#
21dfb975 |
| 04-Jul-2024 |
Stephen Farrell |
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages a
Extend TLSv1.3 record layer padding API calls Added SSL_set_block_padding_ex() and SSL_CTX_set_block_padding_ex() to allow separate padding block size values for handshake messages and application data messages. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24796)
show more ...
|
#
b6461792 |
| 20-Mar-2024 |
Richard Levitte |
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Lan
Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes (cherry picked from commit 0ce7d1f355c1240653e320a3f6f8109c1f05f8c0) Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24034)
show more ...
|
#
715a74a6 |
| 13-Feb-2024 |
Frederik Wedel-Heinen |
Removes record_queue struct which is no longer useful. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openss
Removes record_queue struct which is no longer useful. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23571)
show more ...
|
#
4a0e4849 |
| 18-Jan-2024 |
Matt Caswell |
Rationalise RECORD_LAYER_clear() and clear_record_layer() We had two functions which were very similarly named, that did almost the same thing, but not quite. We bring the two together.
Rationalise RECORD_LAYER_clear() and clear_record_layer() We had two functions which were very similarly named, that did almost the same thing, but not quite. We bring the two together. Doing this also fixes a possible bug where some data may not be correctly freed when the RECORD_LAYER_clear() version was used. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23256)
show more ...
|
#
4897bd20 |
| 05-Jan-2024 |
Frederik Wedel-Heinen |
Move increment of dtls epoch to change cipher state function Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/
Move increment of dtls epoch to change cipher state function Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23212)
show more ...
|
#
0a40b23c |
| 03-Jan-2024 |
Frederik Wedel-Heinen |
Remove wpend_ret that was only assigned and never used. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@
Remove wpend_ret that was only assigned and never used. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23191)
show more ...
|
#
da1c088f |
| 07-Sep-2023 |
Matt Caswell |
Copyright year updates Reviewed-by: Richard Levitte <levitte@openssl.org> Release: yes
|
#
eb1eaa9a |
| 24-Aug-2023 |
Tomas Mraz |
Always use uint8_t for TLS record type Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pul
Always use uint8_t for TLS record type Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
#
1cc8c53b |
| 23-Aug-2023 |
Tomas Mraz |
Avoid issues with endianness when type is used in SSL_trace() The TLS record type is a single byte value so we can use uint8_t for it. This allows passing its address directly to SSL
Avoid issues with endianness when type is used in SSL_trace() The TLS record type is a single byte value so we can use uint8_t for it. This allows passing its address directly to SSL_trace() instead of converting it to a single byte type first. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21823)
show more ...
|
#
7a4e109e |
| 27-Feb-2023 |
Matt Caswell |
Allow partially releasing a record for TLS This enables the cleansing of plaintext to occur in the record layer and avoids the need to cast away const above the record layer. Re
Allow partially releasing a record for TLS This enables the cleansing of plaintext to occur in the record layer and avoids the need to cast away const above the record layer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
#
2eb91b0e |
| 23-Feb-2023 |
Matt Caswell |
Make the data field for get_record() const Improves consistency with the QUIC rstream implementation - and improves the abstraction between the TLS implementation and the abstract record
Make the data field for get_record() const Improves consistency with the QUIC rstream implementation - and improves the abstraction between the TLS implementation and the abstract record layer. We should not expect that the TLS implementation should be able to change the underlying buffer. Future record layers may not expect that. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20404)
show more ...
|
#
d6cf4b59 |
| 26-Jan-2023 |
Matt Caswell |
Don't declare SSL_CONNECTION twice It causes problems with some compilation options Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
Don't declare SSL_CONNECTION twice It causes problems with some compilation options Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20030)
show more ...
|
#
3f9175c7 |
| 14-Nov-2022 |
Matt Caswell |
Extend the new_record_layer function Add the ability to pass the main secret and length, as well as the digest used for the KDF. Reviewed-by: Hugo Landau <hlandau@openssl.org>
Extend the new_record_layer function Add the ability to pass the main secret and length, as well as the digest used for the KDF. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
show more ...
