![[BACK]](/icons/back.gif){kind=icon}
Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.73 / (download) - annotate - [select for diffs], Sat Feb 3 19:57:14 2024 UTC (4 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
HEAD
Changes since 1.72: +14 -12 lines
Diff to previous 1.72 (colored)
Rework the exit path of tls13_handshake_recv_action() If an error occurs in action->recv() for a handshake that needs to downgrade to legacy TLS, the artistic exit path led to hiding the error under TLS13_IO_USE_LEGACY. Rework the exit path to be easier to follow, preserving behavior except that the error can no longer be masked. Detailed analysis and initial diff by Masaru Masuda. Fixes https://github.com/libressl/openbsd/issues/146 ok beck
Revision 1.72 / (download) - annotate - [select for diffs], Sat Nov 26 16:08:56 2022 UTC (18 months, 2 weeks ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3
Changes since 1.71: +2 -2 lines
Diff to previous 1.71 (colored)
Make internal header file names consistent Libcrypto currently has a mess of *_lcl.h, *_locl.h, and *_local.h names used for internal headers. Move all these headers we inherited from OpenSSL to *_local.h, reserving the name *_internal.h for our own code. Similarly, move dtls_locl.h and ssl_locl.h to dtls_local and ssl_local.h. constant_time_locl.h is moved to constant_time.h since it's special. Adjust all .c files in libcrypto, libssl and regress. The diff is mechanical with the exception of tls13_quic.c, where #include <ssl_locl.h> was fixed manually. discussed with jsing, no objection bcook
Revision 1.71 / (download) - annotate - [select for diffs], Tue Apr 19 17:01:43 2022 UTC (2 years, 1 month ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.70: +1 -3 lines
Diff to previous 1.70 (colored)
Drop unused KeyUpdate from debug printf The handshake state machine does not handle key updates since that's a post-handshake handshake message. This is code under #ifdef TLS13_DEBUG and if it is ever to be reused in tls13_handshake_msg.c, that will have to be revisited. ok inoguchi jsing
Revision 1.70 / (download) - annotate - [select for diffs], Thu Sep 16 19:25:30 2021 UTC (2 years, 8 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1,
OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.69: +29 -3 lines
Diff to previous 1.69 (colored)
Implement flushing for TLSv1.3 handshakes. When we finish sending a flight of records, flush the record layer output. This effectively means calling BIO_flush() on the wbio. Some things (such as apache2) have custom BIOs that perform buffering and do not actually send on BIO_write(). Without BIO_flush() the server thinks it has sent data and starts receiving records, however the client never sends records since it never received those that the server should have sent. Joint work with tb@ ok tb@
Revision 1.69 / (download) - annotate - [select for diffs], Thu Jul 1 17:53:39 2021 UTC (2 years, 11 months ago) by jsing
Branch: MAIN
Changes since 1.68: +2 -2 lines
Diff to previous 1.68 (colored)
Merge SSL_METHOD_INTERNAL into SSL_METHOD. Now that SSL_METHOD is opaque and in internal headers, we can remove SSL_METHOD_INTERNAL by merging it back into SSL_METHOD. ok tb@
Revision 1.68 / (download) - annotate - [select for diffs], Mon Jun 28 18:48:56 2021 UTC (2 years, 11 months ago) by tb
Branch: MAIN
Changes since 1.67: +3 -3 lines
Diff to previous 1.67 (colored)
Use the order action->sender == ctx->mode everywhere for consistency.
Revision 1.67 / (download) - annotate - [select for diffs], Mon Jun 28 18:42:17 2021 UTC (2 years, 11 months ago) by tb
Branch: MAIN
Changes since 1.66: +3 -3 lines
Diff to previous 1.66 (colored)
ctx->alert is not a boolean, so compare it explicitly against 0.
