summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_lib.c (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Remove the alert level from the TLSv1.3 alert callback.jsing2019-03-171-2/+2
| | | | | | | | In TLSv1.3 the alert level is effectively meaningless and the record layer has already checked that it is appropriate. As such, drop it from the alert callback. ok tb@
* Don't index a void pointer, fixes compilation with visual studio.millert2019-03-041-2/+3
| | | | | Gcc/clang will treat void * as char * but this is non-standard. OK deraadt@ jsing@ inoguchi@
* Implement non-SSL_MODE_ENABLE_PARTIAL_WRITE in tls13_legacy_write_bytes().jsing2019-02-281-3/+34
| | | | | | | In non-SSL_MODE_ENABLE_PARTIAL_WRITE mode we have to write out all the things and only return success once all of the data has been sent. ok inoguchi@ tb@
* Automatically complete the handshake from tls13_legacy_{read,write}_bytes()jsing2019-02-281-1/+13
| | | | | | | | | | | | | | If the TLS handshake has not been completed, automatically complete the handshake as part of the read/write call, implementing the current SSL_read()/SSL_write() behaviour. Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT back up to the caller, since some applications appear to incorrectly call SSL_read() or SSL_write(), rather than repeating the previous call. This can lead to attempts to read data that does not exist, since the WANT_POLLIN was actually triggered as part of the handshake. ok inoguchi@ tb@
* Add appropriate length checks to tls13_legacy_{read,write}_bytes()jsing2019-02-281-3/+9
| | | | ok inoguchi@ tb@
* Correctly propagate EOF from BIO in tls13_legacy_wire_read().jsing2019-02-261-1/+3
| | | | ok tb@
* Set BIO retry on TLS13_IO_WANT_POLLIN/TLS13_IO_WANT_POLLOUT.jsing2019-02-231-1/+3
| | | | | | | | | | | In most cases a TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT will have bubbled up from the wire callbacks, in which case the BIO retry flag will already be set. However, if we return TLS13_IO_WANT_POLLIN or TLS13_IO_WANT_POLLOUT from a higher layer the BIO retry flag will not be set and that will cause SSL_get_error() to return SSL_ERROR_SYSCALL rather than the intended SSL_ERROR_WANT_READ/SSL_ERROR_WANT_WRITE. ok beck@ tb@
* Wire up alert handling for TLSv1.3.jsing2019-02-211-2/+32
| | | | | | | | | In TLSv1.3 there are two types of alerts "closure alerts" and "error alerts". This makes the record layer more strict and handles closure of the read and write channels. The callback then handles the record layer to SSL mapping/behaviour. ok tb@
* Provide the initial TLSv1.3 client implementation.jsing2019-01-211-3/+36
| | | | | | | | | Move tls13_connect() to a new tls13_client.c file and provide a legacy wrapper to it, which allocates a struct tls_ctx if necessary. Also move tls13_client_hello_send() to tls13_client.c and actual implement the building of a client hello. ok tb@
* Correct some rwstate handling that I broke when refactoring.jsing2019-01-211-3/+13
|
* Provide TLS 1.3 cipher AEAD/hash and legacy I/O handling functions.jsing2019-01-211-0/+197
Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers. Also provide wire read/write callbacks that interface with BIO and functions that interface between SSL_read/SSL_write and the TLS 1.3 record layer API. ok tb@
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-25 09:30:46 +0000