summaryrefslogtreecommitdiff
path: root/src/lib (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Provide a handshake message handling implementation for TLS 1.3.jsing2019-01-203-3/+213
| | | | | | | | It receives handshake messages by reading and parsing data from the record layer. It also provides support for building and sending handshake messages. ok tb@
* Provide an initial implementation of the TLS 1.3 record layer.jsing2019-01-203-6/+790
| | | | | | | | | | | This is entirely self-contained and knows nothing about SSL or BIO. The bottom of the stack is provided by wire read and write callbacks, with the API to the record layer primarily being via tls13_{read,write}_{application,handshake}_data(). This currently lacks some functionality, however will be worked on in tree. ok tb@
* Provide a way to get just the record header.jsing2019-01-202-7/+33
| | | | | | Also check record size limits when reading records and setting data. ok tb@
* revert second hunk of previous that was committed by accidenttb2019-01-201-2/+2
|
* Add missing prototype for tls13_handshake_active_action().tb2019-01-201-2/+4
| | | | ok jsing
* include stdint.h over sys/types.hbcook2019-01-201-2/+2
| | | | ok deraadt@ tedu@
* Add some internal consistency checks to the handshake state handling.jsing2019-01-201-9/+23
| | | | | | | | Fix the tls13_handshake_advance_state_machine() return value, which inadvertantly got flipped in an earlier commit. Also move this function to a more suitable location. ok tb@
* TLS 1.3 clients always need to send the supported groups extension.jsing2019-01-201-4/+5
| | | | | | A couple of cleanup/style tweaks while here. ok tb@
* Add an explicit flag to indicate a successful handshake insteadtb2019-01-201-8/+6
| | | | | | of overloading/abusing action->sender. ok jsing
* Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.tb2019-01-203-18/+35
| | | | | | | From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
* spelling;jmc2019-01-191-2/+2
|
* In evp.h rev. 1.71, tb@ added EVP_ENCODE_CTX_new(3) andschwarze2019-01-191-4/+38
| | | | | EVP_ENCODE_CTX_free(3). Docomuent them, in part using text from OpenSSL that was still published under a free license.
* Sort HDRS/SRCS lists and use one line per source file for maintainability.jsing2019-01-191-16/+44
| | | | ok tb@
* Add handshake message type checking and special case certificate requests.jsing2019-01-191-1/+30
| | | | | | | | | | | | | | Check that the handshake message type received matches that required by the state machine. However, thanks to poor state design in the TLSv1.3 RFC, there is no way to know if you're going to receive a certificate request message or not, hence we have to special case it and teach the receive handler how to handle this situation. Discussed at length with beck@ and tb@ during the hackathon. ok tb@
* Tweak return value handling in the TLSv1.3 handshake code.jsing2019-01-192-44/+47
| | | | | | | | | | | | | The I/O paths are from the tls13_handshake_send_action() and tls13_handshake_recv_action() functions - both of these need to propagate I/O conditions (EOF, failure, want poll in, want poll out) up the stack, so we need to capture and return values <= 0. Use an I/O condition to indicate successful handshake completion. Also, the various send/recv functions are currently unimplemented, so return 0 (failure) rather than 1 (success). ok tb@
* Provide a TLS record handling implementation.jsing2019-01-193-2/+220
| | | | | | | | | | This is a self-contained struct and set of functions that knows how to decode and read a TLS record from data supplied via a read callback, and send itself via a write callback. This will soon be used to build the TLSv1.3 record layer handling code. ok beck@ tb@
* bump minors after symbol additiontb2019-01-193-3/+3
|
* provide EVP_ENCODE_CTX_{new,free}().tb2019-01-193-2/+18
| | | | ok jsing
* $OpenBSD$tb2019-01-192-0/+2
|
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-193-12/+12
| | | | | | | Pass const method to EC_KEY_METHOD_get_*() to get rid of an XXX. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-199-63/+213
| | | | | | This commit adds missing API for ECDH/ECDSA_verify. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-1916-56/+659
| | | | | | | This commit adds init/free, support for signing, setting and getting the method, engine support as well as extra data. from markus
* copyrightbeck2019-01-181-1/+2
|
* bump copyright years appopriatelybeck2019-01-181-3/+3
|
* Add client side of supported versions and keyshare extensions with basic regressbeck2019-01-184-4/+262
| | | | ok jsing@
* Improve the description of locale dependency:schwarze2019-01-182-14/+20
| | | | | | | | * mention LC_COLLATE; * clarify that all these functions are infested, including the *_l() versions; * avoid ENVIRONMENT, these functions don't inspect it; * and point to the C library functions that change the locale. OK millert@
* Replace the vague, incorrect, and confusing BUGS sections with CAVEATSschwarze2019-01-183-12/+33
| | | | | | clearly stating which arguments have to be avoided, and mention the header files defining the constants required for the checks. Feedback and OK guenther@, OK bluhm@.
