summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_key_schedule.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Make internal header file names consistenttb2022-11-261-2/+2
| | | | | | | | | | | | | | | | Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
* Move tls13_exporter() code.jsing2022-11-071-1/+72
| | | | | | | It makes more sense to have tls13_exporter() in tls13_key_schedule.c, rather than tls13_lib.c ok tb@
* Error out if the out secret wasn't properly initializedtb2022-10-141-2/+6
| | | | | | | | Calling HKDF_expand() with a length of 0 happens to succeed due to a quirk in the API inherited from BoringSSL. This hides caller-side errors during development. Error out to catch such mistakes early on. ok jsing
* Initialize hkdf_label to NULL.tb2022-07-071-2/+2
| | | | | | Needed for an upcoming diff adding a NULL check to CBB_finish(). ok jsing
* Avoid local variable in tls13_secret_init().tb2021-01-051-6/+2
| | | | suggested by jsing
* Use KNF for licence commenttb2021-01-051-2/+3
| | | | ok jsing
* Move tls13_secrets_destroy() below _create()tb2021-01-051-29/+29
| | | | ok jsing
* Convert tls13_secrets_{create,destroy}() to tls13_secret_{init,cleanup}()tb2021-01-051-71/+34
| | | | ok jsing
* Add tls13_secret_{init,cleanup}()tb2021-01-051-1/+26
| | | | | | | | These are two functions that will help streamlining various functions in the TLSv1.3 code that do not need to know about the interna of this struct. input/ok jsing
* Implement exporter for TLSv1.3.jsing2020-11-161-3/+21
| | | | | | | | | This implements the key material exporter for TLSv1.3, as defined in RFC8446 section 7.5. Issue reported by nmathewson on github. ok inoguchi@ tb@
* Correct update of application traffic secrets to use an empty contextbeck2019-11-171-3/+7
| | | | | | rather than the hash of an empty context ok jsing@
* NULL out mdctx to prevent possible double free introduced in version 1.4beck2018-11-131-1/+2
| | | | Spotted by maestre@, ok tb@
* Avoid a double allocation and memory leak.jsing2018-11-101-4/+2
| | | | Reported by Ben L <bobsayshilol at live dot co dot uk>
* Fix last of the empty hash nonsensebeck2018-11-101-26/+3
| | | | ok jsing@
* Fix the TLSv1.3 key schedule implementation.jsing2018-11-091-56/+81
| | | | | | | | | | | | When the RFC refers to ("") for key derivation, it is referring to the transcript hash of an empty string, not an empty string. Rename tls13_secrets_new() to tls13_secrets_create(), make it take an EVP_MD * and calculate the hash of an empty string so that we have it available for the "derived" and other steps. Merge tls13_secrets_init() into the same function, remove the EVP_MD * from other functions and use the empty string hash at the appropriate places. ok beck@ tb@
* KNFbeck2018-11-081-3/+4
|
* Move #include <openssl/evp.h> to the header.tb2018-11-081-2/+1
| | | | discussed with beck and jsing
* Add initial TLS 1.3 key schedule support with basic regress testsbeck2018-11-071-0/+375
ok jsing@ tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-04 02:04:35 +0000