Revision 1.66 / (download) - annotate - [select for diffs], Mon Jun 28 15:35:14 2021 UTC (2 years, 11 months ago) by tb
Branch: MAIN
Changes since 1.65: +184 -6 lines
Diff to previous 1.65 (colored)
Expand info callback support for TLSv1.3 During the TLSv1.3 handshake, update the legacy state and call the info callback at the appropriate moment. This is done by mapping the TLSv1.3 states to the states in the old state machine whenever that is possible. The callbacks are called at the beginning and end of the handshake, and just before the state machine advances. This should fix a periodic warning in logs of tor relays about a variable that wasn't set although it should have been. input/ok jsing, ok inoguchi (early version)
Revision 1.65 / (download) - annotate - [select for diffs], Sun Mar 21 18:36:34 2021 UTC (3 years, 2 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.64: +7 -5 lines
Diff to previous 1.64 (colored)
Move the TLSv1.3 handshake struct inside the shared handshake struct. There are currently three different handshake structs that are in use - the SSL_HANDSHAKE struct (as S3I(s)->hs), the SSL_HANDSHAKE_TLS13 struct (as S3I(s)->hs_tls13 or ctx->hs in the TLSv1.3 code) and the infamous 'tmp' embedded in SSL3_STATE_INTERNAL (as S3I(s)->tmp)). This is the first step towards cleaning up the handshake structs so that shared data is in the SSL_HANDSHAKE struct, with sub-structs for TLSv1.2 and TLSv1.3 specific information. Place SSL_HANDSHAKE_TLS13 inside SSL_HANDSHAKE and change ctx->hs to refer to the SSL_HANDSHAKE struct instead of the SSL_HANDSHAKE_TLS13 struct. This allows the TLSv1.3 code to access the shared handshake data without needing the SSL struct. ok inoguchi@ tb@
Revision 1.64 / (download) - annotate - [select for diffs], Thu Jul 30 16:23:17 2020 UTC (3 years, 10 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.63: +10 -1 lines
Diff to previous 1.63 (colored)
Add minimal info callback support for TLSv1.3 As abieber@ found the hard way, some python frameworks (twisted, synapse) thought it a great idea to use the info callback mechanism (designed to get state information about SSL objects) to modify state information such as setting and verifying the SNI. The switch of TLS_method() to default to TLSv1.3 broke these contraptions. Further bits of the info callback mechanism will likely metastasize throughout the TLSv1.3 stack if we need them, so we only do what's really necessary now. Lots of debugging, crucial hint and testing by abieber input & ok jsing
Revision 1.63 / (download) - annotate - [select for diffs], Tue Jun 2 13:57:09 2020 UTC (4 years ago) by tb
Branch: MAIN
Changes since 1.62: +3 -3 lines
Diff to previous 1.62 (colored)
Remove const modifier in return type of tls13_handshake_active_state() which make no sense as pointed out by gcc on sparc64. ok jsing
Revision 1.62 / (download) - annotate - [select for diffs], Sun May 10 17:13:29 2020 UTC (4 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.61: +14 -1 lines
Diff to previous 1.61 (colored)
Send dummy ChangeCipherSpec messages from the TLSv1.3 server If the client has requested middle box compatibility mode by sending a non-empty legacy_session_id, the server must send a dummy CCS right after its first handshake message. This means right after ServerHello or HelloRetryRequest. Two important improvements over the backed-out diffr: make sure that First: client and server can send their dummy CCS at the correct moment (right before the next flight or right after the current flight). Second: as jsing noted, we also need to deal with the corner case that tls13_send_dummy_ccs() can return TLS13_IO_WANT_POLLOUT. with/ok jsing
Revision 1.61 / (download) - annotate - [select for diffs], Sun May 10 16:56:11 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.60: +3 -3 lines
Diff to previous 1.60 (colored)
Provide alert defines for TLSv1.3 and use in the TLSv1.3 code. Rather than using a mess of SSL_AL_*, SSL_AD_*, SSL3_AD_* and TLS1_AD_* defines, provide our own TLS13_ALERT_* defines and use those. This also provides the alerts that are new to TLSv1.3. ok beck@
Revision 1.60 / (download) - annotate - [select for diffs], Sun May 10 14:22:51 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.59: +57 -2 lines
Diff to previous 1.59 (colored)
Provide an easy way to get debug information from TLSv1.3 handshakes. This makes it easier to debug TLSv1.3 handshake failures. "Yes please!" tb@, ok beck@
