| 18efb630 | 29-Jul-2020 |
John Baldwin |
Skip tests using KTLS RX for TLS 1.3.
KTLS RX is not yet supported for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Skip tests using KTLS RX for TLS 1.3.
KTLS RX is not yet supported for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| cd03b5dc | 29-Jul-2020 |
John Baldwin |
Skip tests using KTLS RX if KTLS RX is not supported.
This skips tests using KTLS RX when run on systems that only support
KTLS TX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.
Skip tests using KTLS RX if KTLS RX is not supported.
This skips tests using KTLS RX when run on systems that only support
KTLS TX.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| eb818d23 | 29-Jul-2020 |
John Baldwin |
Refactor the KTLS tests to minimize code duplication.
Use the low 4 bits of the test number directly as flags for which of
the connection sides should use KTLS or not for each test inste
Refactor the KTLS tests to minimize code duplication.
Use the low 4 bits of the test number directly as flags for which of
the connection sides should use KTLS or not for each test instead of
having 16 nearly identical functions to do the same thing.
This makes it easier to skip tests that aren't supported (e.g. KTLS RX
on TLS 1.3).
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| c7b46b54 | 27-Jul-2020 |
John Baldwin |
Move KTLS inline functions only used by libssl into ssl/ktls.c.
These functions are a bit large to inline and are not usable outside
of libssl.
Reviewed-by: Tomas Mraz <tmraz@fe
Move KTLS inline functions only used by libssl into ssl/ktls.c.
These functions are a bit large to inline and are not usable outside
of libssl.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| b22a3ccc | 05-Dec-2019 |
John Baldwin |
Support for KTLS TX on FreeBSD for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope
Support for KTLS TX on FreeBSD for TLS 1.3.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| 3c1641e8 | 05-Mar-2020 |
John Baldwin |
Don't check errno if ktls_read_record() returned 0.
errno is only valid if ktls_read_record() fails with a negative return
value.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.or
Don't check errno if ktls_read_record() returned 0.
errno is only valid if ktls_read_record() fails with a negative return
value.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| 0a90a90c | 31-Oct-2019 |
John Baldwin |
Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket op
Add support for KTLS receive for TLS 1.1-1.2 on FreeBSD.
Similar to KTLS receive for Linux, KTLS receive for FreeBSD is enabled
by passing a session key to the kernel via a new socket option. Once
KTLS receive is enabled on a socket, the socket returns records via
recvmsg(). A control message attached to each record supplies the
original TLS header, and the decrypted plaintext is returned in the
data buffer passed to recvmsg().
To support the case that the userland buffer may already contain
pending encrypted records (which is already handled by Linux's KTLS
receive), the socket option structure for FreeBSD has been extended to
include the initial sequence number.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| 3e582606 | 10-Jun-2020 |
John Baldwin |
Add helper functions for FreeBSD KTLS.
These are similar to the helpers added in 95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_cry
Add helper functions for FreeBSD KTLS.
These are similar to the helpers added in 95badfeb60. I've adjusted
the arguments passed to ktls_check_supported_cipher and
ktls_configure_crypto so that FreeBSD and Linux can both use the same
signature to avoid OS-specific #ifdef's in libssl. This also required
moving the check on valid TLS versions into
ktls_check_supported_cipher for Linux. This has largely removed
OS-specific code and OS-specific #ifdef's for KTLS outside of
<internal/ktls.h>.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| c34ca13a | 24-Jul-2020 |
John Baldwin |
Add a ktls_crypto_info_t typedef.
This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-b
Add a ktls_crypto_info_t typedef.
This type is defined to hold the OS-specific structure passed to
BIO_set_ktls.