|
#
bea8d704 |
| 10-Nov-2022 |
Matt Caswell |
Add support for setting a custom TLS Record Layer This is just an internal API for now. Something like this will be made public API at some point - but it is likely to be based on the pr
Add support for setting a custom TLS Record Layer This is just an internal API for now. Something like this will be made public API at some point - but it is likely to be based on the provider interface rather that a direct setting of a METHOD like we do for now. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
show more ...
|
#
ca20f61f |
| 10-Nov-2022 |
Matt Caswell |
Move recordmethod.h to be an "internal" header Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/open
Move recordmethod.h to be an "internal" header Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
show more ...
|
#
23c57f00 |
| 02-Nov-2022 |
Matt Caswell |
Move declarations out of record.h and record_local.h We move many of the declarations in record.h and record_local.h into locations inside ssl/record/methods instead. Also many declarati
Move declarations out of record.h and record_local.h We move many of the declarations in record.h and record_local.h into locations inside ssl/record/methods instead. Also many declarations were no longer required and could be removed completely. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
show more ...
|
#
7eb39ecb |
| 21-Oct-2022 |
Matt Caswell |
Make SSL_alloc_buffers() and SSL_free_buffers() work again Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/
Make SSL_alloc_buffers() and SSL_free_buffers() work again Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19472)
show more ...
|
#
b92fc4ae |
| 17-Oct-2022 |
Matt Caswell |
Remove some redundant code Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged f
Remove some redundant code Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
e158ada6 |
| 17-Oct-2022 |
Matt Caswell |
Remove the old buffer management code We no longer use the old buffer management code now that it has all been moved to the new record layer. Reviewed-by: Richard Levitte <levit
Remove the old buffer management code We no longer use the old buffer management code now that it has all been moved to the new record layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
22d6e854 |
| 06-Oct-2022 |
Matt Caswell |
Remove create_empty_fragment from do_dtls1_write() do_dtls1_write() was never called with a value for create_empty_fragment that was ever non-zero - so this is dead code and can be remov
Remove create_empty_fragment from do_dtls1_write() do_dtls1_write() was never called with a value for create_empty_fragment that was ever non-zero - so this is dead code and can be removed. The equivalent code in the TLS processing is used for TLS1.0/SSLv3 to protect against known IV weaknesses because those protocol versions do not have an explicit IV. However DTLS1.0 is based on TLSv1.1 and *does* have an explicit IV - so this is not useful there. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
show more ...
|
#
a8572674 |
| 15-Sep-2022 |
Matt Caswell |
Move the SSLv3 crypto code into the new record layer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openss
Move the SSLv3 crypto code into the new record layer Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19217)
show more ...
|
#
320145d5 |
| 31-Aug-2022 |
Matt Caswell |
Convert the write record layer to supply proper return values This also means we can convert SSLfatal calls to RLAYERfatal Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewe
Convert the write record layer to supply proper return values This also means we can convert SSLfatal calls to RLAYERfatal Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
show more ...
|
#
eb7d6c2a |
| 31-Aug-2022 |
Matt Caswell |
Move the record block_padding capability fully into the record layer Previously we were referencing the block_padding value through the SSL_CONNECTION. Now it is held within OSSL_RECORD_
Move the record block_padding capability fully into the record layer Previously we were referencing the block_padding value through the SSL_CONNECTION. Now it is held within OSSL_RECORD_LAYER. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
show more ...
|
#
5f95eb77 |
| 31-Aug-2022 |
Matt Caswell |
Move the record padding callback fully into the record layer We wrap the callback and pass it to the record layer via the dispatch array, in order to avoid accessing it directly via SSL_
Move the record padding callback fully into the record layer We wrap the callback and pass it to the record layer via the dispatch array, in order to avoid accessing it directly via SSL_CONNECTION. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
show more ...
|
#
1d367677 |
| 26-Aug-2022 |
Matt Caswell |
Move logic for figuring out the record version out of record layer This calculation is based on lots of information from state machine and elsewhere that the record layer cannot access.
Move logic for figuring out the record version out of record layer This calculation is based on lots of information from state machine and elsewhere that the record layer cannot access. In reality it is sufficient to simply tell the record layer what version to use. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
show more ...
|