Revision 1.59 / (download) - annotate - [select for diffs], Sat May 9 20:38:19 2020 UTC (4 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.58: +1 -8 lines
Diff to previous 1.58 (colored)
Back out server side CCS sending. It breaks TLSv1.3 client communication with TLSv1.2 servers, since it makes clients send their dummy CCS too early... There's an obvious but dirty bandaid which I can't bring myself to applying - this business is already disgusting enough. Issue found the hard way by sthen
Revision 1.58 / (download) - annotate - [select for diffs], Sat May 9 16:43:05 2020 UTC (4 years, 1 month ago) by tb
Branch: MAIN
Changes since 1.57: +8 -1 lines
Diff to previous 1.57 (colored)
Send dummy ChangeCipherSpec messages from the TLSv1.3 server If the client has requested middle box compatibility mode by sending a non-empty legacy_session_id, the server must send a dummy CCS right after its first handshake message. This means right after ServerHello or HelloRetryRequest. ok jsing
Revision 1.57 / (download) - annotate - [select for diffs], Sat May 9 15:47:11 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.56: +7 -1 lines
Diff to previous 1.56 (colored)
Send dummy ChangeCipherSpec messages from the TLSv1.3 client. When operating in middlebox compatibility mode, the TLSv1.3 client needs to send a dummy ChangeCipherSpec message immediately before its second flight of handshake messages (when early data is not offered). ok tb@
Revision 1.56 / (download) - annotate - [select for diffs], Sat May 9 08:39:44 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.55: +11 -14 lines
Diff to previous 1.55 (colored)
Pull the sending of alerts up into tls13_handshake_perform(). This fixes the case where a send function signals that an alert should be sent, then returns failure. Previously the failure would be propagated up, without the alert being sent. Issued noted by tb@ ok tb@
Revision 1.55 / (download) - annotate - [select for diffs], Sat May 2 00:30:55 2020 UTC (4 years, 1 month ago) by inoguchi
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.54: +12 -12 lines
Diff to previous 1.54 (colored)
Add const to TLS1.3 internal vectors ok tb@
Revision 1.54 / (download) - annotate - [select for diffs], Wed Apr 29 01:16:49 2020 UTC (4 years, 1 month ago) by inoguchi
Branch: MAIN
Changes since 1.53: +12 -11 lines
Diff to previous 1.53 (colored)
tls13_handshake internal functions to static in libssl ok jsing@ tb@
Revision 1.53 / (download) - annotate - [select for diffs], Wed Apr 22 17:05:07 2020 UTC (4 years, 1 month ago) by jsing
Branch: MAIN
Changes since 1.52: +18 -16 lines
Diff to previous 1.52 (colored)
Improve TLSv1.3 state machine for HelloRetryRequest handling. The state machine currently handles the HelloRetryRequest case by using WITH_HRR - in other words, we're explicitly indicating when we transition to the alternate path. The problem here is that we do not know if we're going to receive a ServerHello or a HelloRetryRequest until we process the message. This means that the ServerHello processing code has to handle both types of messages. The state machine and associated processing code becomes cleaner if we flip this around so that we assume we are going to receive a HelloRetryRequest and upon discovering that it is not, trigger WITHOUT_HRR and hand off to the ServerHello processing function. In particular, this makes the logic much more straight forward on the server side, when adding support for HRR. With feedback from tb@ ok tb@
Revision 1.52 / (download) - annotate - [select for diffs], Tue Mar 10 17:15:02 2020 UTC (4 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.51: +1 -7 lines
Diff to previous 1.51 (colored)
Remove some unnecessary handshake enums/functions. Both session tickets and key updates are post-handshake handshake messages, which were originally included in the handshake code. ok inoguchi@ tb@
Revision 1.51 / (download) - annotate - [select for diffs], Wed Feb 5 16:42:29 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.50: +12 -6 lines
Diff to previous 1.50 (colored)
Pull the handshake message transcript code into its own function. This is soon going to be used in the TLSv1.3 client code. ok tb@
Revision 1.50 / (download) - annotate - [select for diffs], Wed Feb 5 06:12:43 2020 UTC (4 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.49: +3 -3 lines
Diff to previous 1.49 (colored)
Rework tls13_legacy_handshake_message_{recv,sent}_cb() to use
their own CBS as a preparation for upcoming HRR diffs.
