#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
89dd87e1 |
| 01-Feb-2024 |
Hugo Landau |
libssl: Make some global mutable structures constant x Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://githu
libssl: Make some global mutable structures constant x Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23450)
show more ...
|
#
6f22bcd6 |
| 09-Dec-2023 |
Neil Horman |
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to
Add appropriate NULL checks in EVP_CIPHER api The EVP_CIPHER api currently assumes that calls made into several APIs have already initalized the cipher in a given context via a call to EVP_CipherInit[_ex[2]]. If that hasnt been done, instead of an error, the result is typically a SIGSEGV. Correct that by adding missing NULL checks in the apropriate apis prior to using ctx->cipher Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22995)
show more ...
|
#
afcc12c4 |
| 29-Nov-2023 |
Matt Caswell |
Don't attempt to set provider params on an ENGINE based cipher If an ENGINE has been loaded after the SSL_CTX has been created then the cipher we have cached might be provider based, but
Don't attempt to set provider params on an ENGINE based cipher If an ENGINE has been loaded after the SSL_CTX has been created then the cipher we have cached might be provider based, but the cipher we actually end up using might not be. Don't try to set provider params on a cipher that is actually ENGINE based. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/22864)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
eb4129e1 |
| 09-May-2023 |
Dimitri Papadopoulos <3234522+DimitriPapadopoulos@users.noreply.github.com> |
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (M
Fix typos found by codespell Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
show more ...
|
#
25624c90 |
| 11-Nov-2022 |
Tomas Mraz |
Rationalize FIPS sources Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org>
Rationalize FIPS sources Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19658)
show more ...
|
#
22094d11 |
| 02-Nov-2022 |
Matt Caswell |
Rename SSL3_RECORD to TLS_RL_RECORD The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Review
Rename SSL3_RECORD to TLS_RL_RECORD The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
show more ...
|
#
e9189cc4 |
| 02-Nov-2022 |
Matt Caswell |
Rename SSL3_BUFFER to TLS_BUFFER The SSL3 prefix no longer seems appropriate. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Mer
Rename SSL3_BUFFER to TLS_BUFFER The SSL3 prefix no longer seems appropriate. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
show more ...
|
#
3961af37 |
| 21-Oct-2022 |
Matt Caswell |
Pipeline output/input buf arrays must live until the EVP_Cipher is called The pipeline input/output buf arrays must remain accessible to the EVP_CIPHER_CTX until EVP_Cipher is subsequent
Pipeline output/input buf arrays must live until the EVP_Cipher is called The pipeline input/output buf arrays must remain accessible to the EVP_CIPHER_CTX until EVP_Cipher is subsequently called. This fixes an asan error discovered by the newly added pipeline test. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19456)
show more ...
|
#
43dfa5a9 |
| 17-Oct-2022 |
Matt Caswell |
Remove dtls_write_records The dtls_write_records function, after the previous series of commits, was functionally equivalent to tls_write_records_default - so it can be removed compl
Remove dtls_write_records The dtls_write_records function, after the previous series of commits, was functionally equivalent to tls_write_records_default - so it can be removed completely. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
421386e3 |
| 17-Oct-2022 |
Matt Caswell |
Move sequence increment to post encryption processing This change make dtls_write_records virtuall the same as tls_write_records_default, which will enable us to merge them in a subs
Move sequence increment to post encryption processing This change make dtls_write_records virtuall the same as tls_write_records_default, which will enable us to merge them in a subsequent commit. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
bed07b18 |
| 17-Oct-2022 |
Matt Caswell |
Consolidate sequence counter incrementing code The sequence counter was incremented in numerous different ways in numerous different locations. We introduce a single function to do this
Consolidate sequence counter incrementing code The sequence counter was incremented in numerous different ways in numerous different locations. We introduce a single function to do this inside the record layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
b9e37f8f |
| 13-Oct-2022 |
Matt Caswell |
Convert dtls_write_records to use standard record layer functions We have standard functions for most of the work that dtls_write_records does - so we convert it to use those functions i
