#
976b263d |
| 18-May-2022 |
Matt Caswell |
Fix some no-comp compilation failures Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
Fix some no-comp compilation failures Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
7c293999 |
| 12-May-2022 |
Matt Caswell |
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cc110a0a |
| 10-May-2022 |
Matt Caswell |
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/op
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
79eebb08 |
| 06-May-2022 |
Matt Caswell |
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
10560aed |
| 28-Apr-2022 |
Matt Caswell |
Convert SSLv3 code to use the new read side record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/op
Convert SSLv3 code to use the new read side record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
407820c0 |
| 31-May-2021 |
Pauli |
tls: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
1376708c |
| 21-May-2021 |
Benjamin Kaduk |
Allow TLS13_AD_MISSING_EXTENSION for older versions Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in ssl3_alert_code() and tls1_alert_code(), so that the call to SSLf
Allow TLS13_AD_MISSING_EXTENSION for older versions Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in ssl3_alert_code() and tls1_alert_code(), so that the call to SSLfatal() in final_psk() will always actually generate an alert, even for non-TLS1.3 protocol versions. Fixes #15375 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15412)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14, OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
e376242d |
| 20-Jan-2021 |
Matt Caswell |
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availabilit
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
5a2d0ef3 |
| 20-Nov-2020 |
Richard Levitte |
Clean away extraneous library specific FETCH_FAILED reason codes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13467)
|
Revision tags: openssl-3.0.0-alpha8 |
|
#
c48ffbcc |
| 04-Nov-2020 |
Richard Levitte |
SSL: refactor all SSLfatal() calls Since SSLfatal() doesn't take a function code any more, we drop that argument everywhere. Also, we convert all combinations of SSLfatal() and ERR_
SSL: refactor all SSLfatal() calls Since SSLfatal() doesn't take a function code any more, we drop that argument everywhere. Also, we convert all combinations of SSLfatal() and ERR_add_data() to an SSLfatal_data() call. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
Revision tags: openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
7cd1420b |
| 27-Aug-2020 |
Matt Caswell |
Improve some error messages if a digest is not available If a digest is not available we just get an "internal error" error message - which isn't very helpful for diagnosing problems. In
Improve some error messages if a digest is not available If a digest is not available we just get an "internal error" error message - which isn't very helpful for diagnosing problems. Instead we explicitly state that we couldn't find a suitable digest. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12733)
show more ...
|
#
c19e6da9 |
| 11-Aug-2020 |
Patrick Steuer |
Appease -Werror=stringop-overflow= gcc 10 seems to think of assigning to an (unsigned) char array as a stringop and demands additional space for a terminating '\0': In funct
Appease -Werror=stringop-overflow= gcc 10 seems to think of assigning to an (unsigned) char array as a stringop and demands additional space for a terminating '\0': In function 'ssl3_generate_key_block', inlined from 'ssl3_setup_key_block' at ssl/s3_enc.c:304:11: ssl/s3_enc.c:51:20: error: writing 1 byte into a region of size 0 [-Werror=stringop-overflow=] 51 | buf[j] = c; | ~~~~~~~^~~ ssl/s3_enc.c: In function 'ssl3_setup_key_block': ssl/s3_enc.c:23:19: note: at offset 16 to object 'buf' with size 16 declared here 23 | unsigned char buf[16], smd[SHA_DIGEST_LENGTH]; | ^~~ Signed-off-by: Patrick Steuer <patrick.steuer@de.ibm.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12632)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5 |
|
#
b5588178 |
| 26-Jun-2020 |
Matt Caswell |
Convert SSLv3 handling to use provider side CBC/MAC removal Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12288)
|
Revision tags: openssl-3.0.0-alpha4, openssl-3.0.0-alpha3, openssl-3.0.0-alpha2, openssl-3.0.0-alpha1 |
|
#
33388b44 |
| 23-Apr-2020 |
Matt Caswell |
Update copyright year Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11616)
|
Revision tags: OpenSSL_1_1_1g |
|
#
62ba8345 |
| 20-Apr-2020 |
Matt Caswell |
Fix test_ssl_new test failure A couple of fetches of the MD5 and SHA1 digests were not using the libctx in libssl and causing test_ssl_new to fail in travis. This only occurs on buil
Fix test_ssl_new test failure A couple of fetches of the MD5 and SHA1 digests were not using the libctx in libssl and causing test_ssl_new to fail in travis. This only occurs on builds with SSLv3 enabled (its disabled by default). [extended tests] Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11586)
show more ...
