Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.8, Wed Jan 5 17:10:02 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
CVS Tags: HEAD
Changes since 1.7: +1 -1 lines
FILE REMOVED
Rename tls13_key_share to tls_key_share. In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
Revision 1.7 / (download) - annotate - [select for diffs], Tue Jan 4 11:01:58 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.6: +4 -22 lines
Diff to previous 1.6 (colored)
Pull key share group/length CBB code up from tls13_key_share_public() This provides better symmetry with the parsing code and will allow for better reuse with the legacy stack, which has different message structures. ok inoguchi@ tb@
Revision 1.6 / (download) - annotate - [select for diffs], Sat Apr 18 14:07:56 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0,
OPENBSD_6_9_BASE,
OPENBSD_6_9,
OPENBSD_6_8_BASE,
OPENBSD_6_8,
OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.5: +17 -1 lines
Diff to previous 1.5 (colored)
Expose the peer ephemeral public key used for TLSv1.3 key exchange. SSL_get_server_tmp_key() provides the peer ephemeral public key used for key exchange. In the case of TLSv1.3 this is essentially the peer public key from the key share used for TLSv1.3 key exchange, hence make it availaable via SSL_get_server_tmp_key(). ok inoguchi@ tb@
Revision 1.5 / (download) - annotate - [select for diffs], Sat Apr 18 13:43:47 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.4: +12 -21 lines
Diff to previous 1.4 (colored)
Allow more key share groups for TLSv1.3. The key share code previously only allowed for key shares to be generated using one of the groups in our default list (X25519, secp256r1, secp384r1). Relax this and allow key shares using any of the groups in our NID list. ok inoguchi@ tb@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Apr 17 17:16:53 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.3: +17 -9 lines
Diff to previous 1.3 (colored)
Generate client key share using our preferred group. Generate a client key share using our preferred group, rather than always using X25519. This means that the key share group can be controlled via SSL{_CTX,}_set1_groups() and SSL{_CTX,}_set1_groups_list(). ok beck@
Revision 1.3 / (download) - annotate - [select for diffs], Tue Feb 4 18:06:26 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.2: +98 -5 lines
Diff to previous 1.2 (colored)
Add support for TLSv1.3 key shares with secp256r1 and secp384r1 groups. ok inoguchi@ tb@
Revision 1.2 / (download) - annotate - [select for diffs], Sat Feb 1 12:41:58 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.1: +2 -10 lines
Diff to previous 1.1 (colored)
Correctly unpack client key shares. Even if we're not processing/using the peer public key from the key share, we still need to unpack it in order to parse the TLS extension correctly. Resolves issues with TLSv1.3 clients talking to TLSv1.2 server. ok tb@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Jan 30 17:09:23 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Provide struct/functions for handling TLSv1.3 key shares. Pull out the key share handling code and provide a clean/self contained interface. This will make it easier to support groups other than X25519. ok beck@ inoguchi@ tb@