#
19d00444 |
| 26-Jul-2022 |
Matt Caswell |
Remove some redundant code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
|
#
4564b47d |
| 20-Jul-2022 |
Matt Caswell |
Remove some TODO(RECLAYER) comments Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mr
Remove some TODO(RECLAYER) comments Some TODO(RECLAYER) comments are no longer necessary and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
8124ab56 |
| 25-May-2022 |
Matt Caswell |
Remove some final references to the SSL object in the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://git
Remove some final references to the SSL object in the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
7f2f0ac7 |
| 20-May-2022 |
Matt Caswell |
Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl
Make the record layer directly aware of EtM We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
7c293999 |
| 12-May-2022 |
Matt Caswell |
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from ht
Distinguish between fatal and non-fatal errors when creating a record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
cc110a0a |
| 10-May-2022 |
Matt Caswell |
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/op
Implement KTLS in the new read record layer code Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
79eebb08 |
| 06-May-2022 |
Matt Caswell |
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.
Ensure various SSL options are passed down to the record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
2b891e30 |
| 29-Apr-2022 |
Matt Caswell |
Convert TLSv1.3 code to use the new read side record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/
Convert TLSv1.3 code to use the new read side record layer Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
#
38b051a1 |
| 20-Jun-2022 |
Tomas Mraz |
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented
SSL object refactoring using SSL_CONNECTION object Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
show more ...
|
#
b740012f |
| 12-Jul-2022 |
slontis |
Check for EVP_MD being NULL inside ssl. Fix multiple places that could potentially segfault if memory allocations fail. e.g. ssl_load_ciphers() could fail while calling ssl_evp_md_fe
Check for EVP_MD being NULL inside ssl. Fix multiple places that could potentially segfault if memory allocations fail. e.g. ssl_load_ciphers() could fail while calling ssl_evp_md_fetch(). Found by #18355 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/18784)
show more ...
|
#
d649c51a |
| 21-May-2022 |
Peiwei Hu |
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from
Fix check of EVP_CIPHER_CTX_ctrl Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18368)
show more ...
|
#
fecb3aae |
| 03-May-2022 |
Matt Caswell |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
|
#
7c78932b |
| 10-Oct-2021 |
Daiki Ueno |
KTLS: Enable KTLS for receiving as well in TLS 1.3 This removes a guard condition that prevents KTLS being enabled for receiving in TLS 1.3. Use the correct sequence number and BIO for
KTLS: Enable KTLS for receiving as well in TLS 1.3 This removes a guard condition that prevents KTLS being enabled for receiving in TLS 1.3. Use the correct sequence number and BIO for receive vs transmit offload. Co-authored-by: John Baldwin <jhb@FreeBSD.org> Signed-off-by: Daiki Ueno <dueno@redhat.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17942)
show more ...
|
#
85773128 |
| 24-Feb-2022 |
John Baldwin |
KTLS: Check for unprocessed receive records in ktls_configure_crypto. KTLS implementations currently assume that the start of the in-kernel socket buffer is aligned with the start of a T
KTLS: Check for unprocessed receive records in ktls_configure_crypto. KTLS implementations currently assume that the start of the in-kernel socket buffer is aligned with the start of a TLS record for the receive side. The socket option to enable KTLS specifies the TLS sequence number of this initial record. When read ahead is enabled, data can be pending in the SSL read buffer after negotiating session keys. This pending data must be examined to ensurs that the kernel's socket buffer does not contain a partial TLS record as well as to determine the correct sequence number of the first TLS record to be processed by the kernel. In preparation for enabling receive kernel offload for TLS 1.3, move the existing logic to handle read ahead from t1_enc.c into ktls.c and invoke it from ktls_configure_crypto(). Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17942)
show more ...
|
#
1287dabd |
| 26-Oct-2021 |
x2018 |
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org
fix some code with obvious wrong coding style Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16918)
show more ...