|
Revision tags: OpenSSL_1_1_1f, OpenSSL_1_1_1e |
|
#
c8f6c28a |
| 16-Jan-2020 |
Matt Caswell |
Explicitly fetch ciphers and digests in libssl We modify libssl to use explicitly fetched ciphers, digests and other algorithms as required based on the configured library context and
Explicitly fetch ciphers and digests in libssl We modify libssl to use explicitly fetched ciphers, digests and other algorithms as required based on the configured library context and property query string for the SSL_CTX that is being used. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10854)
show more ...
|
Revision tags: OpenSSL_1_0_2u |
|
#
47b4ccea |
| 10-Oct-2019 |
Richard Levitte |
Stop using EVP_MD_CTX_FLAG_NON_FIPS_ALLOW This is a flag that has lost its relevance. The new mechanism to do the same thing is to fetch the needed digest explicitly with "-fips" as
Stop using EVP_MD_CTX_FLAG_NON_FIPS_ALLOW This is a flag that has lost its relevance. The new mechanism to do the same thing is to fetch the needed digest explicitly with "-fips" as property query, i.e. we remove any requirement for that property to be set when fetching, even if the default property query string requires its presence. Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/10138)
show more ...
|
#
706457b7 |
| 27-Sep-2019 |
Dr. Matthias St. Pierre |
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source direc
Reorganize local header files Apart from public and internal header files, there is a third type called local header files, which are located next to source files in the source directory. Currently, they have different suffixes like '*_lcl.h', '*_local.h', or '*_int.h' This commit changes the different suffixes to '*_local.h' uniformly. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9333)
show more ...
|
Revision tags: OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
4e7991b4 |
| 24-Jun-2019 |
Pauli |
Change OSSL_PARAM return size to not be a pointer. Instead of referencing the return size from the OSSL_PARAM structure, make the size a field within the structure. Reviewed-by:
Change OSSL_PARAM return size to not be a pointer. Instead of referencing the return size from the OSSL_PARAM structure, make the size a field within the structure. Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9135)
show more ...
|
#
83b4a243 |
| 07-Jun-2019 |
Shane Lontis |
Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3). This is still required currently by engines and digestsign/digestverify. This PR contains merged in code from Richard Levitte's P
Make EVP_MD_CTX_ctrl() work for legacy use cases (ssl3). This is still required currently by engines and digestsign/digestverify. This PR contains merged in code from Richard Levitte's PR #9126. [extended tests] Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9103)
show more ...
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
d5e5e2ff |
| 11-Apr-2019 |
Shane Lontis |
Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers aft
Move digests to providers Move digest code into the relevant providers (fips, default, legacy). The headers are temporarily moved to be internal, and will be moved into providers after all external references are resolved. The deprecated digest code can not be removed until EVP_PKEY (signing) is supported by providers. EVP_MD data can also not yet be cleaned up for the same reasons. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8763)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b |
|
#
555cbb32 |
| 12-Dec-2018 |
Todd Short |
Collapse ssl3_state_st (s3) into ssl_st With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the s
Collapse ssl3_state_st (s3) into ssl_st With the removal of SSLv2, the s3 structure is always allocated, so there is little point in having it be an allocated pointer. Collapse the ssl3_state_st structure into ssl_st and fixup any references. This should be faster than going through an indirection and due to fewer allocations, but I'm not seeing any significant performance improvement; it seems to be within the margin of error in timing. Reviewed-by: Paul Yang <yang.yang@baishancloud.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7888)
show more ...
|