#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
b740012f |
| 12-Jul-2022 |
slontis |
Check for EVP_MD being NULL inside ssl. Fix multiple places that could potentially segfault if memory allocations fail. e.g. ssl_load_ciphers() could fail while calling ssl_evp_md_fe
Check for EVP_MD being NULL inside ssl. Fix multiple places that could potentially segfault if memory allocations fail. e.g. ssl_load_ciphers() could fail while calling ssl_evp_md_fetch(). Found by #18355 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18784)
show more ...
|
#
6cb814de |
| 27-Oct-2021 |
olszomal |
Don't include any TLSv1.3 ciphersuites that are disabled Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org>
Don't include any TLSv1.3 ciphersuites that are disabled Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Ben Kaduk <kaduk@mit.edu> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16925)
show more ...
|
#
2ff286c2 |
| 21-Jun-2021 |
Dr. David von Oheimb |
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/
Add and use HAS_PREFIX() and CHECK_AND_SKIP_PREFIX() for checking if string has literal prefix Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15847)
show more ...
|
#
3a069c1b |
| 03-Nov-2021 |
Bernd Edlinger |
Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Fix a memory leak in ssl_create_cipher_list Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16954)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
d1b26ddb |
| 29-Jul-2021 |
Erik Lax |
Allow cipher strings to be given using its standard name Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openss
Allow cipher strings to be given using its standard name Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16179)
show more ...
|
#
407820c0 |
| 31-May-2021 |
Pauli |
tls: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
53d85372 |
| 29-Mar-2021 |
Pauli |
ssl: fix problem where MAC IDs were globally cached. Instead, they should be cached per SSL_CTX. This also addresses a threading issue where multiple attempts to write the same
ssl: fix problem where MAC IDs were globally cached. Instead, they should be cached per SSL_CTX. This also addresses a threading issue where multiple attempts to write the same location occur. The last one winning. Under 1.1.1, this wasn't an issue but under 3.0 with library contexts, the results can and will be different. Fixes #13456 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14715)
show more ...
|
Revision tags: OpenSSL_1_1_1k |
|
#
6b2e51dd |
| 23-Mar-2021 |
Alexander Traud |
ssl/ssl_ciph.c: update format string, again Commit 2664810 changed everything except the encoding. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@open
ssl/ssl_ciph.c: update format string, again Commit 2664810 changed everything except the encoding. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14673)
show more ...
|
#
e22105d1 |
| 18-Mar-2021 |
Pauli |
ssl: fix coverity 1451495: resource leak Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14596)
|
Revision tags: openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11, openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9, openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h, openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
ce0b307e |
| 27-May-2020 |
Benjamin Kaduk |
Remove disabled TLS 1.3 ciphers from the SSL(_CTX) In ssl_create_cipher_list() we make a pass through the ciphers to remove those which are disabled in the current libctx. We are ca
Remove disabled TLS 1.3 ciphers from the SSL(_CTX) In ssl_create_cipher_list() we make a pass through the ciphers to remove those which are disabled in the current libctx. We are careful to not include such disabled TLS 1.3 ciphers in the final consolidated cipher list that we produce, but the disabled ciphers are still kept in the separate stack of TLS 1.3 ciphers associated with the SSL or SSL_CTX in question. This leads to confusing results where a cipher is present in the tls13_cipherlist but absent from the actual cipher list in use. Keep the books in order and remove the disabled ciphers from the 1.3 cipherlist at the same time we skip adding them to the active cipher list. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12037)
show more ...
|
#
e376242d |
| 20-Jan-2021 |
Matt Caswell |
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availabilit
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
462f4f4b |
| 15-Jan-2021 |
Matt Caswell |
Remove OPENSSL_NO_EC guards from libssl Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
|
#
05b4b85d |
| 15-Jan-2021 |
Matt Caswell |
Check for availability of ciphersuites at run time In 1.1.1 and below we would check for the availability of certain algorithms based on compile time guards. However with 3.0 this is no
Check for availability of ciphersuites at run time In 1.1.1 and below we would check for the availability of certain algorithms based on compile time guards. However with 3.0 this is no longer sufficient. Some algorithms that are unavailable at compile time may become available later if 3rd party providers are loaded. Similarly, algorithms that exist in our built-in providers at compile time may not be available at run time if those providers are not loaded. Fixes #13184 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
#
3d0b6494 |
| 20-Oct-2020 |
Otto Hollmann |
Remove extra space. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12100)
|
#
981b4b95 |
| 19-Oct-2020 |
Otto Hollmann |
Fixed error and return code. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12100)
|
#
c1e8a0c6 |
| 09-Jun-2020 |
Otto Hollmann |
Fix set_ciphersuites ignore unknown ciphers. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/op
Fix set_ciphersuites ignore unknown ciphers. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/12100)
show more ...
|
#
3a1ee3c1 |
| 17-Dec-2020 |
Richard Levitte |
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedor
Drop OPENSSL_NO_RSA everywhere The configuration option 'no-rsa' was dropped with OpenSSL 1.1.0, so this is simply a cleanup of the remains. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13700)
show more ...
|
#
a68eee67 |
| 20-Nov-2020 |
Matt Caswell |
Move some libssl global variables into SSL_CTX disabled_enc_mask et al were global. Now that cipher loading is done individually for each SSL_CTX, based on the libctx configured for that
Move some libssl global variables into SSL_CTX disabled_enc_mask et al were global. Now that cipher loading is done individually for each SSL_CTX, based on the libctx configured for that SSL_CTX this means that some things will be disabled for one SSL_CTX but not for another. The global variables set up the potential for different SSL_CTXs to trample on each other. We move these variables into the SSL_CTX structure. Fixes #12040 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13465)
show more ...
|
#
6849b73c |
| 04-Nov-2020 |
Richard Levitte |
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://
Convert all {NAME}err() in ssl/ to their corresponding ERR_raise() call This was done using util/err-to-raise Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/13316)
show more ...
|
#
301fcb28 |
| 14-Oct-2020 |
Matt Caswell |
Concentrate deprecated libssl API usage in one file We create a new file ssl/tls_depr.c to contain functions that need to call deprecated APIs in libssl. This enables us to remove OP
Concentrate deprecated libssl API usage in one file We create a new file ssl/tls_depr.c to contain functions that need to call deprecated APIs in libssl. This enables us to remove OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files. The deprecated API usage is either related to ENGINEs and is needed to continue to support applications that use such ENGINEs. Or they are needed to support some deprecated public libssl APIs. One other file remains in libssl that still uses deprecated APIs: s3_cbc.c This is needed to support the deprecated SSLv3. Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13135)
show more ...
|
#
225c9660 |
| 10-Sep-2020 |
Matt Caswell |
Ignore unused return values from some sk_*() macros Some compilers are very picky about unused return values. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Pau
Ignore unused return values from some sk_*() macros Some compilers are very picky about unused return values. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12781)
show more ...
|