| #
cffafb5f |
| 22-Jul-2022 |
Matt Caswell |
Move some fields out of the SSL object and into the record layer object
Fields such as rrlmethod and rrl are entirely related to the record layer,
and so should be in that object.
Move some fields out of the SSL object and into the record layer object
Fields such as rrlmethod and rrl are entirely related to the record layer,
and so should be in that object.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
81c9ebd9 |
| 19-Jul-2022 |
Matt Caswell |
Remove some unnecessary function pointers from OSSL_RECORD_METHOD
We had some temporary function pointers in OSSL_RECORD_METHOD which were
only necessary during the process of refactorin
Remove some unnecessary function pointers from OSSL_RECORD_METHOD
We had some temporary function pointers in OSSL_RECORD_METHOD which were
only necessary during the process of refactoring the read record layer.
These are no longer required so can be removed.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
222cf410 |
| 08-Jun-2022 |
Matt Caswell |
Remove reliance on the SSL object from the DTLS read record layer code
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/
Remove reliance on the SSL object from the DTLS read record layer code
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
eddb067e |
| 02-Jun-2022 |
Matt Caswell |
Move some DTLS read code into the read record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl
Move some DTLS read code into the read record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
aedbb71b |
| 18-Apr-2022 |
Matt Caswell |
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer
Only done for the read side so far. Still need to do TLS1.3 and SSL3.0.
Also need to separate out KTLS.
Revi
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer
Only done for the read side so far. Still need to do TLS1.3 and SSL3.0.
Also need to separate out KTLS.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
e2d5742b |
| 07-Apr-2022 |
Matt Caswell |
Transfer the functionality from ssl3_read_n to the new record layer
This transfers the low level function ssl3_read_n to the new record layer.
We temporarily make the read_n function a t
Transfer the functionality from ssl3_read_n to the new record layer
This transfers the low level function ssl3_read_n to the new record layer.
We temporarily make the read_n function a top level record layer function.
Eventually, in later commits in this refactor, we will remove it as a top
level function and it will just be called from read_record.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
| #
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented
SSL object refactoring using SSL_CONNECTION object
Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.
It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
| #
d6bfdf67 |
| 10-May-2022 |
Pauli |
ssl: expose the get time function internally
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/
ssl: expose the get time function internally
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)
show more ...
|
| #
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Release: yes
|
| #
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to b
Move e_os.h to include/internal
Including e_os.h with a path from a header file doesn't work well on
certain exotic platform. It simply fails to build.
Since we don't seem to be able to stop ourselves, the better move is
to move e_os.h to an include directory that's part of the inclusion
path given to the compiler.
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
| #
b5557666 |
| 25-Jul-2021 |
yangyangtiantianlonglong |
Fix dtls timeout dead code
Delete dtls timeout dead code in dtls1_handle_timeout
Fix: #15559
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@
Fix dtls timeout dead code
Delete dtls timeout dead code in dtls1_handle_timeout
Fix: #15559
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/16151)
show more ...
|
| #
f570d33b |
| 02-Jun-2021 |
Matt Caswell |
Only call dtls1_start_timer() once
The function dtls1_handle_timeout() calls dtls1_double_timeout() which
was calling dtls1_start_timer(). However dtls1_start_timer() is also
called
Only call dtls1_start_timer() once
The function dtls1_handle_timeout() calls dtls1_double_timeout() which
was calling dtls1_start_timer(). However dtls1_start_timer() is also
called directly by dtls1_handle_timeout(). We only need to start the timer
once.
Fixes #15561
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15595)
show more ...
|
| #
407820c0 |
| 31-May-2021 |
Pauli |
tls: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
|
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
| #
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13999)
|
|
Revision tags: openssl-3.0.0-alpha10 |
|
| #
d0afb30e |
| 10-Dec-2020 |
Matt Caswell |
Ensure DTLS free functions can handle NULL
Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
Ensure DTLS free functions can handle NULL
Our free functions should be able to deal with the case where the object
being freed is NULL. This turns out to not be quite the case for DTLS
related objects.
Fixes #13649
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13655)
show more ...
|
|
Revision tags: OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
| #
605856d7 |
| 26-Nov-2020 |
Matt Caswell |
Update copyright year
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13533)
|
| #
276d6c68 |
| 19-Nov-2020 |
Richard Levitte |
SSL: Change SSLerr() to ERR_raise()
This was probably due to a merge
Fixes #13449
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.
SSL: Change SSLerr() to ERR_raise()
This was probably due to a merge
Fixes #13449
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/13450)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha8 |
|
| #
c48ffbcc |
| 04-Nov-2020 |
Richard Levitte |
SSL: refactor all SSLfatal() calls
Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_
SSL: refactor all SSLfatal() calls
Since SSLfatal() doesn't take a function code any more, we drop that
argument everywhere. Also, we convert all combinations of SSLfatal()
and ERR_add_data() to an SSLfatal_data() call.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
| #
6849b73c |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call
This was done using util/err-to-raise
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call
This was done using util/err-to-raise
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
| #
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
direc
Reorganize local header files
Apart from public and internal header files, there is a third type called
local header files, which are located next to source files in the source
directory. Currently, they have different suffixes like
'*_lcl.h', '*_local.h', or '*_int.h'
This commit changes the different suffixes to '*_local.h' uniformly.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
| #
aac96e27 |
| 31-May-2019 |
Rich Salz |
Remove function name from errors
Deprecate all xxx_F_ defines.
Removed some places that tested for a specific function.
Use empty field for the function names in output.
Update d
Remove function name from errors
Deprecate all xxx_F_ defines.
Removed some places that tested for a specific function.
Use empty field for the function names in output.
Update documentation.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/9058)
show more ...
|
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
| #
5c587fb6 |
| 09-Dec-2018 |
Kurt Roeckx |
Use (D)TLS_MAX_VERSION_INTERNAL internally
Use 0 if we don't want to set a minimum or maximum version
Reviewed-by: Matt Caswell <matt@openssl.org>
GH: #7260
|
| #
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7768)
|
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a |
|
| #
c486283c |
| 20-Nov-2018 |
Matt Caswell |
Update copyright year
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/7668)
|
| #
079ef6bd |
| 09-Oct-2018 |
Matt Caswell |
Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it
Buffer a ClientHello with a cookie received via DTLSv1_listen
Previously when a ClientHello arrives with a valid cookie using
DTLSv1_listen() we only "peeked" at the message and left it on the
underlying fd. This works fine for single threaded applications but for
multi-threaded apps this does not work since the fd is typically reused for
the server thread, while a new fd is created and connected for the client.
By "peeking" we leave the message on the server fd, and consequently we
think we've received another valid ClientHello and so we create yet another
fd for the client, and so on until we run out of fds.
In this new approach we remove the ClientHello and buffer it in the SSL
object.
Fixes #6934
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/7375)
show more ...
|
