| Commit message (Collapse) | Author | Files | Lines |
|---|
|
ok tb@
|
|
While we do not currently do session resumption, just return the
TLS_client_method() or TLS_server_method() when asked for a method that
does TLSv1.3.
ok tb@ (who also arrived at the same diff)
|
|
In the case of a hello retry request, we need to replace the client hello
with a synthetic handshake message, switch key share to that selected by
the server, build and send a new client hello, then process the resulting
server hello.
ok tb@
|
|
In a hello retry request the server will only send the selected group and
not actually provide a key exchange. In this case we need to store the
server selected group for further processing.
ok tb@
|
|
|
|
Use flags to signal the need to switch to the legacy client and to identify
a hello retry request. This allows the caller to take appropriate action,
rather than trying to do this in the parsing/processing code.
Split the key deriviation and record protection engagement code into a
separate function, both for readability and reuse.
Change handshake states outside of the processing code.
ok tb@
|
|
This got added to the wrong functions (server side, not client) - swap the
now unimplemented send/recv functions between client and server.
ok tb@
|
|
mangling.
ok tb@
|
|
This is soon going to be used in the TLSv1.3 client code.
ok tb@
|
|
their own CBS as a preparation for upcoming HRR diffs.
ok jsing
|
|
ok inoguchi@ tb@
|
|
Unlike TLSv1.2 there is only a single hash in use, hence as soon as we
know what the hash is and have initialised the transcript hash, we can
free the transcript buffers.
ok inoguchi@ tb@
|
|
|
|
|
|
Even if we're not processing/using the peer public key from the key share,
we still need to unpack it in order to parse the TLS extension correctly.
Resolves issues with TLSv1.3 clients talking to TLSv1.2 server.
ok tb@
|
|
|
|
|
|
Pull out the key share handling code and provide a clean/self contained
interface. This will make it easier to support groups other than X25519.
ok beck@ inoguchi@ tb@
|
|
This reduces replication between the existing TLS client/server and allows
the code to soon be reused for TLSv1.3.
With feedback from inoguchi@ and tb@
ok inoguchi@ tb@
|
|
Note that the last test triggers a kernel bug related to waitpid(9) and
ptraced processes. This is now visible thanks to recent make(1) changes.
guenther@ suggests to look at the logic behind `p_orphan' in FreeBSD to
fix this bug.
|
|
|
|
on the error stack, refrain from pushing an 'unknown' error on the stack.
This should allow libcrypto errors (including bio) to be visible, where we
have nothing better to offer.
ok tb@
|
|
and used version is in tls13_server.c.
ok inoguchi jsing
|
|
4672ff74d68766e7785c2cac4c597effccef2c5c have a zero byte prepended.
Run the secp224k1 ECDH tests and adjust this if needed.
|
|
will attempt again later, now that there is new regress
|
|
ok jsing@
|
|
Currently, only s_client has TLSv1.3 and s_server does not.
|
|
ok tb@
|
|
|
|
|
|
Discussed with jsing
|
|
behavior.
ok jsing
|
|
incoming method if it is a client.
This addresses the case where TLS_method() is used to initialise a SSL_CTX,
then a TLS_client_method() is then set, resulting in TLSv1.2 being used
instead of TLSv1.3. This is observable in smtpd.
ok beck@
|
|
handshake function pointer.
Fixes an isssue found by jca@ with OpenVPN.
ok beck@ tb@
|
|
traffic retries when not yet encrypting.
ok jsing@
|
|
ok jsing@
|
|
ok jsing@
|
|
in OpenSSL's test suite.
|
|
in tls 1.3
Will be used in a follow on commit to enable tls1.3 client certificates
ok jsing@
|
|
|
|
Test vectors taken from OpenSSL 1.1.1d (under OpenSSL's old license).
|
|
ok jsing@
|
|
The new IV is 128 bit long and is actually the 64 bit counter followed
by 64 the bit initialization vector. This is needed by an upcoming
change in OpenSSH and is a breaking change for all current callers.
There are language bindings for Node.js, Rust and Erlang, but none of
our ports use them.
Note that EVP_chacha20() was first introduced in LibreSSL on May 1, 2014
while the entirely incompatible version in OpenSSL was committed on
Dec 9, 2015.
Initial diff from djm and myself, further refinements by djm.
Ports grepping by sthen
ok jsing
|
|
|
|
The libressl TLSv1.3 client and server currently lack client certificate
authentication support and this test expects all clients can auth with
all servers.
We can likely turn this back on in the near future.
|
|
|
|
These make far too many assumptions about cipher suites - TLSv1.3 cipher
suites can only be used with TLSv1.3 and there is tests using TLSv1.3
cipher suites with TLSv1.2 will not work. Likewise, expecting TLSv1.2
cipher suites to work with TLSv1.3 is futile. Additionally, eopenssl11
lists TLSv1.3 cipher suites with different names to libressl.
Futher work will be necessary before this can be re-enabled.
|
|
This can potentially be improved by adding knowledge about which libraries
support which versions and handle differences between clients and servers.
|
|
This is now talking over TLSv1.3 and needs session support.
|
|
This code was correct, it was the entry in the table that was incorrect.
ok beck@
|
