#
7f2f0ac7 |
| 20-May-2022 |
Matt Caswell |
Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl
Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cc110a0a |
| 10-May-2022 |
Matt Caswell |
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/op
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
4030869d |
| 12-Apr-2022 |
Matt Caswell |
Convert ssl3_get_record to tls_read_record We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau <hlandau@openssl.org>
Convert ssl3_get_record to tls_read_record We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
e2d5742b |
| 07-Apr-2022 |
Matt Caswell |
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a t
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
81b741f6 |
| 30-Nov-2021 |
Kan |
Update alert to common protocol Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openss
Update alert to common protocol Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17161)
show more ...
|
#
b93f6c2d |
| 25-May-2021 |
Pauli |
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@ope
err: rename err_load_xxx_strings_int functions The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
f84ab284 |
| 30-Mar-2021 |
Benjamin Kaduk |
make update Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14749)
|
#
08a337fa |
| 04-May-2021 |
Rich Salz |
Remove all trace of FIPS_mode functions Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <
Remove all trace of FIPS_mode functions Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15140)
show more ...
|
#
c0f4400c |
| 30-Apr-2021 |
Dmitry Belyavskiy |
Use OCSP-specific error code for clarity Fixes #12735 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://gi
Use OCSP-specific error code for clarity Fixes #12735 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/xxxxx)
show more ...
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13, openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
462f4f4b |
| 15-Jan-2021 |
Matt Caswell |
Remove OPENSSL_NO_EC guards from libssl Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
|
#
8b1db5d3 |
| 13-Jan-2021 |
Matt Caswell |
Make supported_groups code independent of EC and DH The supported groups code was checking the OPENSSL_NO_EC and OPENSSL_NO_DH guards in order to work, and the list of default groups was
Make supported_groups code independent of EC and DH The supported groups code was checking the OPENSSL_NO_EC and OPENSSL_NO_DH guards in order to work, and the list of default groups was based on those guards. However we now need it to work even in a no-ec and no-dh build, because new groups might be added from providers. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|
Revision tags: openssl-3.0.0-alpha10, OpenSSL_1_1_1i, openssl-3.0.0-alpha9 |
|
#
5a2d0ef3 |
| 20-Nov-2020 |
Richard Levitte |
Clean away extraneous library specific FETCH_FAILED reason codes Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13467)
|
#
14a6c6a4 |
| 12-Nov-2020 |
Richard Levitte |
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from ht
ERR: Rebuild all generated error headers and source files This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
show more ...
|
Revision tags: openssl-3.0.0-alpha8, openssl-3.0.0-alpha7, OpenSSL_1_1_1h |
|
#
7cd1420b |
| 27-Aug-2020 |
Matt Caswell |
Improve some error messages if a digest is not available If a digest is not available we just get an "internal error" error message - which isn't very helpful for diagnosing problems. In
Improve some error messages if a digest is not available If a digest is not available we just get an "internal error" error message - which isn't very helpful for diagnosing problems. Instead we explicitly state that we couldn't find a suitable digest. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12733)
show more ...
|
Revision tags: openssl-3.0.0-alpha6, openssl-3.0.0-alpha5, openssl-3.0.0-alpha4, openssl-3.0.0-alpha3 |
|
#
db9592c1 |
| 22-May-2020 |
Matt Caswell |
Provider a better error message if we fail to copy parameters If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very helpful error message. We provide a better one.
Provider a better error message if we fail to copy parameters If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very helpful error message. We provide a better one. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
show more ...
|
Revision tags: openssl-3.0.0-alpha2, openssl-3.0.0-alpha1, OpenSSL_1_1_1g, OpenSSL_1_1_1f |
|
#
5a5530a2 |
| 30-Mar-2020 |
Dmitry Belyavskiy |
New Russian TLS 1.2 implementation Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
|
Revision tags: OpenSSL_1_1_1e |
|
#
abd86cec |
| 13-Mar-2020 |
Matt Caswell |
Use a fetched version of SHA256 in tls_process_new_session_ticket() We use the SHA256 digest of the ticket as a "fake" session id. We should ensure that the SHA256 implementation is fetc
Use a fetched version of SHA256 in tls_process_new_session_ticket() We use the SHA256 digest of the ticket as a "fake" session id. We should ensure that the SHA256 implementation is fetched from the appropriate provider. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11356)
show more ...
|
#
d924dbf4 |
| 17-Jan-2020 |
Matt Caswell |
Detect EOF while reading in libssl If we hit an EOF while reading in libssl then we will report an error back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add an er
Detect EOF while reading in libssl If we hit an EOF while reading in libssl then we will report an error back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. Contains a partial fix for #10880 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10907)
show more ...
|
Revision tags: OpenSSL_1_0_2u, OpenSSL_1_0_2t, OpenSSL_1_1_0l, OpenSSL_1_1_1d |
|
#
0cd1b144 |
| 04-Sep-2019 |
Richard Levitte |
util/mkerr.pl: make it not depend on the function code The output C code was made to use ERR_func_error_string() to see if a string table was already loaded or not. Since this function
util/mkerr.pl: make it not depend on the function code The output C code was made to use ERR_func_error_string() to see if a string table was already loaded or not. Since this function returns NULL always, this check became useless. Change it to use ERR_reason_error_string() instead, as there's no reason to believe we will get rid of reason strings, ever. To top it off, we rebuild all affected C sources. Fixes #9756 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9756)
show more ...
|
#
cbfa5b03 |
| 11-Jul-2019 |
Rich Salz |
Regenerate mkerr files Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
|
Revision tags: OpenSSL_1_1_1c, OpenSSL_1_1_0k, OpenSSL_1_0_2s |
|
#
7c3a7561 |
| 13-Apr-2019 |
Boris Pismenny |
ssl: Add SSL_sendfile This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellano
ssl: Add SSL_sendfile This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
show more ...
|
Revision tags: OpenSSL_1_0_2r, OpenSSL_1_1_1b, OpenSSL_1_0_2q, OpenSSL_1_1_0j, OpenSSL_1_1_1a, OpenSSL_1_1_1, OpenSSL_1_1_1-pre9, OpenSSL_1_0_2p, OpenSSL_1_1_0i, OpenSSL_1_1_1-pre8, OpenSSL_1_1_1-pre7, OpenSSL_1_1_1-pre6, OpenSSL_1_1_1-pre5, OpenSSL_1_1_1-pre4, OpenSSL_1_0_2o, OpenSSL_1_1_0h, OpenSSL_1_1_1-pre3, OpenSSL_1_1_1-pre2, OpenSSL_1_1_1-pre1, OpenSSL_1_0_2n, OpenSSL_1_0_2m, OpenSSL_1_1_0g, OpenSSL_1_0_2l, OpenSSL_1_1_0f, OpenSSL-fips-2_0_16, OpenSSL_1_1_0e, OpenSSL_1_0_2k, OpenSSL_1_1_0d, OpenSSL-fips-2_0_15 |
|
#
558ea847 |
| 15-Nov-2016 |
Richard Levitte |
Remove heartbeats completely Fixes #4856 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
|
#
3d35e3a2 |
| 08-Feb-2019 |
Matt Caswell |
Don't interleave handshake and other record types in TLSv1.3 In TLSv1.3 it is illegal to interleave handshake records with non handshake records. Fixes #8189 Reviewed-b
Don't interleave handshake and other record types in TLSv1.3 In TLSv1.3 it is illegal to interleave handshake records with non handshake records. Fixes #8189 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8191)
show more ...
|