Up to [local] / src / lib / libssl
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.10 / (download) - annotate - [select for diffs], Thu Nov 10 18:06:37 2022 UTC (19 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.9: +2 -1 lines
Diff to previous 1.9 (colored)
Use tls_buffer for alert and handshake fragments in the legacy stack. This avoids a bunch of pointer munging and a handrolled memmove. ok tb@
Revision 1.9 / (download) - annotate - [select for diffs], Sun Jul 24 14:28:16 2022 UTC (22 months, 2 weeks ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2
Changes since 1.8: +13 -1 lines
Diff to previous 1.8 (colored)
Provide record layer callbacks for QUIC. QUIC uses TLS to complete the handshake, however unlike normal TLS it does not use the TLS record layer, rather it provides its own transport. This means that we need to intercept all communication between the TLS handshake and the record layer. This allows TLS handshake message writes to be directed to QUIC, likewise for TLS handshake message reads. Alerts also need to be sent via QUIC, plus it needs to be provided with the traffic keys that are derived by TLS. ok tb@
Revision 1.8 / (download) - annotate - [select for diffs], Fri Jul 22 19:33:53 2022 UTC (22 months, 2 weeks ago) by jsing
Branch: MAIN
Changes since 1.7: +7 -2 lines
Diff to previous 1.7 (colored)
Add read and write support to tls_buffer. tls_buffer was original created for a specific use case, namely reading in length prefixed messages. This adds read and write support, along with a capacity limit, allowing it to be used in additional use cases. ok beck@ tb@
Revision 1.7 / (download) - annotate - [select for diffs], Wed Jul 20 06:32:24 2022 UTC (22 months, 3 weeks ago) by jsing
Branch: MAIN
Changes since 1.6: +1 -2 lines
Diff to previous 1.6 (colored)
Remove tls_buffer_set_data() and remove/revise callers. There is no way that tls_buffer_set_data() can currently work in conjunction with tls_buffer_expand(). This fact is currently hidden by the way that PHH works, which reads the same data from the record layer (which it needs to do anyway, since we may not have all of the handshake message in a single record). Since this is broken, mop it up and change the PHH callback to not provide the record data. ok beck@ tb@
Revision 1.6 / (download) - annotate - [select for diffs], Wed Jun 29 08:27:51 2022 UTC (23 months, 1 week ago) by tb
Branch: MAIN
Changes since 1.5: +2 -1 lines
Diff to previous 1.5 (colored)
Check the security of DH key shares ok beck, looks good to jsing
Revision 1.5 / (download) - annotate - [select for diffs], Tue Jan 11 18:28:41 2022 UTC (2 years, 4 months ago) by jsing
Branch: MAIN
CVS Tags: OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.4: +3 -3 lines
Diff to previous 1.4 (colored)
Plumb decode errors through key share parsing code. Distinguish between decode errors and other errors, so that we can send a SSL_AD_DECODE_ERROR alert when appropriate. Fixes a tlsfuzzer failure, due to it expecting a decode error alert and not receiving one. Prompted by anton@ ok tb@
Revision 1.4 / (download) - annotate - [select for diffs], Fri Jan 7 15:46:30 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.3: +5 -1 lines
Diff to previous 1.3 (colored)
Convert legacy server to tls_key_share. This requires a few more additions to the DHE key share code - we need to be able to either set the DHE parameters or specify the number of key bits for use with auto DHE parameters. Additionally, we need to be able to serialise the DHE parameters to send to the client. This removes the infamous 'tmp' struct from ssl3_state_internal_st. ok inoguchi@ tb@
Revision 1.3 / (download) - annotate - [select for diffs], Thu Jan 6 18:23:56 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.2: +6 -3 lines
Diff to previous 1.2 (colored)
Convert legacy TLS client to tls_key_share. This requires adding DHE support to tls_key_share. In doing so, tls_key_share_peer_public() has to lose the group argument and gains an invalid_key argument. The one place that actually needs the group check is tlsext_keyshare_client_parse(), so add code to do this. ok inoguchi@ tb@
Revision 1.2 / (download) - annotate - [select for diffs], Wed Jan 5 17:10:03 2022 UTC (2 years, 5 months ago) by jsing
Branch: MAIN
Changes since 1.1: +21 -1 lines
Diff to previous 1.1 (colored)
Rename tls13_key_share to tls_key_share. In preparation to use the key share code in both the TLSv1.3 and legacy stacks, rename tls13_key_share to tls_key_share, moving it into the shared handshake struct. Further changes will then allow the legacy stack to make use of the same code for ephemeral key exchange. ok inoguchi@ tb@
Revision 1.1 / (download) - annotate - [select for diffs], Sat Oct 23 13:12:14 2021 UTC (2 years, 7 months ago) by jsing
Branch: MAIN
Rename tls13_buffer to tls_buffer. This code will soon be used in the DTLSv1.2 and TLSv1.2 stack. Also introduce tls_internal.h and move/rename the read/write/flush callbacks. ok beck@ tb@