openbsd - A mirror of https://github.com/libressl/openbsd.git

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	revert second hunk of previous that was committed by accident	tb	2019-01-20	1	-2/+2
\|
*	Add missing prototype for tls13_handshake_active_action().	tb	2019-01-20	1	-2/+4
\| \| \| \|	ok jsing
*	Add some internal consistency checks to the handshake state handling.	jsing	2019-01-20	1	-9/+23
\| \| \| \| \| \| \| \|	Fix the tls13_handshake_advance_state_machine() return value, which inadvertantly got flipped in an earlier commit. Also move this function to a more suitable location. ok tb@
*	Add an explicit flag to indicate a successful handshake instead	tb	2019-01-20	1	-8/+6
\| \| \| \| \| \|	of overloading/abusing action->sender. ok jsing
*	Add handshake message type checking and special case certificate requests.	jsing	2019-01-19	1	-1/+30
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Check that the handshake message type received matches that required by the state machine. However, thanks to poor state design in the TLSv1.3 RFC, there is no way to know if you're going to receive a certificate request message or not, hence we have to special case it and teach the receive handler how to handle this situation. Discussed at length with beck@ and tb@ during the hackathon. ok tb@
*	Tweak return value handling in the TLSv1.3 handshake code.	jsing	2019-01-19	1	-42/+44
\| \| \| \| \| \| \| \| \| \| \| \| \|	The I/O paths are from the tls13_handshake_send_action() and tls13_handshake_recv_action() functions - both of these need to propagate I/O conditions (EOF, failure, want poll in, want poll out) up the stack, so we need to capture and return values <= 0. Use an I/O condition to indicate successful handshake completion. Also, the various send/recv functions are currently unimplemented, so return 0 (failure) rather than 1 (success). ok tb@
*	Expose some symbols in a new tls13_handshake.h for regression testing.	tb	2019-01-18	1	-92/+40
\| \| \| \| \| \| \| \|	Update the handshake state tables and flag names according to the design decisions and naming conventions in the hackroom. Garbage collect some things that turn out not to belong here. ok jsing
*	Nuke trailing whitespace	beck	2018-11-11	1	-6/+6
\|
*	Tweak and improve the TLSv1.3 state machine.	jsing	2018-11-10	1	-24/+46
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	- Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
*	Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.	tb	2018-11-10	1	-30/+28
\| \| \| \|	ok jsing
*	Use "send" and "recv" consistently instead of mixing them with "read"	tb	2018-11-09	1	-98/+108
\| \| \| \| \| \|	and "write". Use self-documenting C99 initializers. ok bcook, jsing
*	Correct defines for writer tests in connect/accept loops.	jsing	2018-11-09	1	-3/+3
\| \| \| \|	ok tb@
*	Correct function naming for tls13_handshake_advance_state_machine().	jsing	2018-11-09	1	-4/+2
\| \| \| \|	ok tb@
*	First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and	tb	2018-11-08	1	-0/+538
	inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing