#
19d00444 |
| 26-Jul-2022 |
Matt Caswell |
Remove some redundant code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
|
#
4564b47d |
| 20-Jul-2022 |
Matt Caswell |
Remove some TODO(RECLAYER) comments Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mr
Remove some TODO(RECLAYER) comments Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
222cf410 |
| 08-Jun-2022 |
Matt Caswell |
Remove reliance on the SSL object from the DTLS read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https:/
Remove reliance on the SSL object from the DTLS read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
8124ab56 |
| 25-May-2022 |
Matt Caswell |
Remove some final references to the SSL object in the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://git
Remove some final references to the SSL object in the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
7f2f0ac7 |
| 20-May-2022 |
Matt Caswell |
Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl
Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
976b263d |
| 18-May-2022 |
Matt Caswell |
Fix some no-comp compilation failures Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/
Fix some no-comp compilation failures Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
7c293999 |
| 12-May-2022 |
Matt Caswell |
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cc110a0a |
| 10-May-2022 |
Matt Caswell |
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/op
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
79eebb08 |
| 06-May-2022 |
Matt Caswell |
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
aedbb71b |
| 18-Apr-2022 |
Matt Caswell |
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Revi
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
e2d5742b |
| 07-Apr-2022 |
Matt Caswell |
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a t
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
d649c51a |
| 21-May-2022 |
Peiwei Hu |
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
85773128 |
| 24-Feb-2022 |
John Baldwin |
KTLS: Check for unprocessed receive records in ktls_configure_crypto. KTLS implementations currently assume that the start of the in-kernel socket buffer is aligned with the start of a T
KTLS: Check for unprocessed receive records in ktls_configure_crypto. KTLS implementations currently assume that the start of the in-kernel socket buffer is aligned with the start of a TLS record for the receive side. The socket option to enable KTLS specifies the TLS sequence number of this initial record. When read ahead is enabled, data can be pending in the SSL read buffer after negotiating session keys. This pending data must be examined to ensurs that the kernel's socket buffer does not contain a partial TLS record as well as to determine the correct sequence number of the first TLS record to be processed by the kernel. In preparation for enabling receive kernel offload for TLS 1.3, move the existing logic to handle read ahead from t1_enc.c into ktls.c and invoke it from ktls_configure_crypto(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17942)
show more ...
|
#
d73a7a3a |
| 12-Jan-2022 |
Dmytro Podgornyi |
ssl/t1_enc: Fix kTLS RX offload path During counting of the unprocessed records, return code is treated in a wrong way. This forces kTLS RX path to be skipped in case of presence of
ssl/t1_enc: Fix kTLS RX offload path During counting of the unprocessed records, return code is treated in a wrong way. This forces kTLS RX path to be skipped in case of presence of unprocessed records. CLA: trivial Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17492)
show more ...
|
#
407820c0 |
| 31-May-2021 |
Pauli |
tls: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
#
1376708c |
| 21-May-2021 |
Benjamin Kaduk |
Allow TLS13_AD_MISSING_EXTENSION for older versions Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in ssl3_alert_code() and tls1_alert_code(), so that the call to SSLf
Allow TLS13_AD_MISSING_EXTENSION for older versions Add a pass-through switch case for TLS13_AD_MISSING_EXTENSION in ssl3_alert_code() and tls1_alert_code(), so that the call to SSLfatal() in final_psk() will always actually generate an alert, even for non-TLS1.3 protocol versions. Fixes #15375 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15412)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
a3a54179 |
| 07-Apr-2021 |
Matt Caswell |
Only enable KTLS if it is explicitly configured It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specific
Only enable KTLS if it is explicitly configured It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specifically configured not to. This is problematic because it avoids any crypto implementations from providers. A user who configures all crypto to use the FIPS provider may unexpectedly find that TLS related crypto is actually being performed outside of the FIPS boundary. Instead we change KTLS so that it is disabled by default. We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and SSL_MODE_NO_KTLS_TX). Fixes #13794 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14799)
show more ...
|
Revision tags: OpenSSL_1_1_1k |
|
#
234261f3 |
| 11-Mar-2021 |
Pauli |
ssl: fix format specifier for size_t argument to BIO_printf Fixes #14519 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merge
ssl: fix format specifier for size_t argument to BIO_printf Fixes #14519 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14521)
show more ...
|
Revision tags: openssl-3.0.0-alpha13 |
|
#
d38b6ae9 |
| 02-Mar-2021 |
Pauli |
ssl: support params arguments to init functions Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14383)
|
#
5cceedb5 |
| 26-Feb-2021 |
Pauli |
tls: adjust for extra argument to KDF derive call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
e376242d |
| 20-Jan-2021 |
Matt Caswell |
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availabilit
Remove all OPENSSL_NO_XXX from libssl where XXX is a crypto alg We should no longer be relying on compile time checks in libssl for the availability of crypto algorithms. The availability of crypto algorithms should be determined at runtime based on what providers have been loaded. Fixes #13616 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
show more ...
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|