#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
a425c0fe |
| 04-Apr-2022 |
Kijin Kim |
Add more SRTP protection profiles Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18030)
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8 |
|
#
6849b73c |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
6ac1cd10 |
| 02-Sep-2020 |
Matt Caswell |
Fix safestack issues in ssl.h We fix 3 problems with safestack: - Including an openssl header file without linking against libcrypto can cause compilation failures (even if the app
Fix safestack issues in ssl.h We fix 3 problems with safestack: - Including an openssl header file without linking against libcrypto can cause compilation failures (even if the app does not otherwise need to link against libcrypto). See issue #8102 - Recent changes means that applications in no-deprecated builds will need to include additional macro calls in the source code for all stacks that they need to use - which is an API break. This changes avoids that necessity. - It is not possible to write code using stacks that works in both a no-deprecated and a normal build of OpenSSL. See issue #12707. Fixes #12707 Contains a partial fix for #8102. A similar PR will be needed for hash to fully fix. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2 |
|
#
454afd98 |
| 15-May-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11839)
|
Revision tags: openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f, OpenSSL_1_1_1e, OpenSSL_1_0_2u |
|
#
852c2ed2 |
| 19-Dec-2019 |
Rich Salz |
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds
In OpenSSL builds, declare STACK for datatypes ... ... and only *define* them in the source files that need them. Use DEFINE_OR_DECLARE which is set appropriately for internal builds and not non-deprecated builds. Deprecate stack-of-block Better documentation Move some ASN1 struct typedefs to types.h Update ParseC to handle this. Most of all, ParseC needed to be more consistent. The handlers are "recursive", in so far that they are called again and again until they terminate, which depends entirely on what the "massager" returns. There's a comment at the beginning of ParseC that explains how that works. {Richard Levtte} Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/10669)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d, OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s, OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
2c18d164 |
| 06-Dec-2018 |
Richard Levitte |
Following the license change, modify the boilerplates in ssl/ Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7768)
|
Revision tags: OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d |
|
#
6dd083fd |
| 25-Nov-2016 |
Matt Caswell |
Move client parsing of ServerHello extensions into new framework Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@o
Move client parsing of ServerHello extensions into new framework Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_15 |
|
#
6b473aca |
| 24-Nov-2016 |
Matt Caswell |
Refactor ClientHello extension parsing This builds on the work started in 1ab3836b3 and extends is so that each extension has its own identified parsing functions, as well as an allo
Refactor ClientHello extension parsing This builds on the work started in 1ab3836b3 and extends is so that each extension has its own identified parsing functions, as well as an allowed context identifying which messages and protocols it is relevant for. Subsequent commits will do a similar job for the ServerHello extensions. This will enable us to have common functions for processing extension blocks no matter which of the multiple messages they are received from. In TLSv1.3 a number of different messages have extension blocks, and some extensions have moved from one message to another when compared to TLSv1.2. Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich Salz Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_14, OpenSSL_1_1_0c |
|
#
8b0e934a |
| 06-Oct-2016 |
Matt Caswell |
Fix some missed size_t updates Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
8157d44b |
| 28-Sep-2016 |
Matt Caswell |
Convert ServerHello construction to WPACKET Reviewed-by: Rich Salz <rsalz@openssl.org>
|
Revision tags: OpenSSL_1_0_2j, OpenSSL_1_1_0b, OpenSSL_1_0_1u, OpenSSL_1_0_2i, OpenSSL_1_1_0a, OpenSSL_1_1_0, OpenSSL_1_1_0-pre6 |
|
#
2c7b4dbc |
| 03-Aug-2016 |
Matt Caswell |
Convert tls_construct_client_hello() to use PACKETW Reviewed-by: Rich Salz <rsalz@openssl.org>
|
#
a230b26e |
| 05-Aug-2016 |
Emilia Kasper |
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <
Indent ssl/ Run util/openssl-format-source on ssl/ Some comments and hand-formatted tables were fixed up manually by disabling auto-formatting. Reviewed-by: Rich Salz <rsalz@openssl.org>
show more ...