ok jsing
Revision 1.49 / (download) - annotate - [select for diffs], Wed Jan 29 13:44:42 2020 UTC (4 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.48: +1 -11 lines
Diff to previous 1.48 (colored)
Remove unused stub implementation of tls13_accept(). The correct and used version is in tls13_server.c. ok inoguchi jsing
Revision 1.48 / (download) - annotate - [select for diffs], Sat Jan 25 15:06:17 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.47: +3 -3 lines
Diff to previous 1.47 (colored)
Revert change to certificate request check from r1.45. This code was correct, it was the entry in the table that was incorrect. ok beck@
Revision 1.47 / (download) - annotate - [select for diffs], Sat Jan 25 13:21:52 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.46: +3 -2 lines
Diff to previous 1.46 (colored)
Preserve the transcript hash for the client finished message, and correct the message type for certificate request. ok jsing@
Revision 1.46 / (download) - annotate - [select for diffs], Sat Jan 25 13:11:20 2020 UTC (4 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.45: +7 -1 lines
Diff to previous 1.45 (colored)
Support legacy message callbacks. First step for SSL_set_msg_callback(3) support. Makes openssl s_client -msg work for handshake messages. ok beck jsing
Revision 1.45 / (download) - annotate - [select for diffs], Sat Jan 25 06:37:30 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.44: +3 -3 lines
Diff to previous 1.44 (colored)
Correct backwards test so that we may accept a certificate requst from the server. ok jsing@
Revision 1.44 / (download) - annotate - [select for diffs], Fri Jan 24 08:21:24 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.43: +2 -1 lines
Diff to previous 1.43 (colored)
Complete the initial TLSv1.3 implementation. ok beck@ tb@
Revision 1.43 / (download) - annotate - [select for diffs], Fri Jan 24 06:45:09 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.42: +23 -9 lines
Diff to previous 1.42 (colored)
Preserve the TLS transcript at additional points. This is needed for the TLSv1.3 server and will also be needed for client certificate authentication. Note that we preserve on receive but before recording the new handshake message, whereas we preserve on send after recording the new handshake message. ok tb@
Revision 1.42 / (download) - annotate - [select for diffs], Fri Jan 24 04:43:09 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.41: +2 -1 lines
Diff to previous 1.41 (colored)
Switch to encrypted records in the TLSv1.3 server. This adds code to perform key derivation and set the traffic keys once the ServerHello message has been sent, enabling encrypted records. ok beck@ tb@
Revision 1.41 / (download) - annotate - [select for diffs], Thu Jan 23 02:24:38 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.40: +11 -6 lines
Diff to previous 1.40 (colored)
Pass a CBB to TLSv1.3 send handlers. This avoids the need for each send handler to call tls13_handshake_msg_start() and tls13_handshake_msg_finish(). ok beck@ tb@
Revision 1.40 / (download) - annotate - [select for diffs], Wed Jan 22 13:10:51 2020 UTC (4 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.39: +16 -6 lines
Diff to previous 1.39 (colored)
Pass a handshake message content CBS to TLSv1.3 receive handlers. This avoids every receive handler from having to get the handshake message content itself. Additionally, pull the trailing data check up so that each receive handler does not have to implement it. This makes the code more readable and reduces duplication. ok beck@ tb@
Revision 1.39 / (download) - annotate - [select for diffs], Wed Jan 22 02:39:45 2020 UTC (4 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.38: +2 -1 lines
Diff to previous 1.38 (colored)
The legacy_record_version must be set to TLS1_2_VERSION except in the ClientHello where it may be set to TLS1_VERSION. Use the minimal supported version to decide whether we choose to do so or not. Use a sent hook to set it back TLS1_2_VERSION right after the ClientHello message is on the wire. ok beck jsing
Revision 1.38 / (download) - annotate - [select for diffs], Tue Jan 21 03:40:05 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.37: +7 -2 lines
Diff to previous 1.37 (colored)
Add alert processing in tls client code, by adding alert to the tls13 context, and emiting the alert at the upper layers when the lower level code fails ok jsing@, tb@
Revision 1.37 / (download) - annotate - [select for diffs], Mon Jan 20 22:04:17 2020 UTC (4 years, 4 months ago) by beck
Branch: MAIN
Changes since 1.36: +3 -5 lines
Diff to previous 1.36 (colored)
Add alerts to the tls 1.3 record layer and handshake layer ok jsing@, inoguchi@, tb@
Revision 1.36 / (download) - annotate - [select for diffs], Sun Nov 17 06:43:46 2019 UTC (4 years, 6 months ago) by jsing
Branch: MAIN
Changes since 1.35: +1 -124 lines
Diff to previous 1.35 (colored)
Move the TLSv1.3 server message handling stubs.