Convert dtls_write_records to use standard record layer functions We have standard functions for most of the work that dtls_write_records does - so we convert it to use those functions instead. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
248a9bf2 |
| 13-Oct-2022 |
Matt Caswell |
Start using WPACKET in the dtls write records code Previously this was writing to the buffers directly. We use the safer WPACKET instead Reviewed-by: Richard Levitte <levitte@op
Start using WPACKET in the dtls write records code Previously this was writing to the buffers directly. We use the safer WPACKET instead Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
602ee1f6 |
| 07-Oct-2022 |
Matt Caswell |
Use common tls_write_records() even for DTLS In practice this just means have a DTLS specific write_records that the common tls_write_records() just calls. We also replace the use of
Use common tls_write_records() even for DTLS In practice this just means have a DTLS specific write_records that the common tls_write_records() just calls. We also replace the use of ssl3_write_pending() with tls_retry_write_records(). Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
bf04cbfa |
| 06-Oct-2022 |
Matt Caswell |
Use record layer buffers for DTLS rather than the buffers in s->rlayer Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hug
Use record layer buffers for DTLS rather than the buffers in s->rlayer Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
ace38195 |
| 04-Oct-2022 |
Matt Caswell |
Introduce a step to prepare the BIO before writing This removes some KTLS specific code from tls_retry_write_records(). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-b
Introduce a step to prepare the BIO before writing This removes some KTLS specific code from tls_retry_write_records(). Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
2a354d54 |
| 04-Oct-2022 |
Matt Caswell |
Add a post encryption processing step For example in this we add the MAC if we are doing encrypt-then-mac. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz
Add a post encryption processing step For example in this we add the MAC if we are doing encrypt-then-mac. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
757ef3ba |
| 27-Sep-2022 |
Matt Caswell |
Add a prepare for encryption step This applies any mac that might be necessary, ensures that we have enough space in the WPACKET to perform the encryption and sets up the SSL3_RECORD
Add a prepare for encryption step This applies any mac that might be necessary, ensures that we have enough space in the WPACKET to perform the encryption and sets up the SSL3_RECORD ready for that encryption. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
2582de25 |
| 27-Sep-2022 |
Matt Caswell |
Move record padding out of tls_common.c Only tls13_meth.c needs to handle adding record padding. All other *_meth.c files can ignore it. Reviewed-by: Hugo Landau <hlandau@openss
Move record padding out of tls_common.c Only tls13_meth.c needs to handle adding record padding. All other *_meth.c files can ignore it. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
aca70ca8 |
| 26-Sep-2022 |
Matt Caswell |
Defer record header preparation to the protocol methods We introduce a new function to prepare the record header. KTLS has its own version since this is done by the kernel. Revi
Defer record header preparation to the protocol methods We introduce a new function to prepare the record header. KTLS has its own version since this is done by the kernel. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
7ca61d63 |
| 26-Sep-2022 |
Matt Caswell |
Abstract out the record type processing Remove TLSv1.3 specific processing of the record type out of tls_common.c and into tls13_meth.c Reviewed-by: Hugo Landau <hlandau@openssl
Abstract out the record type processing Remove TLSv1.3 specific processing of the record type out of tls_common.c and into tls13_meth.c Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
91fe8ff0 |
| 26-Sep-2022 |
Matt Caswell |
Defer write buffer and WPACKET allocation/initialisation to protocol code We move some protocol specific code for write buffer and WPACKET allocation and initialisation out of tls_common
Defer write buffer and WPACKET allocation/initialisation to protocol code We move some protocol specific code for write buffer and WPACKET allocation and initialisation out of tls_common.c and into the protocol specific files. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
show more ...
|
#
1e76110b |
| 15-Sep-2022 |
Matt Caswell |
Enable the ability to query the COMP_METHOD being used in the record layer We also convert to passing COMP_METHOD rather than SSL_COMP to the record layer. The former is a public type wh
Enable the ability to query the COMP_METHOD being used in the record layer We also convert to passing COMP_METHOD rather than SSL_COMP to the record layer. The former is a public type while the latter is internal only - and the only thing we need from SSL_COMP is the method. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19217)
show more ...
|