|
Revision tags: OpenSSL-fips-2_0_13 |
|
#
3c82e437 |
| 03-Jun-2016 |
FdaSilvaYY |
Add checks on sk_TYPE_push() returned result Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
846e33c7 |
| 17-May-2016 |
Rich Salz |
Copyright consolidation 01/10 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Kurt Roeckx <kurt@openssl.org>
|
#
fbdf0299 |
| 05-May-2016 |
Matt Caswell |
Free any existing SRTP connection profile When setting a new SRTP connection profile using SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should free any existing prof
Free any existing SRTP connection profile When setting a new SRTP connection profile using SSL_CTX_set_tlsext_use_srtp() or SSL_set_tlsext_use_srtp() we should free any existing profile first to avoid a memory leak. Reviewed-by: Kurt Roeckx <kurt@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_1t, OpenSSL_1_0_2h, OpenSSL_1_1_0-pre5, OpenSSL_1_1_0-pre4, OpenSSL_1_0_1s, OpenSSL_1_0_2g, OpenSSL_1_1_0-pre3, OpenSSL-fips-2_0_12, OpenSSL_1_0_1r, OpenSSL_1_0_2f, OpenSSL_1_1_0-pre2 |
|
#
43e5faa2 |
| 02-Jan-2016 |
Dmitry Sobinov |
Add new DTLS-SRTP protection profiles from RFC 7714 Reviewed-by: Kurt Roeckx <kurt@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
|
#
34980760 |
| 18-Dec-2015 |
Rich Salz |
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1
Remove /* foo.c */ comments This was done by the following find . -name '*.[ch]' | /tmp/pl where /tmp/pl is the following three-line script: print unless $. == 1 && m@/\* .*\.[ch] \*/@; close ARGV if eof; # Close file to reset $. And then some hand-editing of other files. Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_1_0-pre1, OpenSSL_0_9_8zh, OpenSSL_1_0_0t, OpenSSL_1_0_1q, OpenSSL_1_0_2e |
|
#
50932c4a |
| 04-Aug-2015 |
Matt Caswell |
PACKETise ServerHello processing Process ServerHello messages using the PACKET API Reviewed-by: Tim Hudson <tjh@openssl.org>
|
Revision tags: OpenSSL_1_0_1p, OpenSSL_1_0_2d, OpenSSL-fips-2_0_11, OpenSSL_1_0_1o, OpenSSL_1_0_2c, OpenSSL_0_9_8zg, OpenSSL_1_0_0s, OpenSSL_1_0_1n, OpenSSL_1_0_2b, OpenSSL-fips-2_0_10 |
|
#
9ceb2426 |
| 16-Apr-2015 |
Matt Caswell |
PACKETise ClientHello processing Uses the new PACKET code to process the incoming ClientHello including all extensions etc. Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
75ebbd9a |
| 06-May-2015 |
Rich Salz |
Use p==NULL not !p (in if statements, mainly) Reviewed-by: Tim Hudson <tjh@openssl.org>
|
#
86885c28 |
| 06-May-2015 |
Rich Salz |
Use "==0" instead of "!strcmp" etc For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: Tim Hudson <tjh@o
Use "==0" instead of "!strcmp" etc For the various string-compare routines (strcmp, strcasecmp, str.*cmp) use "strcmp()==0" instead of "!strcmp()" Reviewed-by: Tim Hudson <tjh@openssl.org>
show more ...
|
Revision tags: OpenSSL_0_9_8zf, OpenSSL_1_0_0r, OpenSSL_1_0_1m, OpenSSL_1_0_2a |
|
#
9e9858d1 |
| 06-Feb-2015 |
Rich Salz |
dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal docum
dead code cleanup: #if 0 in ssl I left many "#if 0" lines, usually because I thought we would probably want to revisit them later, or because they provided some useful internal documentation tips. Reviewed-by: Andy Polyakov <appro@openssl.org>
show more ...
|
Revision tags: OpenSSL_1_0_2, master-post-auto-reformat |
|
#
0f113f3e |
| 22-Jan-2015 |
Matt Caswell |
Run util/openssl-format-source -v -c . Reviewed-by: Tim Hudson <tjh@openssl.org>
|