4840c2a5 | 19-Apr-2022 |
Matt Caswell |
Move Record layer methods code into a sub-directory Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl
Move Record layer methods code into a sub-directory Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
aedbb71b | 18-Apr-2022 |
Matt Caswell |
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Revi
Move the TLS1.0/1.1/1.2 record crypto code into the new record layer Only done for the read side so far. Still need to do TLS1.3 and SSL3.0. Also need to separate out KTLS. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
4030869d | 12-Apr-2022 |
Matt Caswell |
Convert ssl3_get_record to tls_read_record We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau <hlandau@openssl.org>
Convert ssl3_get_record to tls_read_record We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
26dad42e | 11-Apr-2022 |
Matt Caswell |
Add a DTLSv1_listen() test Add a test to ensure that a connection started via DTLSv1_listen() can be completed through to handshake success. Previous DTLSv1_listen() testing only tes
Add a DTLSv1_listen() test Add a test to ensure that a connection started via DTLSv1_listen() can be completed through to handshake success. Previous DTLSv1_listen() testing only tested the function itself and did not confirm that a connection can actually be achieved using it. This is important to test some codepaths being affected by the record layer refactor. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
e2d5742b | 07-Apr-2022 |
Matt Caswell |
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a t
Transfer the functionality from ssl3_read_n to the new record layer This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
0c974fc7 | 07-Apr-2022 |
Matt Caswell |
Make settings and options parameters const in recordmethod.h Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.co
Make settings and options parameters const in recordmethod.h Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
34a4068c | 07-Apr-2022 |
Matt Caswell |
Add a skeleton TLS record method It doesn't yet do anything. This is a placeholder which will be filled in by susbsequent commits. Reviewed-by: Hugo Landau <hlandau@openssl.org>
Add a skeleton TLS record method It doesn't yet do anything. This is a placeholder which will be filled in by susbsequent commits. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
11653dcd | 07-Apr-2022 |
Matt Caswell |
Fix compilation issues in the imported recordmethod.h Also, rename the "new" function pointer to "new_record_layer" to avoid a C++ reserved name Reviewed-by: Hugo Landau <hlanda
Fix compilation issues in the imported recordmethod.h Also, rename the "new" function pointer to "new_record_layer" to avoid a C++ reserved name Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
79a1f3e4 | 07-Apr-2022 |
Matt Caswell |
Add the recordmethod header from the draft design Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/o
Add the recordmethod header from the draft design Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
show more ...
|
340fe504 | 11-Aug-2022 |
Todd Short |
Update session timeout code with OSSL_TIME Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Update session timeout code with OSSL_TIME Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18985)
show more ...
|
425e972d | 10-Aug-2022 |
Matt Caswell |
Add some documentation for X509_gmtime_adj() Other very similar functions were documented, but this one was missing. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by:
Add some documentation for X509_gmtime_adj() Other very similar functions were documented, but this one was missing. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18974)
show more ...
|
63df86b0 | 15-Aug-2022 |
Dr. Matthias St. Pierre |
Add CODE-OF-CONDUCT.md Fixes #18820 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pu
Add CODE-OF-CONDUCT.md Fixes #18820 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19002)
show more ...
|
19914fec | 15-Jun-2022 |
Lutz Jaenicke |
cms: Create test for for purpose verification in cms application The tests only cover the correct handling of the codesigning purpose in the certificates in the context of the cms comman
cms: Create test for for purpose verification in cms application The tests only cover the correct handling of the codesigning purpose in the certificates in the context of the cms command line tool. The interpretation of the certificate purpose is tested in the context of the "verify" app. The correct handling of the cms objects is tested by other tests in 80-test_cms.t. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
show more ...
|
61a97676 | 15-Jun-2022 |
Lutz Jaenicke |
X509: add tests for purpose code signing in verify application Correct configuration according to CA Browser forum: KU: critical,digitalSignature XKU: codeSiging Note: I
X509: add tests for purpose code signing in verify application Correct configuration according to CA Browser forum: KU: critical,digitalSignature XKU: codeSiging Note: I did not find any other document formally defining the requirements for code signing certificates. Some combinations are explicitly forbidden, some flags can be ignored Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
show more ...