Revision 1.35 / (download) - annotate - [select for diffs], Fri Apr 5 20:23:38 2019 UTC (5 years, 2 months ago) by tb
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE,
OPENBSD_6_6,
OPENBSD_6_5_BASE,
OPENBSD_6_5
Changes since 1.34: +23 -1 lines
Diff to previous 1.34 (colored)
By design, our state machine is a DAG contrary to the state machine in the spec. To avoid the obvious loop in the RFC's state machine, we added a CLIENT_HELLO_RETRY state which is a second ClientHello with special rules. There is, however, no state to react to this second client hello. This adds a matching SERVER_HELLO_RETRY state to the handshakes table. This means in particular that the WITH_HRR state cannot be set in tls13_server_hello_recv(), so remove this now dead check. ok jsing
Revision 1.34 / (download) - annotate - [select for diffs], Fri Apr 5 05:13:12 2019 UTC (5 years, 2 months ago) by tb
Branch: MAIN
Changes since 1.33: +1 -5 lines
Diff to previous 1.33 (colored)
Zap two dead #defines that were unused since jsing deleted the record_type member of the tls13_handshake_action struct. ok jsing
Revision 1.33 / (download) - annotate - [select for diffs], Thu Apr 4 16:53:57 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.32: +4 -1 lines
Diff to previous 1.32 (colored)
Implement legacy fallback for the TLS 1.3 client. If the Server Hello received indicates that the server did not negotiate TLS 1.3, fallback to the original TLS client implementation. ok bcook@, tb@
Revision 1.32 / (download) - annotate - [select for diffs], Sun Mar 17 15:48:02 2019 UTC (5 years, 2 months ago) by jsing
Branch: MAIN
Changes since 1.31: +4 -2 lines
Diff to previous 1.31 (colored)
Correct return value handling in tls13_handshake_recv_action(). The recv action handler returns success/failure, rather than a TLS13_IO_* value, which is what tls13_handshake_recv_action() needs to return. Failure previously mapped to TLS13_IO_EOF, which is not ideal. ok tb@
Revision 1.31 / (download) - annotate - [select for diffs], Thu Feb 28 17:56:43 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.30: +2 -1 lines
Diff to previous 1.30 (colored)
Automatically complete the handshake from tls13_legacy_{read,write}_bytes()
If the TLS handshake has not been completed, automatically complete the
handshake as part of the read/write call, implementing the current
SSL_read()/SSL_write() behaviour.
Once the TLS handshake is completed we push a WANT_POLLIN or WANT_POLLOUT
back up to the caller, since some applications appear to incorrectly call
SSL_read() or SSL_write(), rather than repeating the previous call. This
can lead to attempts to read data that does not exist, since the
WANT_POLLIN was actually triggered as part of the handshake.
ok inoguchi@ tb@
Revision 1.30 / (download) - annotate - [select for diffs], Thu Feb 28 17:39:36 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.29: +1 -16 lines
Diff to previous 1.29 (colored)
Remove unused record_type from TLSv1.3 handshake actions. ok tb@
Revision 1.29 / (download) - annotate - [select for diffs], Mon Feb 25 16:46:17 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.28: +6 -1 lines
Diff to previous 1.28 (colored)
Add a handshake action sent handler and use it for client finished. The write traffic key needs to be changed to the client application traffic key after the client finished message has been sent. The send handler generates the client finished message, however we cannot switch keys at this stage since the client finished message has not yet been protected by the record layer. ok tb@
Revision 1.28 / (download) - annotate - [select for diffs], Thu Feb 14 18:06:35 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.27: +4 -2 lines
Diff to previous 1.27 (colored)
Notify the record layer upon handshake completion. ok tb@
Revision 1.27 / (download) - annotate - [select for diffs], Wed Feb 13 16:28:28 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.26: +1 -13 lines
Diff to previous 1.26 (colored)
Handle finished messages in TLSv1.3 client. This adds support for processing of the server finished message and generation of the client finished message. ok tb@
Revision 1.26 / (download) - annotate - [select for diffs], Mon Feb 11 17:48:15 2019 UTC (5 years, 3 months ago) by jsing
Branch: MAIN
Changes since 1.25: +1 -30 lines
Diff to previous 1.25 (colored)
Implement handling of Certificate and CertificateVerify messages. This allows the TLS 1.3 client to process the certificates that the server has sent and verify that the server has possession of the private key. ok tb@
Revision 1.25 / (download) - annotate - [select for diffs], Sun Feb 10 13:04:29 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.24: +11 -1 lines
