| #
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Lan
Copyright year updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Release: yes
(cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
| #
4b4b9c9e |
| 15-Feb-2024 |
Hugo Landau |
QUIC: Uniform changes for QUIC error code definitions rename
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/op
QUIC: Uniform changes for QUIC error code definitions rename
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)
show more ...
|
| #
8d13d9e7 |
| 27-Oct-2023 |
Matt Caswell |
Check for NULL when freeing the QUIC_TLS object
Free functions are expected to be tolerant of a NULL pointer being passed.
Fixes the problem in
https://github.com/openssl/openss
Check for NULL when freeing the QUIC_TLS object
Free functions are expected to be tolerant of a NULL pointer being passed.
Fixes the problem in
https://github.com/openssl/openssl/pull/21668#issuecomment-1782718328
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22536)
show more ...
|
| #
d8a4451f |
| 13-Oct-2023 |
Matt Caswell |
If an error occurs constructing the quic record layer, free it properly
We need to call quic_free() to free the record layer to ensure than any
BIO that was already set is also freed.
If an error occurs constructing the quic record layer, free it properly
We need to call quic_free() to free the record layer to ensure than any
BIO that was already set is also freed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
show more ...
|
| #
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
|
| #
3a0012cb |
| 31-Aug-2023 |
Matt Caswell |
Handle non IO based retry errors in QUIC
SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOO
Handle non IO based retry errors in QUIC
SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOOKUP.
These can occur during a TLS handshake. If they occur when a QUIC Connection
is performing a TLS handshake then we need to propagate these up to the QCSO.
We also handle SSL_ERROR_WANT_CLIENT_HELLO_CB. This one will only ever
occur on the server side which we don't currently support. However adding
the handling for it now is identical to all the other handling so including
it is no cost, and will be needed when we do add server support.
We are not concerned with SSL_ERROR_WANT_ASYNC or SSL_ERROR_WANT_ASYNC_JOB
since we do not support async operation with QUIC.
Fixes openssl/project#199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)
show more ...
|
| #
881e3299 |
| 09-Aug-2023 |
Hugo Landau |
QUIC TLS: Better error message when ALPN not used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope
QUIC TLS: Better error message when ALPN not used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
show more ...
|
| #
eb1eaa9a |
| 24-Aug-2023 |
Tomas Mraz |
Always use uint8_t for TLS record type
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pul
Always use uint8_t for TLS record type
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
| #
5ad3cc19 |
| 23-Aug-2023 |
Tomas Mraz |
quic_tls.c: Fix wrong format string when raising error
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope
quic_tls.c: Fix wrong format string when raising error
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
| #
1cc8c53b |
| 23-Aug-2023 |
Tomas Mraz |
Avoid issues with endianness when type is used in SSL_trace()
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL
Avoid issues with endianness when type is used in SSL_trace()
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
| #
68b9a32a |
| 09-Aug-2023 |
Tomas Mraz |
Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()
This was already resolved by https://github.com/openssl/openssl/pull/21547
Reviewed-by: Hugo Landau <hlandau@openssl
Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()
This was already resolved by https://github.com/openssl/openssl/pull/21547
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
show more ...
|
| #
79cdbe89 |
| 16-Aug-2023 |
Tomas Mraz |
quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE
Fixes openssl/project#134
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE
Fixes openssl/project#134
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21756)
show more ...
|
| #
643f542a |
| 08-Aug-2023 |
Matt Caswell |
Fix a use-after-free in quic_tls.c
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry
Fix a use-after-free in quic_tls.c
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
show more ...
|
| #
04c7fb53 |
| 07-Aug-2023 |
Matt Caswell |
NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC.
NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
show more ...
|
| #
b644a932 |
| 02-Aug-2023 |
Matt Caswell |
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-han
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
show more ...
|
| #
4d6ca885 |
| 27-Jul-2023 |
Hugo Landau |
QUIC QTLS: Fix NULL dereference (coverity)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pu
QUIC QTLS: Fix NULL dereference (coverity)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
show more ...
|
| #
7a2bb210 |
| 03-Aug-2023 |
Hugo Landau |
QUIC TLS: Rethink error handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
|
| #
741170be |
| 28-Jul-2023 |
Hugo Landau |
QUIC CHANNEL: Improve error reporting
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21
QUIC CHANNEL: Improve error reporting
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
show more ...
|
| #
80bcc4f1 |
| 25-Jul-2023 |
Hugo Landau |
QUIC TLS: Report TLS errors properly as QUIC protocol errors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/
QUIC TLS: Report TLS errors properly as QUIC protocol errors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
show more ...
|
| #
f85d3432 |
| 27-Jul-2023 |
Matt Caswell |
Keep doing ossl_quic_tls_tick() even after handshake completion
There may be post-handshake messages to process so make sure we keep
ticking things even if the handshake has finished. We
Keep doing ossl_quic_tls_tick() even after handshake completion
There may be post-handshake messages to process so make sure we keep
ticking things even if the handshake has finished. We do this simply by
calling SSL_read(). There should never be app data to read but we will
process any handshake records we encounter.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
show more ...
|
| #
57582450 |
| 25-Apr-2023 |
Matt Caswell |
Update the SSL_rstate_string*() return value for QUIC
We make these APIs work more like the TLS versions do.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau
Update the SSL_rstate_string*() return value for QUIC
We make these APIs work more like the TLS versions do.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
show more ...
|
| #
7a4e109e |
| 27-Feb-2023 |
Matt Caswell |
Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.
Re
Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
| #
2eb91b0e |
| 23-Feb-2023 |
Matt Caswell |
Make the data field for get_record() const
Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
Make the data field for get_record() const
Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
layer. We should not expect that the TLS implementation should be able to
change the underlying buffer. Future record layers may not expect that.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
| #
7257188b |
| 23-Feb-2023 |
Matt Caswell |
Add support for rstream get/release record in the QUIC TLS layer
The QUIC TLS layer was taking an internal copy of rstream data while
reading. The QUIC rstream code has recently been ext
Add support for rstream get/release record in the QUIC TLS layer
The QUIC TLS layer was taking an internal copy of rstream data while
reading. The QUIC rstream code has recently been extended to enable a
get/release model which avoids the need for this internal copy, so we use
that instead.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
| #
f10e5885 |
| 06-Dec-2022 |
Matt Caswell |
Add a test for a server that doesn't provide transport params
Check that we fail if the server has failed to provide transport params.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Add a test for a server that doesn't provide transport params
Check that we fail if the server has failed to provide transport params.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
show more ...
|
