing already does that for us. ok jsing
2022-07-20link ssl_set_alpn_protos to regresstb1-1/+2