summaryrefslogtreecommitdiff
path: root/src (follow)
Commit message (Collapse)AuthorAgeFilesLines
...
* Move struct tls13_ctx into a header since other things need access to it.jsing2019-01-213-21/+21
| | | | | | | | While here, rename struct handshake to struct handshake_stage to avoid potential ambiguity/conflict with the handshake data struct. Also add forward and back pointers between SSL and struct tls13_ctx. ok tb@
* Ensure we free TLS 1.3 handshake state.jsing2019-01-211-6/+11
| | | | | | | | There is no guarantee that ssl3_clear() is called before ssl3_free(), so free things here. Also move the chunk in ssl3_clear() up so that it is with the "free" code rather than the "reinit" code. ok beck@ tb@
* Teach ssl_version_string() about TLS1_3_VERSION.jsing2019-01-211-1/+3
|
* Store the record version and make it available for use.jsing2019-01-212-10/+21
| | | | | | While here correct an int vs size_t mismatch. ok tb@
* Fix header guardtb2019-01-201-2/+5
|
* Provide a handshake message handling implementation for TLS 1.3.jsing2019-01-203-3/+213
| | | | | | | | It receives handshake messages by reading and parsing data from the record layer. It also provides support for building and sending handshake messages. ok tb@
* Provide an initial implementation of the TLS 1.3 record layer.jsing2019-01-203-6/+790
| | | | | | | | | | | This is entirely self-contained and knows nothing about SSL or BIO. The bottom of the stack is provided by wire read and write callbacks, with the API to the record layer primarily being via tls13_{read,write}_{application,handshake}_data(). This currently lacks some functionality, however will be worked on in tree. ok tb@
* Update record regress to match functionality changes.jsing2019-01-201-6/+37
|
* Provide a way to get just the record header.jsing2019-01-202-7/+33
| | | | | | Also check record size limits when reading records and setting data. ok tb@
* hook handshake testtb2019-01-201-1/+2
|
* Add a simple test that verifies that every valid handshaketb2019-01-202-0/+76
| | | | sets action->handshake_complete.
* revert second hunk of previous that was committed by accidenttb2019-01-201-2/+2
|
* Add missing prototype for tls13_handshake_active_action().tb2019-01-201-2/+4
| | | | ok jsing
* include stdint.h over sys/types.hbcook2019-01-201-2/+2
| | | | ok deraadt@ tedu@
* Add some internal consistency checks to the handshake state handling.jsing2019-01-201-9/+23
| | | | | | | | Fix the tls13_handshake_advance_state_machine() return value, which inadvertantly got flipped in an earlier commit. Also move this function to a more suitable location. ok tb@
* TLS 1.3 clients always need to send the supported groups extension.jsing2019-01-201-4/+5
| | | | | | A couple of cleanup/style tweaks while here. ok tb@
* Add an explicit flag to indicate a successful handshake insteadtb2019-01-201-8/+6
| | | | | | of overloading/abusing action->sender. ok jsing
* Fix BN_is_prime_* calls in openssl(1), the API returns -1 on error.tb2019-01-201-4/+8
| | | | | | | Found thanks to BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
* Fix BN_is_prime_* calls in libcrypto, the API returns -1 on error.tb2019-01-203-18/+35
| | | | | | | From BoringSSL's commit 53409ee3d7595ed37da472bc73b010cd2c8a5ffd by David Benjamin. ok djm, jsing
* change the default digest used byjsg2019-01-192-4/+4
| | | | | | | | openssl x509 -fingerprint openssl crl -fingerprint from sha1 to sha256 ok jsing@
* spelling;jmc2019-01-191-2/+2
|
* In evp.h rev. 1.71, tb@ added EVP_ENCODE_CTX_new(3) andschwarze2019-01-191-4/+38
| | | | | EVP_ENCODE_CTX_free(3). Docomuent them, in part using text from OpenSSL that was still published under a free license.
