| Age | Commit message (Collapse) | Author |
|---|
|
This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also
introduce tls_internal.h and move/rename the read/write/flush callbacks.
ok beck@ tb@
|
|
Currently, the plaintext content from opened TLS records is handled via
the rbuf code in the TLSv1.3 record layer. Factor this out and provide a
separate struct tls_content, which knows how to track and manipulate the
content.
This makes the TLSv1.3 code cleaner, however it will also soon also be used
to untangle parts of the legacy record layer.
ok beck@ tb@
|
|
For TLSv1.2 a single key block is generated, then partitioned into
individual secrets for use as IVs and keys. The previous implementation
splits this across two functions tls1_setup_key_block() and
tls1_change_cipher_state(), which means that the IV and key sizes have to
be known in multiple places.
This implementation generates and partitions the key block in a single
step, meaning that the secrets are then simply handed out when requested.
ok inoguchi@ tb@
|
|
Make this process more readable by having specific client/server functions,
calling the correct one based on s->server. This allows to remove various
SSL_ST_ACCEPT/SSL_ST_CONNECT checks, along with duplicate code.
ok inoguchi@ tb@
|
|
The d1_{clnt,srvr}.c contain a single function each - merge these into the
ssl_{clnt,srvr}.c, renaming them with an ssl3_ prefix for consistency.
ok beck@ tb@
|
|
This takes the same design/approach used in TLSv1.3 and provides an
opaque struct that is self contained and cannot reach back into other
layers. For now this just implements/replaces the writing of records
for DTLSv1/TLSv1.0/TLSv1.1/TLSv1.2. In doing so we stop copying the
plaintext into the same buffer that is used to transmit to the wire.
ok inoguchi@ tb@
|
|
how our tree gets built. If this was done in all the libraries (imagine
sys/dev), it would disrupt the development process hugely. So it should
not be done here either. use 'make includes' by hand instead.
|
|
This makes it easier to debug TLSv1.3 handshake failures.
"Yes please!" tb@, ok beck@
|
|
Like much of the original DTLS code, dtls1_enc() is effectively a renamed
copy of tls1_enc(). Since then tls1_enc() has been modified, however the
non-AEAD code remains largely the same. As such, remove dtls1_enc() and
instead call tls1_enc() from the DTLS code.
The tls1_enc() AEAD code does not currently work correctly with DTLS,
however this is a non-issue since we do not support AEAD cipher suites with
DTLS currently.
ok tb@
|
|
separate file.
Discussed with beck@ and tb@
|
|
Pull out the key share handling code and provide a clean/self contained
interface. This will make it easier to support groups other than X25519.
ok beck@ inoguchi@ tb@
|
|
This reduces replication between the existing TLS client/server and allows
the code to soon be reused for TLSv1.3.
With feedback from inoguchi@ and tb@
ok inoguchi@ tb@
|
|
been installed prior to building.
Requested by and ok tb@
|
|
ok beck@ tb@
|
|
This is based on the libtls error handling code, but adds machine readable
codes and subcodes. We then map these codes back to libssl error codes.
ok beck@ inoguchi@
|
|
ok beck@
|
|
ok inoguchi@ tb@
|
|
ok tb@
|
|
ok bcook
|
|
Move tls13_connect() to a new tls13_client.c file and provide a legacy
wrapper to it, which allocates a struct tls_ctx if necessary. Also move
tls13_client_hello_send() to tls13_client.c and actual implement the
building of a client hello.
ok tb@
|
|
will be used in a few places shortly, e.g. in
ssl_cipher_list_to_bytes().
ok jsing
|
|
Provide functionality for determining AEADs and hashes for TLS 1.3 ciphers.
Also provide wire read/write callbacks that interface with BIO and
functions that interface between SSL_read/SSL_write and the TLS 1.3 record
layer API.
ok tb@
|
|
It receives handshake messages by reading and parsing data from the record
layer. It also provides support for building and sending handshake
messages.
ok tb@
|
|
This is entirely self-contained and knows nothing about SSL or BIO. The
bottom of the stack is provided by wire read and write callbacks, with the
API to the record layer primarily being via
tls13_{read,write}_{application,handshake}_data().
This currently lacks some functionality, however will be worked on in tree.
ok tb@
|
|
ok tb@
|
|
This is a self-contained struct and set of functions that knows how to
decode and read a TLS record from data supplied via a read callback, and
send itself via a write callback.
This will soon be used to build the TLSv1.3 record layer handling code.
ok beck@ tb@
|
|
ok jsing@
|
|
The read callback returns a TLS13_IO_* value on EOF, failure, want pollin
or want pollout, or a positive value indicating the number of bytes read.
This will be used by upcoming TLSv1.3 handshake message and record
processing code, both of which need the ability to read a fixed size
header, before extending the buffer to the number of bytes specified in the
header.
ok beck@ tb@
|
|
At the moment this is mechanical, with the functions renamed. This will be
refactored for tls13.
ok jsing@
|
|
that will be usable with TLS 1.3 with less eye bleed.
ok jsing@ tb@
|
|
inspired by s2n's state machine. Lots of help and input from jsing.
ok beck, jsing
|
|
ok jsing@ tb@
|
|
Discussed with tb@
|
|
This adds OPENSSL_init_crypto and OPENSSL_init_ssl, as well
thread safety modifications for the existing LibreSSL init
functions. The initialization routines are called automatically
by the normal entry points into the library, as in newer OpenSSL
ok jsing@, nits by tb@ and deraadt@
|
|
Discussed with beck@ and jsing@
ok beck@
|
|
and the new extension framework.
Feedback from doug@
ok inoguchi@
|
|
Introduce a TLS extension handling framework that has per-extension type
functions to determine if an extension is needed, to build the extension
data and parse the extension data. This is somewhat analogous to BoringSSL,
however these build and parse functions are intentionally symetrical. The
framework is hooked into the existing TLS handling code in such a way that
we can gradual convert the extension handling code.
Convert the TLS Server Name Indication extension to the new framework,
while rewriting it to use CBB/CBS and be more strict in the process.
Discussed with beck@
ok inoguchi@
|
|
gcc4. This should avoid failed builds while transitioning compilers.
While here also make the CFLAGS blocks consistent across makefiles.
Discussed with deraadt@, ok beck@
|
|
and want to avoid the wrath of theo when he arrives home in a couple
of hours :)
|
|
|
|
suite has been selected, and convert the final finish MAC to use this
handshake hash.
This is a first step towards cleaning up the current handshake
buffer/digest code.
ok beck@ inoguchi@
|
|
ok beck@
|
|
ssl_versions.c file.
ok beck@
|
|
longer SSLv3 code.
ok beck@
|
|
fixed version) client/server code.
ok beck@
|
|
libraries, in particular considering that there are unrelated
files in doc/; requested by jsing@ and beck@
|
|
|
|
ok guenther@
|
|
declared in the public headers, and use __{BEGIN,END}_HIDDEN_DECLS
in the internal headers to optimize internal functions
ok jsing@
|
|
moved.
from Patrick Wildt
|
