| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
| |
This allows ctx->hs to be used throughout the TLSv1.3 code, rather than
S3I(ctx->ssl)->hs_tls13.
ok inoguchi@ tb@
|
| |
|
|
| |
ok tb@
|
| |
|
|
|
|
|
|
|
| |
Move tls13_connect() to a new tls13_client.c file and provide a legacy
wrapper to it, which allocates a struct tls_ctx if necessary. Also move
tls13_client_hello_send() to tls13_client.c and actual implement the
building of a client hello.
ok tb@
|
| |
|
|
|
|
|
| |
This means that we actually receive and send handshake messages to and from
the record layer.
ok tb@
|
| |
|
|
|
|
|
| |
Pull the shared code up into a function and call it from tls13_connect()
and tls13_accept() instead of duplicating it.
"Yes, please!" tb@
|
| |
|
|
|
|
|
|
|
| |
Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers.
Also provide wire read/write callbacks that interface with BIO and
functions that interface between SSL_read/SSL_write and the TLS 1.3 record
layer API.
ok tb@
|
| |
|
|
|
|
|
|
| |
While here, rename struct handshake to struct handshake_stage to avoid
potential ambiguity/conflict with the handshake data struct. Also add
forward and back pointers between SSL and struct tls13_ctx.
ok tb@
|
| |
|
|
|
|
|
|
| |
It receives handshake messages by reading and parsing data from the record
layer. It also provides support for building and sending handshake
messages.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
| |
This is entirely self-contained and knows nothing about SSL or BIO. The
bottom of the stack is provided by wire read and write callbacks, with the
API to the record layer primarily being via
tls13_{read,write}_{application,handshake}_data().
This currently lacks some functionality, however will be worked on in tree.
ok tb@
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
The I/O paths are from the tls13_handshake_send_action() and
tls13_handshake_recv_action() functions - both of these need to propagate
I/O conditions (EOF, failure, want poll in, want poll out) up the stack,
so we need to capture and return values <= 0. Use an I/O condition to
indicate successful handshake completion.
Also, the various send/recv functions are currently unimplemented, so
return 0 (failure) rather than 1 (success).
ok tb@
|
| |
|
|
|
|
|
|
| |
Update the handshake state tables and flag names according to the
design decisions and naming conventions in the hackroom. Garbage collect
some things that turn out not to belong here.
ok jsing
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The read callback returns a TLS13_IO_* value on EOF, failure, want pollin
or want pollout, or a positive value indicating the number of bytes read.
This will be used by upcoming TLSv1.3 handshake message and record
processing code, both of which need the ability to read a fixed size
header, before extending the buffer to the number of bytes specified in the
header.
ok beck@ tb@
|
| |
|
|
|
|
|
|
|
|
|
|
| |
When the RFC refers to ("") for key derivation, it is referring to the
transcript hash of an empty string, not an empty string. Rename
tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD *
and calculate the hash of an empty string so that we have it available
for the "derived" and other steps. Merge tls13_secrets_init() into
the same function, remove the EVP_MD * from other functions and use the
empty string hash at the appropriate places.
ok beck@ tb@
|
| | |
|
| |
|
|
|
|
| |
inspired by s2n's state machine. Lots of help and input from jsing.
ok beck, jsing
|
| |
|
|
| |
discussed with beck and jsing
|
|
|
ok jsing@ tb@
|