* Sort HDRS/SRCS lists and use one line per source file for maintainability.jsing2019-01-191-16/+44
| | | | ok tb@
* Add handshake message type checking and special case certificate requests.jsing2019-01-191-1/+30
| | | | | | | | | | | | | | Check that the handshake message type received matches that required by the state machine. However, thanks to poor state design in the TLSv1.3 RFC, there is no way to know if you're going to receive a certificate request message or not, hence we have to special case it and teach the receive handler how to handle this situation. Discussed at length with beck@ and tb@ during the hackathon. ok tb@
* Tweak return value handling in the TLSv1.3 handshake code.jsing2019-01-192-44/+47
| | | | | | | | | | | | | The I/O paths are from the tls13_handshake_send_action() and tls13_handshake_recv_action() functions - both of these need to propagate I/O conditions (EOF, failure, want poll in, want poll out) up the stack, so we need to capture and return values <= 0. Use an I/O condition to indicate successful handshake completion. Also, the various send/recv functions are currently unimplemented, so return 0 (failure) rather than 1 (success). ok tb@
* Hook record regress.jsing2019-01-191-1/+3
|
* Add regress for TLSv1.3 record handling.jsing2019-01-192-0/+533
|
* Provide a TLS record handling implementation.jsing2019-01-193-2/+220
| | | | | | | | | | This is a self-contained struct and set of functions that knows how to decode and read a TLS record from data supplied via a read callback, and send itself via a write callback. This will soon be used to build the TLSv1.3 record layer handling code. ok beck@ tb@
* bump minors after symbol additiontb2019-01-193-3/+3
|
* provide EVP_ENCODE_CTX_{new,free}().tb2019-01-193-2/+18
| | | | ok jsing
* $OpenBSD$tb2019-01-192-0/+2
|
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-193-12/+12
| | | | | | | Pass const method to EC_KEY_METHOD_get_*() to get rid of an XXX. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-199-63/+213
| | | | | | This commit adds missing API for ECDH/ECDSA_verify. from markus
* Partial port of EC_KEY_METHOD from OpenSSL 1.1.tb2019-01-1916-56/+659
| | | | | | | This commit adds init/free, support for signing, setting and getting the method, engine support as well as extra data. from markus
* switch the default algorithm for the dgst command from MD5 to SHA256naddy2019-01-182-6/+6
| | | | ok deraadt@
* Add -iter and -pbkdf2 to the usage synopsis.naddy2019-01-181-15/+17
| | | | | | Reorder option descriptions so -iter and -pbkdf2 show up alphabetically. Add missing argument name for -iter. ok jmc@
* initialize offset value so this passesbeck2019-01-181-0/+1
| | | | ok jsing@
* copyrightbeck2019-01-181-1/+2
|
* bump copyright years appopriatelybeck2019-01-181-3/+3
|
* Add client side of supported versions and keyshare extensions with basic regressbeck2019-01-185-5/+454
| | | | ok jsing@
* Improve the description of locale dependency:schwarze2019-01-182-14/+20
| | | | | | | | * mention LC_COLLATE; * clarify that all these functions are infested, including the *_l() versions; * avoid ENVIRONMENT, these functions don't inspect it; * and point to the C library functions that change the locale. OK millert@
* Replace the vague, incorrect, and confusing BUGS sections with CAVEATSschwarze2019-01-183-12/+33
| | | | | | clearly stating which arguments have to be avoided, and mention the header files defining the constants required for the checks. Feedback and OK guenther@, OK bluhm@.
* tweak previous;jmc2019-01-181-7/+7
|
* Expose some symbols in a new tls13_handshake.h for regression testing.tb2019-01-183-99/+93
| | | | | | | | Update the handshake state tables and flag names according to the design decisions and naming conventions in the hackroom. Garbage collect some things that turn out not to belong here. ok jsing
* Removed unused struct members.jsing2019-01-181-2/+0
|
* Add the -iter and -pbkdf2 argumenst to encbeck2019-01-181-2/+11
|
* Change the default digest type to sha256, and add support forbeck2019-01-181-5/+44
| | | | | pbkdf2 with OpenSSL compatible flags ok jsing@
* Remove this copy, we have decided we can do this in placebeck2019-01-183-1633/+2
| | | | ok jsing@
* Add support for RFC 8446 section 4.2 enforcing which extensions maybeck2019-01-181-8/+43
| | | | | appear with which messages. ok jsing@
* Update regress following TLS extension renaming.jsing2019-01-182-379/+378
|
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-03-19 11:34:02 +0000