|  | Commit message (Collapse) | Author | Files | Lines | 
|---|
|  | This solves build error on luna88k with gcc3.
ok aoyama@ jca@ jsing@ tb@ | 
|  | In the case of a dummy CCS or post-handshake handshake message, return
TLS13_WANT_POLLIN rather than using a goto internally. This allows the
caller to retry at an appropriate time and reduces the complexity within
the record layer.
ok beck@ tb@ | 
|  | In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have
bubbled up from the wire callbacks, in which case the BIO retry flag will
already be set. However, if we return TLS13_IO_WANT_POLLIN or
TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be
set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather
than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE.
ok beck@ tb@ | 
|  | connections between client and server implemented with LibreSSL or
OpenSSL with a fixed cipher on each side.  Check the used cipher
in the session print out. | 
|  | In TLSv1.3 there are two types of alerts "closure alerts" and
"error alerts". This makes the record layer more strict and handles closure
of the read and write channels. The callback then handles the record layer to
SSL mapping/behaviour.
ok tb@ | 
|  | There is nothing for the handler to really signal, since it cannot change
the fact that we received an alert. While here use TLS13_IO_FAILURE instead
of hardcoding -1.
ok tb@ | 
|  |  | 
|  | ok jsing@ tb@ | 
|  |  | 
|  |  | 
|  | ok tb@ | 
|  | Switch the read traffic key to the server application traffic key once
the server finished message has been processed. Switch the write traffic
key to the client application traffic key after sending the client
finished message.
ok tb@ | 
|  | This allows the read traffic key to be set independently of the write
traffic key. This will become necessary for KeyUpdate handling, however
also allows for switching to application traffic keys at more appropriate
stages of the handshake.
ok tb@ | 
|  | ok tb@ | 
|  |  | 
|  |  | 
|  | This adds support for processing of the server finished message and
generation of the client finished message.
ok tb@ | 
|  | This implementation reduces contention because threads no longer need
to spin calling sched_yield(2) before going to sleep.
Tested by many, thanks!
ok visa@, pirofti@ | 
|  |  | 
|  | This allows the TLS 1.3 client to process the certificates that the server
has sent and verify that the server has possession of the private key.
ok tb@ | 
|  | sign error during arm regress. | 
|  | instead
From Pamela Mosiejczuk, many thanks!
OK phessler@ deraadt@ | 
|  | There are various points where we need the hash of all messages prior to
the current message. Support this by having the handshake code preserve
the transcript hash prior to recording the current message, which avoids
the need to sprinkle this throughout multiple handlers.
ok inoguchi@ tb@ | 
|  | ok jsing@ tb@ | 
|  | ok inoguchi@ tb@ | 
|  | While handshake hash is correct (in as far as it is a hash of handshake
messages), using tls1_transcript_hash*() aligns them with the naming of the
tls1_transcript*() functions. Additionally, the TLSv1.3 specification uses
Transcript-Hash and "transcript hash", which this matches.
ok inoguchi@ tb@ | 
|  | This allows ctx->hs to be used throughout the TLSv1.3 code, rather than
S3I(ctx->ssl)->hs_tls13.
ok inoguchi@ tb@ | 
|  | ok tb@ jsing@ | 
|  | ok bcook@ tb@ | 
|  | suggested by jsing@
ok tb@ | 
|  | ok jsing@ | 
|  | ok tb@ | 
|  | ok tb@ | 
|  | ok jsing, "looks good!" jmc | 
|  |  | 
|  | ok beck@ inoguchi@ tb@ | 
|  | The deduplication is also not quite right - this will be revisited in due
course. | 
|  | Otherwise, if tlsext_keyshare_server_build() fails we call free with a
pointer to static memory and bad things happen.
Reported by bcook@ | 
|  |  | 
|  | When operating as a TLSv1.0 or TLSv1.1 server, we still have to parse the
TLS sigalgs extension if presented by the client (which might be TLSv1.2
capable), rather than treating its presence as an error.
While here, remove future version dependence issues by avoiding explicit
version equality checks.
Issue reported by bluhm@.
ok bluhm@ tb@ | 
|  | call OPENSSL_assert() with the specific message, which due to recent
changes will end up syslog :)
ok jsing | 
|  | from code and manual in 2017).
Reported by KEINOS in github issue #101. | 
|  |  | 
|  | ok tb@ | 
|  | has been seen in the handshake so far. Use it for keyshare.
ok tb@ | 
|  | just uncommenting this. | 
|  |  | 
|  | core files (which can depend upon various file layouts) have resonated
with my hate for this function outside a purely debugging context.  I
also dislike how the report goes to stderr which may get lost or ignored.
Increase the noise (with syslog_r) and use _exit(1) to gaurantee termination.
ok jsing | 
|  |  | 
|  |  |