summaryrefslogtreecommitdiff
path: root/lib
AgeCommit message (Expand)Author
2020-02-06Re-enable the TLSv1.3 client since the known issues have been addressed.Joel Sing
2020-02-06Add a workaround to make SSL_set_session() work with TLSv1.3.Joel Sing
2020-02-06Add support for handling hello retry requests in the TLSv1.3 client.Joel Sing
2020-02-06Correctly handle key share extensions in a hello retry request.Joel Sing
2020-02-06Instead of opting in to futexes on archs with atomics opt out on archsJonathan Gray
2020-02-05Refactor the server hello processing code in the TLSv1.3 client.Joel Sing
2020-02-05Remove the hello retry request processing code that was previously added.Joel Sing
2020-02-05Provide tls1_transcript_unfreeze() to avoid the need for manual flagsJoel Sing
2020-02-05Pull the handshake message transcript code into its own function.Joel Sing
2020-02-05More precision regarding the openlog(3) *ident argument;Ingo Schwarze
2020-02-05Mention AUDIO_MIXER_{DEVINFO,READ,WRITE} in the "audio" sectionAlexandre Ratchov
2020-02-05Rework tls13_legacy_handshake_message_{recv,sent}_cb() to useTheo Buehler
2020-02-04Add support for TLSv1.3 key shares with secp256r1 and secp384r1 groups.Joel Sing
2020-02-04Free the transcript as soon as we initialise the transcript hash.Joel Sing
2020-02-01Correctly unpack client key shares.Joel Sing
2020-02-01Disable TLSv1.3 client while some known issues are being addressed.Joel Sing
2020-01-30Provide struct/functions for handling TLSv1.3 key shares.Joel Sing
2020-01-30Factor out/rewrite the ECDHE EC point key exchange code.Joel Sing
2020-01-29Remove dead prototypes.Joel Sing
2020-01-29If the TLSv1.3 code has not recorded an error and something already existsJoel Sing
2020-01-29Remove unused stub implementation of tls13_accept(). The correctTheo Buehler
2020-01-26Fix SSL_CIPHER_descriptionKinichiro Inoguchi
2020-01-26Avoid 32 bit right shift with unsigned int in crypto/cast/cast_lcl.hKinichiro Inoguchi
2020-01-26tweak previous; ok tbJason McIntyre
2020-01-26typoTheo Buehler
2020-01-26Document the change in EVP_chacha20(3).Theo Buehler
2020-01-26Improve the comment explaining why the previous change matches OpenSSL'sTheo Buehler
2020-01-26When an SSL method is set, bump the max version back to that of theJoel Sing
2020-01-26When switching back to a legacy client or server, ensure we reset theJoel Sing
2020-01-26Fix basement bug where record layer would not correctly deal withBob Beck
2020-01-26Add server side support for requesting client certificates in tls 1.3Bob Beck
2020-01-26Add client certificate support for tls 1.3Bob Beck
2020-01-26Add sigalgs for server side to enable client certificate processingBob Beck
2020-01-26Move pad and verify context into tls13_lib.cBob Beck
2020-01-26Adjust EVP_chacha20()'s behavior to match OpenSSL's semantics:Theo Buehler
2020-01-26Insert two nop instructions after each svc #0 instruction in userland.Mark Kettenis
2020-01-25Add an underbar for consistency.Theo Buehler
2020-01-25Revert change to certificate request check from r1.45.Joel Sing
2020-01-25Only perform the downgrade check if our max version is less than TLSv1.3.Joel Sing
2020-01-25Preserve the transcript hash for the client finished message,Bob Beck
2020-01-25Support legacy message callbacks. First step for SSL_set_msg_callback(3)Theo Buehler
2020-01-25Correct value for SSL_TLSEXT_MSG_HRR.Joel Sing
2020-01-25Only discard the extension block for client hello and server helloJoel Sing
2020-01-25Only send an RI extension for pre-TLSv1.3 versions.Joel Sing
2020-01-25It is possible to receive a pre-TLSv1.3 alert in response to a TLSv1.3Joel Sing
2020-01-25Correct backwards test so that we may accept a certificate requstBob Beck
2020-01-24Document `kern.allowdt' button.Martin Pieuchot
2020-01-24Complete the initial TLSv1.3 implementation.Joel Sing
2020-01-24Preserve the TLS transcript at additional points.Joel Sing
2020-01-24Permit 0 length writes, because openssl s_client is specialBob Beck