* Expose some symbols in a new tls13_handshake.h for regression testing.tb2019-01-183-99/+93
| | | | | | | | Update the handshake state tables and flag names according to the design decisions and naming conventions in the hackroom. Garbage collect some things that turn out not to belong here. ok jsing
* Remove this copy, we have decided we can do this in placebeck2019-01-183-1633/+2
| | | | ok jsing@
* Add support for RFC 8446 section 4.2 enforcing which extensions maybeck2019-01-181-8/+43
| | | | | appear with which messages. ok jsing@
* Rename TLS extension handling to use less "hello".jsing2019-01-184-220/+228
| | | | | | | | | | | | | | | | | | | | | | | When the TLS extension code was rewritten, TLS extensions could only exist in ClientHello and ServerHello messages - as such, they were named in pairs of *_clienthello_{needs,build} which would be called by the client and *_clienthello_parse. Likewise for *_serverhello_{needs,build} which would be called by a server and *_serverhello_parse, which would be called by a client. Enter TLSv1.3 - TLS extensions can now exist in one of seven messages, with only certain types being allowed to appear in each, meaning the naming scheme no longer works. Instead, rename them to indicate the caller rather than the message type - this effectively means: clienthello_needs -> client_needs clienthello_build -> client_build clienthello_parse -> server_parse serverhello_needs -> server_needs serverhello_build -> server_build serverhello_parse -> client_parse ok beck@ tb@
* Get rid of is_serverhello in preparation for other messagesbeck2019-01-171-13/+24
| | | | ok jsing@ tb@
* Provide an extensible buffer implementation that uses a read callback.jsing2019-01-173-3/+148
| | | | | | | | | | | | The read callback returns a TLS13_IO_* value on EOF, failure, want pollin or want pollout, or a positive value indicating the number of bytes read. This will be used by upcoming TLSv1.3 handshake message and record processing code, both of which need the ability to read a fixed size header, before extending the buffer to the number of bytes specified in the header. ok beck@ tb@
* Add support to enforce restrictions on where extensions can appearbeck2019-01-172-12/+38
| | | | | | as per RFC8446 section 4.2. Recognized extensions that appear in an incorrect message must abort the handshake. ok jsing@
* Add a direct copy of the exension parsing code to be modified for tls13.beck2019-01-173-2/+1596
| | | | | | At the moment this is mechanical, with the functions renamed. This will be refactored for tls13. ok jsing@
* For all functions known to be infected by LC_NUMERIC, add shortschwarze2019-01-162-4/+22
| | | | | | | | CAVEATS pointing to the new CAVEATS section in setlocale(3). Make those in wprintf(3) and wscanf(3) more concise since duplicate information is a bad idea. Incompleteness of information originally pointed out by millert@. OK millert@
* There are cases where a program doing dns requests wants to set theotto2019-01-141-2/+4
| | | | | Checking Disabled flag. Introduce a RES flag to do so. ok krw@ deraadt@ eric@
* Move default numer of pools in the multi-threaded case to 8. Various testsotto2019-01-101-2/+2
| | | | by me and others indicate that it is the optimum.
* Make the "not my pool" searching loop a tiny bit smarter, whileotto2019-01-102-22/+39
| | | | | | making the number of pools variable. Do not document the malloc conf settings atm, don't know yet if they will stay. Thanks to all the testers. ok deraadt@
* correct article;jmc2019-01-022-6/+6
|
* Make AES CCM available in tables.tb2018-12-261-1/+4
| | | | | | Omission reported by reyk and Alice Wonder. ok bcook jsing
* Make this page much more readable by deleting as much text as possibleschwarze2018-12-241-28/+9
| | | | | | | | | about functions that are deprecated, identical to other functions, and never made sense in the first place. As deraadt@ points out, we should not hide the information that matters in a heap of clutter. It would waste reader's time and make confusion and accidental misuse more likely. OK deraadt@ jmc@
* EVP_MD_CTX_cleanup() is deprecated and doesn't free, so recommend usingtb2018-12-234-12/+12
| | | | | | EVP_MD_CTX_free() instead if the goal is to avoid leaking memory. From my corresponding upstream commit, reminded by schwarze
* Document EVP_PKEY_new_mac_key(3);schwarze2018-12-221-8/+50
| | | | | from Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000.
* Delete irrelevant HISTORY details. Simply use BN_rand(3); thereschwarze2018-12-221-12/+2
| | | | | | | is no need to know at which time BN_pseudo_rand(3) was made the same as BN_rand(3). Considering that question might even mislead people to attempt ill-advised #ifdef'ing. Pointed out by deraadt@.
* The wrong header file was given for EVP_PKEY_CTX_set_signature_md(3).schwarze2018-12-211-13/+69
| | | | | | | | | | | | | Also clarify to which algorithms it applies. From Matt Caswell <matt at openssl dot org> via OpenSSL commit d45a97f4 Mar 5 17:41:49 2018 +0000. Document EVP_PKEY_CTX_get_rsa_padding(3), EVP_PKEY_CTX_get_rsa_pss_saltlen(3), EVP_PKEY_CTX_set_rsa_mgf1_md(3), and EVP_PKEY_CTX_get_rsa_mgf1_md(3). From Antoine Salon <asalon at vmware dot com> via OpenSSL commit 87103969 Oct 1 14:11:57 2018 -0700 from the OpenSSL_1_1_1-stable branch, which is still under a free license.
* Document the ECDSA_SIG_new(3) return value.schwarze2018-12-211-2/+10
| | | | | | Inspired by OpenSSL commit 6da34cfb Jun 2 16:17:32 2018 -0400 by Ken Goldman <kgoldman at us dot ibm dot com>, but use the same wording as in ASN1_item_new(3) instead.
* Clarify behaviour of DH_get0_pqg(3) and DH_get0_key(3) with NULL arguments;schwarze2018-12-211-4/+19
| | | | | from <Matthias dot St dot Pierre at ncp dash e dot com> via OpenSSL commit 5777254b May 27 09:07:07 2018 +0200.
* grammar and style fixes from wesinator at githubschwarze2018-12-211-13/+14
| | | | via OpenSSL commit 521738e9 Oct 5 14:58:30 2018 -0400
* Since OpenBSD 6.1, BN_pseudo_rand*(3) does the same as BN_rand*(3).schwarze2018-12-211-10/+18
| | | | | Say so, and note that OpenSSL followed suit in 1.1.0 according to OpenSSL commit 5ecff87d Jun 21 13:55:02 2017 +0100.
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 08:07:40 +0000