#
f83707dc |
| 13-Sep-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
open brace '{' following struct go on the same line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Revie
open brace '{' following struct go on the same line Found by running the checkpatch.pl Linux script to enforce coding style. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22097)
show more ...
|
#
21dfb975 |
| 04-Jul-2024 |
Stephen Farrell |
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages a
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages and application data messages. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24796)
show more ...
|
#
b6a5e801 |
| 01-Dec-2023 |
Rajeev Ranjan |
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC onl
Add support for integrity-only cipher suites for TLS v1.3 - add test vectors for tls1_3 integrity-only ciphers - recmethod_local.h: add new member for MAC - tls13_meth.c: add MAC only to tls 1.3 - tls13_enc.c: extend function to add MAC only - ssl_local.h: add ssl_cipher_get_evp_md_mac() - s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS - ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it - tls13secretstest.c: add dummy test function - Configure: add integrity-only-ciphers option - document the new ciphers Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22903)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
709637c8 |
| 16-Feb-2024 |
Frederik Wedel-Heinen |
Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://
Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23611)
show more ...
|
#
715a74a6 |
| 13-Feb-2024 |
Frederik Wedel-Heinen |
Removes record_queue struct which is no longer useful. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openss
Removes record_queue struct which is no longer useful. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23571)
show more ...
|
#
cfabddfb |
| 07-Feb-2024 |
Frederik Wedel-Heinen |
Remove unused function arguments from tls_int_new_record_layer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github
Remove unused function arguments from tls_int_new_record_layer Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23514)
show more ...
|
#
89dd87e1 |
| 01-Feb-2024 |
Hugo Landau |
libssl: Make some global mutable structures constant x Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://githu
libssl: Make some global mutable structures constant x Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23450)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
20a54aa2 |
| 22-Aug-2023 |
Frederik Wedel-Heinen |
Removed unused member read_iv of ossl_record_layer_st Fixes #21732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from http
Removed unused member read_iv of ossl_record_layer_st Fixes #21732 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21804)
show more ...
|
#
eb1eaa9a |
| 24-Aug-2023 |
Tomas Mraz |
Always use uint8_t for TLS record type Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Always use uint8_t for TLS record type Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
#
1cc8c53b |
| 23-Aug-2023 |
Tomas Mraz |
Avoid issues with endianness when type is used in SSL_trace() The TLS record type is a single byte value so we can use uint8_t for it. This allows passing its address directly to SSL
Avoid issues with endianness when type is used in SSL_trace() The TLS record type is a single byte value so we can use uint8_t for it. This allows passing its address directly to SSL_trace() instead of converting it to a single byte type first. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
#
eb4129e1 |
| 09-May-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (M
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
show more ...
|
#
7a4e109e |
| 27-Feb-2023 |
Matt Caswell |
Allow partially releasing a record for TLS This enables the cleansing of plaintext to occur in the record layer and avoids the need to cast away const above the record layer. Re
Allow partially releasing a record for TLS This enables the cleansing of plaintext to occur in the record layer and avoids the need to cast away const above the record layer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
#
2eb91b0e |
| 23-Feb-2023 |
Matt Caswell |
Make the data field for get_record() const Improves consistency with the QUIC rstream implementation - and improves the abstraction between the TLS implementation and the abstract record
Make the data field for get_record() const Improves consistency with the QUIC rstream implementation - and improves the abstraction between the TLS implementation and the abstract record layer. We should not expect that the TLS implementation should be able to change the underlying buffer. Future record layers may not expect that. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
#
25624c90 |
| 11-Nov-2022 |
Tomas Mraz |
Rationalize FIPS sources Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org>
Rationalize FIPS sources Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19658)
show more ...
|
#
e5103dfc |
| 10-Nov-2022 |
Matt Caswell |
Remove an unneeded OSSL_RECORD_METHOD function The reset() function was never called so it can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz
Remove an unneeded OSSL_RECORD_METHOD function The reset() function was never called so it can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
show more ...
|
#
22094d11 |
| 02-Nov-2022 |
Matt Caswell |
Rename SSL3_RECORD to TLS_RL_RECORD The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Review
Rename SSL3_RECORD to TLS_RL_RECORD The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
show more ...
|
#
e9189cc4 |
| 02-Nov-2022 |
Matt Caswell |
Rename SSL3_BUFFER to TLS_BUFFER The SSL3 prefix no longer seems appropriate. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Mer
Rename SSL3_BUFFER to TLS_BUFFER The SSL3 prefix no longer seems appropriate. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
show more ...
|
#
23c57f00 |
| 02-Nov-2022 |
Matt Caswell |
Move declarations out of record.h and record_local.h We move many of the declarations in record.h and record_local.h into locations inside ssl/record/methods instead. Also many declarati
Move declarations out of record.h and record_local.h We move many of the declarations in record.h and record_local.h into locations inside ssl/record/methods instead. Also many declarations were no longer required and could be removed completely. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
show more ...
|
#
b05fbac1 |
| 26-Oct-2022 |
Matt Caswell |
Fix dtls_get_max_record_overhead() We fix dtls_get_max_record_overhead() to give a better value for the max record overhead. We can't realistically handle the compression case so we
Fix dtls_get_max_record_overhead() We fix dtls_get_max_record_overhead() to give a better value for the max record overhead. We can't realistically handle the compression case so we just ignore that. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19516)
show more ...
|
#
fba0206d |
| 21-Oct-2022 |
Matt Caswell |
Remove some unused OSSL_RECORD_METHOD functions Remove two function pointers from the OSSL_RECORD_METHOD. Those functions were no-ops and were never called. Reviewed-by: Tomas M
Remove some unused OSSL_RECORD_METHOD functions Remove two function pointers from the OSSL_RECORD_METHOD. Those functions were no-ops and were never called. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19472)
show more ...
|
#
7eb39ecb |
| 21-Oct-2022 |
Matt Caswell |
Make SSL_alloc_buffers() and SSL_free_buffers() work again Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/
Make SSL_alloc_buffers() and SSL_free_buffers() work again Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19472)
show more ...
|
#
e158ada6 |
| 17-Oct-2022 |
Matt Caswell |
Remove the old buffer management code We no longer use the old buffer management code now that it has all been moved to the new record layer. Reviewed-by: Richard Levitte <levit
Remove the old buffer management code We no longer use the old buffer management code now that it has all been moved to the new record layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
43dfa5a9 |
| 17-Oct-2022 |
Matt Caswell |
Remove dtls_write_records The dtls_write_records function, after the previous series of commits, was functionally equivalent to tls_write_records_default - so it can be removed compl
Remove dtls_write_records The dtls_write_records function, after the previous series of commits, was functionally equivalent to tls_write_records_default - so it can be removed completely. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|