|
178696d6 | 14-Oct-2021 |
Lutz Jaenicke |
X509: Add "code sign" as purpose for verification of certificates Code signing certificates have other properties as for example described in CA Browser Forum documents. This leads to "u
X509: Add "code sign" as purpose for verification of certificates Code signing certificates have other properties as for example described in CA Browser Forum documents. This leads to "unsupported certificate purpose" errors when verifying signed objects. This patch adds the purpose "codesign" to the table in X.509 certificate verification and the verification parameter "code_sign" to X509_VERIFY_PARAM. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
show more ...
|
1a68a3e4 | 15-Jun-2022 |
Lutz Jaenicke |
crypto/x509/x509_vpm.c: update format of X509_VERIFY_PARAM default_table Put "}," on separate lines as suggested in PR #18567 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed
crypto/x509/x509_vpm.c: update format of X509_VERIFY_PARAM default_table Put "}," on separate lines as suggested in PR #18567 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18567)
show more ...
|
58135cb3 | 28-Jul-2022 |
Tomas Mraz |
Clarify documentation in regards to EC key parameters Also clarify that EVP_PKEY_fromdata ignores parameters that are unknown or incorrect for given selection. Reviewed-by: Paul
Clarify documentation in regards to EC key parameters Also clarify that EVP_PKEY_fromdata ignores parameters that are unknown or incorrect for given selection. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18902)
show more ...
|
3a1596f4 | 28-Jul-2022 |
Tomas Mraz |
Add testcases for EVP_PKEY_get1_encoded_public_key Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/ope
Add testcases for EVP_PKEY_get1_encoded_public_key Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18902)
show more ...
|
b5db237d | 28-Jul-2022 |
Tomas Mraz |
ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY If the public key is not set on the key, return error instead of crash. Fixes #18495 Reviewed-by: P
ec_kmgmt.c: Do not crash when getting OSSL_PKEY_PARAM_ENCODED_PUBLIC_KEY If the public key is not set on the key, return error instead of crash. Fixes #18495 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18902)
show more ...
|
2c05607c | 11-Jul-2021 |
Dr. David von Oheimb |
Fix ossl_x509v3_cache_extensions(): EXFLAG_NO_FINGERPRINT should not be an error This allows reverting the recent workaround on cmp_ctx_test regarding X509_new() Reviewed-by: Tomas
Fix ossl_x509v3_cache_extensions(): EXFLAG_NO_FINGERPRINT should not be an error This allows reverting the recent workaround on cmp_ctx_test regarding X509_new() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/16043)
show more ...
|
42a0817d | 17-Aug-2022 |
Richard Levitte |
Rename "RX Frame Handler" to "RX Depacketizer" in the overview Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com
Rename "RX Frame Handler" to "RX Depacketizer" in the overview Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18610)
show more ...
|
d7fed97e | 20-Jun-2022 |
Richard Levitte |
RX depacketizer (QUIC) The same-ish module as the TX packetizer, handling the opposite direction. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@open
RX depacketizer (QUIC) The same-ish module as the TX packetizer, handling the opposite direction. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18610)
show more ...
|
70f589ae | 10-Aug-2022 |
valdaarhun |
Fix memory leak in BN_rand_range() The patch enables BN_rand_range() to exit immediately if BIGNUM *rnd is NULL. CLA: trivial Fixes: #18951 Reviewed-by: Matt C
Fix memory leak in BN_rand_range() The patch enables BN_rand_range() to exit immediately if BIGNUM *rnd is NULL. CLA: trivial Fixes: #18951 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18982)
show more ...
|
17b94de3 | 15-Aug-2022 |
Matt Caswell |
Ensure we build ub sanitizer builds with -DPEDANTIC Otherwise we may get spurious results from ub sanitizer. For example we assume we can tolerate some unaligned write without this defin
Ensure we build ub sanitizer builds with -DPEDANTIC Otherwise we may get spurious results from ub sanitizer. For example we assume we can tolerate some unaligned write without this define that ub sanitizer will complain about. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18983)
show more ...
|
7c82a7a8 | 11-Aug-2022 |
Matt Caswell |
Don't incorrectly skip the multiblock test sslapitest has a test for multiblock writes. Since multiblock writing is only available on some platforms the multiblock test checks whether we
Don't incorrectly skip the multiblock test sslapitest has a test for multiblock writes. Since multiblock writing is only available on some platforms the multiblock test checks whether we are on such a platform first, and skips the test if we are not. Unfortunately a bug in the check meant that we always skipped the test regardless of the platform. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18983)
show more ...
|