summaryrefslogtreecommitdiff
path: root/src/lib/libssl/Makefile (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Start replacing the existing TLSv1.2 record layer.jsing2020-08-301-1/+2
| | | | | | | | | | This takes the same design/approach used in TLSv1.3 and provides an opaque struct that is self contained and cannot reach back into other layers. For now this just implements/replaces the writing of records for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the plaintext into the same buffer that is used to transmit to the wire. ok inoguchi@ tb@
* The check_includes step is incorrect dependency management model forderaadt2020-06-091-11/+1
| | | | | | how our tree gets built. If this was done in all the libraries (imagine sys/dev), it would disrupt the development process hugely. So it should not be done here either. use 'make includes' by hand instead.
* Provide an easy way to get debug information from TLSv1.3 handshakes.jsing2020-05-101-1/+4
| | | | | | This makes it easier to debug TLSv1.3 handshake failures. "Yes please!" tb@, ok beck@
* Remove dtls1_enc().jsing2020-03-131-2/+1
| | | | | | | | | | | | | Like much of the original DTLS code, dtls1_enc() is effectively a renamed copy of tls1_enc(). Since then tls1_enc() has been modified, however the non-AEAD code remains largely the same. As such, remove dtls1_enc() and instead call tls1_enc() from the DTLS code. The tls1_enc() AEAD code does not currently work correctly with DTLS, however this is a non-issue since we do not support AEAD cipher suites with DTLS currently. ok tb@
* Move the TLSv1.3 code that interfaces with the legacy APIs/stack into ajsing2020-02-151-1/+2
| | | | | | separate file. Discussed with beck@ and tb@
* Provide struct/functions for handling TLSv1.3 key shares.jsing2020-01-301-1/+2
| | | | | | | Pull out the key share handling code and provide a clean/self contained interface. This will make it easier to support groups other than X25519. ok beck@ inoguchi@ tb@
* Factor out/rewrite the ECDHE EC point key exchange code.jsing2020-01-301-1/+2
| | | | | | | | | This reduces replication between the existing TLS client/server and allows the code to soon be reused for TLSv1.3. With feedback from inoguchi@ and tb@ ok inoguchi@ tb@
* Add checks to ensure that lib{crypto,ssl,tls} public headers have actuallyjsing2020-01-221-1/+11
| | | | | | been installed prior to building. Requested by and ok tb@
* Split the TLSv1.3 guards into separate client and server guards.jsing2020-01-221-2/+3
| | | | ok beck@ tb@
* Provide an error framework for use with the TLSv1.3 code.jsing2020-01-201-1/+2
| | | | | | | This is based on the libtls error handling code, but adds machine readable codes and subcodes. We then map these codes back to libssl error codes. ok beck@ inoguchi@
* Add the initial framework for the TLSv1.3 server.jsing2019-11-171-2/+3
| | | | ok beck@
* Rename the file that contains the transcript handling code.jsing2019-02-091-2/+2
| | | | ok inoguchi@ tb@
* Make it easier to build with LIBRESSL_HAS_TLS1_3 enabled.jsing2019-02-041-1/+4
| | | | ok tb@
* No need to include <bsd.prog.mk> here.tb2019-01-231-2/+1
| | | | ok bcook
* Provide the initial TLSv1.3 client implementation.jsing2019-01-211-1/+2
| | | | | | | | | Move tls13_connect() to a new tls13_client.c file and provide a legacy wrapper to it, which allocates a struct tls_ctx if necessary. Also move tls13_client_hello_send() to tls13_client.c and actual implement the building of a client hello. ok tb@
* Add ssl_cipher_is_permitted(), an internal helper function thattb2019-01-211-1/+2
| | | | | | | will be used in a few places shortly, e.g. in ssl_cipher_list_to_bytes(). ok jsing
* Provide TLS 1.3 cipher AEAD/hash and legacy I/O handling functions.jsing2019-01-211-1/+2
| | | | | | | | | Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers. Also provide wire read/write callbacks that interface with BIO and functions that interface between SSL_read/SSL_write and the TLS 1.3 record layer API. ok tb@
* Provide a handshake message handling implementation for TLS 1.3.jsing2019-01-201-1/+2
| | | | | | | | It receives handshake messages by reading and parsing data from the record layer. It also provides support for building and sending handshake messages. ok tb@
* Provide an initial implementation of the TLS 1.3 record layer.jsing2019-01-201-3/+3
| | | | | | | | | | | This is entirely self-contained and knows nothing about SSL or BIO. The bottom of the stack is provided by wire read and write callbacks, with the API to the record layer primarily being via tls13_{read,write}_{application,handshake}_data(). This currently lacks some functionality, however will be worked on in tree. ok tb@
* Sort HDRS/SRCS lists and use one line per source file for maintainability.jsing2019-01-191-16/+44
| | | | ok tb@
* Provide a TLS record handling implementation.jsing2019-01-191-2/+2
| | | | | | | | | | This is a self-contained struct and set of functions that knows how to decode and read a TLS record from data supplied via a read callback, and send itself via a write callback. This will soon be used to build the TLSv1.3 record layer handling code. ok beck@ tb@
* Remove this copy, we have decided we can do this in placebeck2019-01-181-2/+2
| | | | ok jsing@
* Provide an extensible buffer implementation that uses a read callback.jsing2019-01-171-2/+3