Diff to previous 1.24 (colored)
Preserve the transcript hash at specific stages of the TLSv1.3 handshake. There are various points where we need the hash of all messages prior to the current message. Support this by having the handshake code preserve the transcript hash prior to recording the current message, which avoids the need to sprinkle this throughout multiple handlers. ok inoguchi@ tb@
Revision 1.24 / (download) - annotate - [select for diffs], Thu Feb 7 15:54:18 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.23: +1 -7 lines
Diff to previous 1.23 (colored)
Implement processing of EncryptedExtensions in the TLS 1.3 client. ok bcook@ tb@
Revision 1.23 / (download) - annotate - [select for diffs], Mon Feb 4 16:18:15 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.22: +1 -9 lines
Diff to previous 1.22 (colored)
Implement parsing and processing of TLSv1.3 ServerHello messages. ok tb@
Revision 1.22 / (download) - annotate - [select for diffs], Wed Jan 23 23:29:56 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.21: +3 -3 lines
Diff to previous 1.21 (colored)
Rename NUM_HANDSHAKE to handshake_count and make it a variable so it can be used from regress. Update regress accordingly. Make sure the print target generates the entire table as it currently is in tls13_handshake.c discussed with beck and jsing ok jsing
Revision 1.21 / (download) - annotate - [select for diffs], Wed Jan 23 11:11:52 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.20: +19 -19 lines
Diff to previous 1.20 (colored)
Sync the handshakes table with the generated table in regress. This sorts the valid handshakes with respect to ascending flags value instead of the ad-hoc order produced by the algorithm. ok jsing
Revision 1.20 / (download) - annotate - [select for diffs], Wed Jan 23 04:25:18 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.19: +2 -2 lines
Diff to previous 1.19 (colored)
Remove static from handshakes[][] so it is visible from regress/ ok bcook
Revision 1.19 / (download) - annotate - [select for diffs], Mon Jan 21 14:19:51 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.18: +2 -4 lines
Diff to previous 1.18 (colored)
Use the actual handshake message type in the certificate request handler.
Revision 1.18 / (download) - annotate - [select for diffs], Mon Jan 21 13:45:57 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.17: +7 -20 lines
Diff to previous 1.17 (colored)
Provide the initial TLSv1.3 client implementation. Move tls13_connect() to a new tls13_client.c file and provide a legacy wrapper to it, which allocates a struct tls_ctx if necessary. Also move tls13_client_hello_send() to tls13_client.c and actual implement the building of a client hello. ok tb@
Revision 1.17 / (download) - annotate - [select for diffs], Mon Jan 21 13:13:46 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.16: +40 -3 lines
Diff to previous 1.16 (colored)
Wire up the handshake message send and recv actions. This means that we actually receive and send handshake messages to and from the record layer. ok tb@
Revision 1.16 / (download) - annotate - [select for diffs], Mon Jan 21 10:44:08 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.15: +12 -28 lines
Diff to previous 1.15 (colored)
The main handshake loop can be shared between client and server. Pull the shared code up into a function and call it from tls13_connect() and tls13_accept() instead of duplicating it. "Yes, please!" tb@
Revision 1.15 / (download) - annotate - [select for diffs], Mon Jan 21 06:58:44 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.14: +6 -17 lines
Diff to previous 1.14 (colored)
Move struct tls13_ctx into a header since other things need access to it. While here, rename struct handshake to struct handshake_stage to avoid potential ambiguity/conflict with the handshake data struct. Also add forward and back pointers between SSL and struct tls13_ctx. ok tb@
Revision 1.14 / (download) - annotate - [select for diffs], Sun Jan 20 06:40:55 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.13: +2 -2 lines
Diff to previous 1.13 (colored)
revert second hunk of previous that was committed by accident
Revision 1.13 / (download) - annotate - [select for diffs], Sun Jan 20 06:38:18 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.12: +4 -2 lines
Diff to previous 1.12 (colored)
Add missing prototype for tls13_handshake_active_action(). ok jsing
Revision 1.12 / (download) - annotate - [select for diffs], Sun Jan 20 02:57:16 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.11: +23 -9 lines
Diff to previous 1.11 (colored)
