|  | Commit message (Collapse) | Author | Age | Files | Lines | 
|---|
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names
used for internal headers. Move all these headers we inherited from
OpenSSL to *_local.h, reserving the name *_internal.h for our own code.
Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h.
constant_time_locl.h is moved to constant_time.h since it's special.
Adjust all .c files in libcrypto, libssl and regress.
The diff is mechanical with the exception of tls13_quic.c, where
#include <ssl_locl.h> was fixed manually.
discussed with jsing,
no objection bcook | 
| | 
| 
| 
| 
| 
| 
| | It makes more sense to have tls13_exporter() in tls13_key_schedule.c,
rather than tls13_lib.c
ok tb@ | 
| | 
| 
| 
| 
| 
| 
| 
| | Calling HKDF_expand() with a length of 0 happens to succeed due to a quirk
in the API inherited from BoringSSL.  This hides caller-side errors during
development.  Error out to catch such mistakes early on.
ok jsing | 
| | 
| 
| 
| 
| 
| | Needed for an upcoming diff adding a NULL check to CBB_finish().
ok jsing | 
| | 
| 
| 
| | suggested by jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| | ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| | These are two functions that will help streamlining various functions
in the TLSv1.3 code that do not need to know about the interna of this
struct.
input/ok jsing | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | This implements the key material exporter for TLSv1.3, as defined in
RFC8446 section 7.5.
Issue reported by nmathewson on github.
ok inoguchi@ tb@ | 
| | 
| 
| 
| 
| 
| | rather than the hash of an empty context
ok jsing@ | 
| | 
| 
| 
| | Spotted by maestre@, ok tb@ | 
| | 
| 
| 
| | Reported by Ben L <bobsayshilol at live dot co dot uk> | 
| | 
| 
| 
| | ok jsing@ | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | When the RFC refers to ("") for key derivation, it is referring to the
transcript hash of an empty string, not an empty string. Rename
tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD *
and calculate the hash of an empty string so that we have it available
for the "derived" and other steps. Merge tls13_secrets_init() into
the same function, remove the EVP_MD * from other functions and use the
empty string hash at the appropriate places.
ok beck@ tb@ | 
| | |  | 
| | 
| 
| 
| | discussed with beck and jsing | 
|  | ok jsing@ tb@ |