| | | | | | | | | | | | The read callback returns a TLS13_IO_* value on EOF, failure, want pollin or want pollout, or a positive value indicating the number of bytes read. This will be used by upcoming TLSv1.3 handshake message and record processing code, both of which need the ability to read a fixed size header, before extending the buffer to the number of bytes specified in the header. ok beck@ tb@
* Add a direct copy of the exension parsing code to be modified for tls13.beck2019-01-171-2/+2
| | | | | | At the moment this is mechanical, with the functions renamed. This will be refactored for tls13. ok jsing@
* Reimplement the sigalgs processing code into a new implementationbeck2018-11-091-2/+2
| | | | | that will be usable with TLS 1.3 with less eye bleed. ok jsing@ tb@
* First skeleton of the TLS 1.3 state machine. Based on RFC 8446 andtb2018-11-081-2/+2
| | | | | | inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing
* Add initial TLS 1.3 key schedule support with basic regress testsbeck2018-11-071-2/+3
| | | | ok jsing@ tb@
* Consolidate all of the SSL method structs/functions into a single file.jsing2018-11-051-4/+4
| | | | Discussed with tb@
* Bring in compatibility for OpenSSL 1.1 style init functions.beck2018-03-171-2/+2
| | | | | | | | | This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well thread safety modifications for the existing LibreSSL init functions. The initialization routines are called automatically by the normal entry points into the library, as in newer OpenSSL ok jsing@, nits by tb@ and deraadt@
* Switch to -Werror with clang for libressl.doug2017-08-131-2/+2
| | | | | Discussed with beck@ and jsing@ ok beck@
* Rewrite the TLS Renegotiation Indication extension handling using CBB/CBSjsing2017-07-241-2/+2
| | | | | | | | and the new extension framework. Feedback from doug@ ok inoguchi@
* Start rewriting TLS extension handling.jsing2017-07-161-2/+2
| | | | | | | | | | | | | | | | Introduce a TLS extension handling framework that has per-extension type functions to determine if an extension is needed, to build the extension data and parse the extension data. This is somewhat analogous to BoringSSL, however these build and parse functions are intentionally symetrical. The framework is hooked into the existing TLS handling code in such a way that we can gradual convert the extension handling code. Convert the TLS Server Name Indication extension to the new framework, while rewriting it to use CBB/CBS and be more strict in the process. Discussed with beck@ ok inoguchi@
* Only enable -Werror on libcrypto/libssl/libtls if we are building withjsing2017-04-301-2/+3
| | | | | | | gcc4. This should avoid failed builds while transitioning compilers. While here also make the CFLAGS blocks consistent across makefiles. Discussed with deraadt@, ok beck@
* Revert previous - we still want to do this, but I forgot about the installerbeck2017-04-291-2/+1
| | | | | and want to avoid the wrath of theo when he arrives home in a couple of hours :)
* We now require you to have a working libpthreadbeck2017-04-291-1/+2
|
* Provide a rolling handshake hash that commences as soon as the cipherjsing2017-03-051-2/+2
| | | | | | | | | | suite has been selected, and convert the final finish MAC to use this handshake hash. This is a first step towards cleaning up the current handshake buffer/digest code. ok beck@ inoguchi@
* Merge the single two line function from ssl_err2.c into ssl_err.c.jsing2017-01-261-2/+2
| | | | ok beck@
* Move relatively new version range code from ssl_lib.c into a separatejsing2017-01-261-2/+2
| | | | | | ssl_versions.c file. ok beck@
* Rename s3_{both,clnt,pkt_srvr}.c to have an ssl_ prefix since they are nojsing2017-01-261-2/+2
| | | | | | longer SSLv3 code. ok beck@
* Merge the client/server version negotiation into the existing (currentlyjsing2017-01-261-4/+3
| | | | | | fixed version) client/server code. ok beck@
* move manual pages from doc/ to man/ for consistency with otherschwarze2016-11-051-2/+2
| | | | | libraries, in particular considering that there are unrelated files in doc/; requested by jsing@ and beck@
* after getting rid of the pod files, clean up the Makefiles; ok bcook@schwarze2016-11-051-3/+6
|
* Remove generated Symbols.map on make clean.jsing2016-11-051-2/+2
| | | | ok guenther@
* Add an explict list of exported symbols with just the functionsguenther2016-11-041-1/+9
| | | | | | | declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS in the internal headers to optimize internal functions ok jsing@
* Update ld search path for libssl/libcrypto, fixes cross-build after source ↵bcook2016-09-191-3/+3
| | | | | | moved. from Patrick Wildt
* Generate pkg-config files at build time like everything else. Thisnatano2016-09-141-2/+3
| | | | | | | avoids permission problems due to the build and install stages being run by different users. ok deraadt jasper
* only regen pkg-config files when required; ok jaspernatano2016-09-041-3/+5
|
* Make tree build againbeck2016-09-031-2/+47
|
* Move build machinery for libcrypto from libssl/crypto to libcrypto, as wellmiod2014-04-111-11/+3
| | | | | | | | | as configuration files; split manpages and .pc files between libcrypto and libssl. No functional change, only there to make engineering easier, and libcrypto sources are still found in libssl/src/crypto at the moment. ok reyk@, also discussed with deraadt@ beck@ and the usual crypto suspects.
* remove hack to test and create /usr/lib/pkgconfig/ if needed, it's been sixjasper2011-05-261-3/+1
| | | | | | months since it was introduced so it's safe to assume people have this dir now. ok deraadt@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-21 11:08:16 +0000