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
show more ...
|
| 23e77b0b | 21-Aug-2020 |
Jon Spillett |
Update test data for DSA public key text
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/open
Update test data for DSA public key text
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
show more ...
|
| e2e46dfa | 19-Aug-2020 |
Jon Spillett |
Add the correct enum value for DSA public key serialization
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://gith
Add the correct enum value for DSA public key serialization
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12688)
show more ...
|
| 458cb85d | 21-Aug-2020 |
Shane Lontis |
Fix ECX serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698) |
| d9cdfda2 | 21-Aug-2020 |
Shane Lontis |
Fix RSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698) |
| 81fca0e7 | 21-Aug-2020 |
Shane Lontis |
Fix DSA serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698) |
| 3fab5663 | 21-Aug-2020 |
Shane Lontis |
Fix DH serializer import calls to use correct selection flags.
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12698) |
| 835b2900 | 28-Aug-2020 |
Dmitry Belyavskiy |
Fix PKCS#7 so that it still works with non fetchable cipher algorithms.
Fixes #12697
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@or
Fix PKCS#7 so that it still works with non fetchable cipher algorithms.
Fixes #12697
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12740)
show more ...
|
| bd1bbbfe | 28-Aug-2020 |
Dmitry Belyavskiy |
Fix PKCS#7 so that it still works with non fetchable digest algorithms.
Fixes #12684
Partially fixes #12697
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Sh
Fix PKCS#7 so that it still works with non fetchable digest algorithms.
Fixes #12684
Partially fixes #12697
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12740)
show more ...
|
| 8e32ea63 | 27-Aug-2020 |
Matt Caswell |
Check whether we have MD5-SHA1 and whether we need it
If we don't have MD5-SHA1 then we must be use (D)TLSv1.2 or above. We
check that this is consistent with the way we've been configur
Check whether we have MD5-SHA1 and whether we need it
If we don't have MD5-SHA1 then we must be use (D)TLSv1.2 or above. We
check that this is consistent with the way we've been configured. We also
ensure that we never attempt to negotiate <(D)TLSv1.2 if MD5-SHA1 is not
available.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
show more ...
|
| 7cd1420b | 27-Aug-2020 |
Matt Caswell |
Improve some error messages if a digest is not available
If a digest is not available we just get an "internal error" error
message - which isn't very helpful for diagnosing problems. In
Improve some error messages if a digest is not available
If a digest is not available we just get an "internal error" error
message - which isn't very helpful for diagnosing problems. Instead we
explicitly state that we couldn't find a suitable digest.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12733)
show more ...
|
| e3bf65da | 19-Aug-2020 |
Matt Caswell |
Include "legacy" in the name of the various MAC bridge functions
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637) |
| 52ae0f8f | 17-Aug-2020 |
Matt Caswell |
Add some documentation about the EVP_PKEY MAC interface
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637) |
| 2ef9a7ac | 17-Aug-2020 |
Matt Caswell |
Improve code reuse in the provider MAC bridge
We reuse concepts such as PROV_CIPHER, and make use of some common code
in provider_util.c
Reviewed-by: Paul Dale <paul.dale@oracle
Improve code reuse in the provider MAC bridge
We reuse concepts such as PROV_CIPHER, and make use of some common code
in provider_util.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
| 2106b047 | 14-Aug-2020 |
Matt Caswell |
Document the EVP_PKEY_new_CMAC_key_with_libctx() function
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637) |
| e5bc0ce2 | 12-Aug-2020 |
Matt Caswell |
Extend test_CMAC_keygen in evp_extra_test
The test only setup the generation of a key. It did not complete that
generation. We extend the test to complete the generation and to use the
Extend test_CMAC_keygen in evp_extra_test
The test only setup the generation of a key. It did not complete that
generation. We extend the test to complete the generation and to use the
generated key. We also compare the result with a key generated in a
different way.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
| 2cf765e5 | 12-Aug-2020 |
Matt Caswell |
Delete unused PKEY MAC files
Now that the all the legacy PKEY MAC bridge code has been moved to the
providers we no longer need the old bridge and it can be removed.
Reviewed-by
Delete unused PKEY MAC files
Now that the all the legacy PKEY MAC bridge code has been moved to the
providers we no longer need the old bridge and it can be removed.
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12637)
show more ...
|
