#
4566dae7 |
| 26-Jul-2022 |
Matt Caswell |
Ensure various record layer options can be updated We would like the capability for the options/mode/read_ahead settings to be updateable after the record layer object has been instantia
Ensure various record layer options can be updated We would like the capability for the options/mode/read_ahead settings to be updateable after the record layer object has been instantiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cffafb5f |
| 22-Jul-2022 |
Matt Caswell |
Move some fields out of the SSL object and into the record layer object Fields such as rrlmethod and rrl are entirely related to the record layer, and so should be in that object.
Move some fields out of the SSL object and into the record layer object Fields such as rrlmethod and rrl are entirely related to the record layer, and so should be in that object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
4564b47d |
| 20-Jul-2022 |
Matt Caswell |
Remove some TODO(RECLAYER) comments Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mr
Remove some TODO(RECLAYER) comments Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
81c9ebd9 |
| 19-Jul-2022 |
Matt Caswell |
Remove some unnecessary function pointers from OSSL_RECORD_METHOD We had some temporary function pointers in OSSL_RECORD_METHOD which were only necessary during the process of refactorin
Remove some unnecessary function pointers from OSSL_RECORD_METHOD We had some temporary function pointers in OSSL_RECORD_METHOD which were only necessary during the process of refactoring the read record layer. These are no longer required so can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
222cf410 |
| 08-Jun-2022 |
Matt Caswell |
Remove reliance on the SSL object from the DTLS read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https:/
Remove reliance on the SSL object from the DTLS read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
eddb067e |
| 02-Jun-2022 |
Matt Caswell |
Move some DTLS read code into the read record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl
Move some DTLS read code into the read record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
8124ab56 |
| 25-May-2022 |
Matt Caswell |
Remove some final references to the SSL object in the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://git
Remove some final references to the SSL object in the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
359affde |
| 17-May-2022 |
Matt Caswell |
Add support for moving data from one epoch to the next Sometimes data read by a record layer in one epoch is actually intended for the next epoch. For example in a TLS with read_ahead, t
Add support for moving data from one epoch to the next Sometimes data read by a record layer in one epoch is actually intended for the next epoch. For example in a TLS with read_ahead, the read_ahead data could contain a KeyUpdate message followed by application data encrypted with new keys. Therefore we implement a mechanism for passing this data across the epochs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
7c293999 |
| 12-May-2022 |
Matt Caswell |
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cc110a0a |
| 10-May-2022 |
Matt Caswell |
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/op
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
79eebb08 |
| 06-May-2022 |
Matt Caswell |
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
aedbb71b |
| 18-Apr-2022 |
Matt Caswell |
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Revi
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
e2d5742b |
| 07-Apr-2022 |
Matt Caswell |
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a t
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
6d6b295a |
| 25-Jul-2022 |
Matt Caswell |
Fix SSL_pending() and SSL_has_pending() with DTLS If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to t
Fix SSL_pending() and SSL_has_pending() with DTLS If app data is received before a Finished message in DTLS then we buffer it to return later. The function SSL_pending() is supposed to tell you how much processed app data we have already buffered, and SSL_has_pending() is supposed to tell you if we have any data buffered (whether processed or not, and whether app data or not). Neither SSL_pending() or SSL_has_pending() were taking account of this DTLS specific app data buffer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18868)
show more ...
|
#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
09134f18 |
| 16-Mar-2022 |
Pauli |
Fix Coverity 1498611 & 1498608: uninitialised read Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/ope
Fix Coverity 1498611 & 1498608: uninitialised read Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17893)
show more ...
|
#
dfb39f73 |
| 07-Mar-2022 |
Tomas Mraz |
Replace handling of negative verification result with SSL_set_retry_verify() Provide a different mechanism to indicate that the application wants to retry the verification. The negative
Replace handling of negative verification result with SSL_set_retry_verify() Provide a different mechanism to indicate that the application wants to retry the verification. The negative result of the callback function now indicates an error again. Instead the SSL_set_retry_verify() can be called from the callback to indicate that the handshake should be suspended. Fixes #17568 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17825)
show more ...
|
#
d5f9166b |
| 04-Feb-2022 |
Richard Levitte |
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to b
Move e_os.h to include/internal Including e_os.h with a path from a header file doesn't work well on certain exotic platform. It simply fails to build. Since we don't seem to be able to stop ourselves, the better move is to move e_os.h to an include directory that's part of the inclusion path given to the compiler. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17641)
show more ...
|
#
13a53fbf |
| 25-Oct-2021 |
Phus Lu |
add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order() The function/macro allow user get groups/extensions without memory allcations. So we could calculate the ssl fignerpri
add SSL_get0_iana_groups() & SSL_client_hello_get_extension_order() The function/macro allow user get groups/extensions without memory allcations. So we could calculate the ssl fignerprint(ja3) in low cost. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16910)
show more ...
|
#
acce0557 |
| 13-Jan-2022 |
Pauli |
ssl: better support TSAN operations For platforms that do not have native TSAN support, locking needs to be used instead. This adds the locking. Reviewed-by: Matt Caswell <matt
ssl: better support TSAN operations For platforms that do not have native TSAN support, locking needs to be used instead. This adds the locking. Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17489)
show more ...
|
#
79b2a2f2 |
| 18-Dec-2021 |
Dr. David von Oheimb |
add OSSL_STACK_OF_X509_free() for commonly used pattern Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17307)
|
#
e819b572 |
| 06-Dec-2021 |
Matt Caswell |
Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions We should not be freeing the caller's key in the event of error. Fixes #17196 Reviewed-by: Tomas Mraz <toma
Don't free the EVP_PKEY on error in set0_tmp_dh_pkey() functions We should not be freeing the caller's key in the event of error. Fixes #17196 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17209)
show more ...
|
#
07f620e3 |
| 11-Nov-2021 |
Matt Caswell |
Reset the rwstate before calling ASYNC_start_job() If an async job pauses while processing a TLS connection then the rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should
Reset the rwstate before calling ASYNC_start_job() If an async job pauses while processing a TLS connection then the rwstate gets set to SSL_ASYNC_PAUSED. When resuming the job we should reset the rwstate back to SSL_NOTHING. In fact we can do this unconditionally since if we're about to call ASYNC_start_job() then either we are about to start the async job for the first time (in which case the rwstate should already by SSL_NOTHING), or we are restarting it after a pause (in which case reseting it to SSL_NOTHING is the correct action). Fixes #16809 Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17013)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|