Add some internal consistency checks to the handshake state handling. Fix the tls13_handshake_advance_state_machine() return value, which inadvertantly got flipped in an earlier commit. Also move this function to a more suitable location. ok tb@
Revision 1.11 / (download) - annotate - [select for diffs], Sun Jan 20 02:08:05 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.10: +6 -8 lines
Diff to previous 1.10 (colored)
Add an explicit flag to indicate a successful handshake instead of overloading/abusing action->sender. ok jsing
Revision 1.10 / (download) - annotate - [select for diffs], Sat Jan 19 04:02:29 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.9: +30 -1 lines
Diff to previous 1.9 (colored)
Add handshake message type checking and special case certificate requests. Check that the handshake message type received matches that required by the state machine. However, thanks to poor state design in the TLSv1.3 RFC, there is no way to know if you're going to receive a certificate request message or not, hence we have to special case it and teach the receive handler how to handle this situation. Discussed at length with beck@ and tb@ during the hackathon. ok tb@
Revision 1.9 / (download) - annotate - [select for diffs], Sat Jan 19 03:32:03 2019 UTC (5 years, 4 months ago) by jsing
Branch: MAIN
Changes since 1.8: +44 -42 lines
Diff to previous 1.8 (colored)
Tweak return value handling in the TLSv1.3 handshake code. The I/O paths are from the tls13_handshake_send_action() and tls13_handshake_recv_action() functions - both of these need to propagate I/O conditions (EOF, failure, want poll in, want poll out) up the stack, so we need to capture and return values <= 0. Use an I/O condition to indicate successful handshake completion. Also, the various send/recv functions are currently unimplemented, so return 0 (failure) rather than 1 (success). ok tb@
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jan 18 06:51:29 2019 UTC (5 years, 4 months ago) by tb
Branch: MAIN
Changes since 1.7: +40 -92 lines
Diff to previous 1.7 (colored)
Expose some symbols in a new tls13_handshake.h for regression testing. Update the handshake state tables and flag names according to the design decisions and naming conventions in the hackroom. Garbage collect some things that turn out not to belong here. ok jsing
Revision 1.7 / (download) - annotate - [select for diffs], Sun Nov 11 06:49:35 2018 UTC (5 years, 7 months ago) by beck
Branch: MAIN
Changes since 1.6: +6 -6 lines
Diff to previous 1.6 (colored)
Nuke trailing whitespace
Revision 1.6 / (download) - annotate - [select for diffs], Sat Nov 10 08:10:43 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.5: +46 -24 lines
Diff to previous 1.5 (colored)
Tweak and improve the TLSv1.3 state machine. - Provide a tls13_handshake_active_action() function to reduce code duplication and replace tls13_handshake_get_sender(). - Add an INVALID message_type, so we can explicitly detect invalid conditions. - Implement skeletons for the tls13_handshake_send_action() and tls13_handshake_recv_action() functions. - OR in the NEGOTIATED value at the end of recving or sending a server hello so that we switch to the next chain in the state table. ok tb@
Revision 1.5 / (download) - annotate - [select for diffs], Sat Nov 10 00:38:31 2018 UTC (5 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.4: +28 -30 lines
Diff to previous 1.4 (colored)
Use TLS13_HS_{CLIENT,SERVER} instead of using a redundant _SEND{,S}.
ok jsing
Revision 1.4 / (download) - annotate - [select for diffs], Fri Nov 9 23:54:57 2018 UTC (5 years, 7 months ago) by tb
Branch: MAIN
Changes since 1.3: +108 -98 lines
Diff to previous 1.3 (colored)
Use "send" and "recv" consistently instead of mixing them with "read" and "write". Use self-documenting C99 initializers. ok bcook, jsing
Revision 1.3 / (download) - annotate - [select for diffs], Fri Nov 9 04:54:42 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.2: +2 -2 lines
Diff to previous 1.2 (colored)
Correct defines for writer tests in connect/accept loops. ok tb@
Revision 1.2 / (download) - annotate - [select for diffs], Fri Nov 9 04:53:28 2018 UTC (5 years, 7 months ago) by jsing
Branch: MAIN
Changes since 1.1: +2 -4 lines
Diff to previous 1.1 (colored)
Correct function naming for tls13_handshake_advance_state_machine(). ok tb@
Revision 1.1 / (download) - annotate - [select for diffs], Thu Nov 8 23:54:59 2018 UTC (5 years, 7 months ago) by tb
Branch: MAIN
First skeleton of the TLS 1.3 state machine. Based on RFC 8446 and inspired by s2n's state machine. Lots of help and input from jsing. ok beck, jsing