|
#
1b9e4678 |
| 01-Sep-2021 |
Daniel Bevenius |
Fix indentation of tls13_hkdf_expand parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openss
Fix indentation of tls13_hkdf_expand parameters Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/16489)
show more ...
|
#
f7d998a2 |
| 02-Aug-2021 |
Pauli |
tls/prov: move the TLS 1.3 KDF code to providers This function needs to be power up tested as part of the FIPS validation and thus it needs to be inside the provider boundary. This is r
tls/prov: move the TLS 1.3 KDF code to providers This function needs to be power up tested as part of the FIPS validation and thus it needs to be inside the provider boundary. This is realised by introducing a new KDF "TLS13-KDF" which does the required massaging of parameters but is otherwise functionally equivalent to HKDF. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/16203)
show more ...
|
#
21dfdbef |
| 22-Jun-2021 |
Richard Levitte |
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac() Fixes #15839 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <p
Adapt other parts of the source to the changed EVP_Q_digest() and EVP_Q_mac() Fixes #15839 Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15861)
show more ...
|
#
407820c0 |
| 31-May-2021 |
Pauli |
tls: remove TODOs Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15539)
|
#
ed576acd |
| 21-May-2021 |
Tomas Mraz |
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_,
Rename all getters to use get/get0 in name For functions that exist in 1.1.1 provide a simple aliases via #define. Fixes #15236 Functions with OSSL_DECODER_, OSSL_ENCODER_, OSSL_STORE_LOADER_, EVP_KEYEXCH_, EVP_KEM_, EVP_ASYM_CIPHER_, EVP_SIGNATURE_, EVP_KEYMGMT_, EVP_RAND_, EVP_MAC_, EVP_KDF_, EVP_PKEY_, EVP_MD_, and EVP_CIPHER_ prefixes are renamed. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15405)
show more ...
|
Revision tags: openssl-3.0.0-alpha17, openssl-3.0.0-alpha16, openssl-3.0.0-alpha15, openssl-3.0.0-alpha14 |
|
#
0a8a6afd |
| 29-Mar-2021 |
Dr. David von Oheimb |
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib,
Add quick one-shot EVP_Q_mac() and deprecation compensation decls for MAC functions This helps compensating for deprecated functions such as HMAC() and reduces clutter in the crypto lib, apps, and tests. Also fixes memory leaks in generate_cookie_callback() of apps/lib/s_cb.c. and replaces 'B<...>' by 'I<...>' where appropriate in HMAC.pod Partially fixes #14628. Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14664)
show more ...
|
#
a3a54179 |
| 07-Apr-2021 |
Matt Caswell |
Only enable KTLS if it is explicitly configured It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specific
Only enable KTLS if it is explicitly configured It has always been the case that KTLS is not compiled by default. However if it is compiled then it was automatically used unless specifically configured not to. This is problematic because it avoids any crypto implementations from providers. A user who configures all crypto to use the FIPS provider may unexpectedly find that TLS related crypto is actually being performed outside of the FIPS boundary. Instead we change KTLS so that it is disabled by default. We also swap to using a single "option" (i.e. SSL_OP_ENABLE_KTLS) rather than two separate "modes", (i.e. SSL_MODE_NO_KTLS_RX and SSL_MODE_NO_KTLS_TX). Fixes #13794 Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14799)
show more ...
|
Revision tags: OpenSSL_1_1_1k, openssl-3.0.0-alpha13 |
|
#
5cceedb5 |
| 26-Feb-2021 |
Pauli |
tls: adjust for extra argument to KDF derive call Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
#
0edb8194 |
| 25-Feb-2021 |
Pauli |
tls: updates for the new additional MAC_init arguments Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/14310)
|
Revision tags: openssl-3.0.0-alpha12, OpenSSL_1_1_1j, openssl-3.0.0-alpha11 |
|
#
4333b89f |
| 28-Jan-2021 |
Richard Levitte |
Update copyright year Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
|