openssl - Mirror of https://github.com/openssl/openssl

Age	Commit message (Collapse)	Author
4 days	Clear old messages from queues in order to avoid leaks of record layer objects.feature/dtls-1.3	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Disable middlebox for dtls	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Check that both tls1.3 and dtls1.3 is disabled before removing code from ↵	Frederik Wedel-Heinen
	compilation path. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Fix test_ssl_new tests	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Run some failing tests with DTLS1.2	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Fix renegotiation check that was added in ↵	Frederik Wedel-Heinen
	https://github.com/openssl/openssl/pull/24161 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Fix version check to avoid unsupported protocol error in ↵	Frederik Wedel-Heinen
	ssl_choose_server_version() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Update DTLS version tests	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Remove obsolete TODO and guards for post handshake authentication in DTLS 1.3	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
4 days	Update dtls max version	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22275)
12 days	Fix sanity tests for ssl_version_cmp for dtls 1.3 branch	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24293)
12 days	Sanity tests of inputs to ssl_version_cmp	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24293)
13 days	Fix ssl_lib functions for dtls 1.3	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22378)
2024-04-26	tls_post_encryption_processing_default() and tls_validate_record_header()	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22376)
2024-04-23	Fix session print for dtls1.3	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22936)
2024-04-23	Update session id and ticket logic for dtls13	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22936)
2024-04-23	Removes an mtu assertion that fails	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22401)
2024-04-23	Support TLS1.3 sigalg logic in DTLS1.3	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22380)
2024-04-23	Handle alerts similarly in dtls1_read_bytes() as done in ssl3_read_bytes()	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22360)
2024-04-23	Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() ↵	Frederik Wedel-Heinen
	for tls1.3 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22360)
2024-04-23	Adds some more changes dtls specific functions to make them more in sync ↵	Frederik Wedel-Heinen
	with their tls counterparts. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22360)
2024-04-23	Make dtls1.3 changes to dtls1_read_bytes and do_dtls1_write which matches ↵	Frederik Wedel-Heinen
	ssl3_read_bytes and ssl3_write_bytes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22360)
2024-04-23	Don't allow renegotiation for DTLS 1.3	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22362)
2024-04-23	Adds dtls 1.3 support in TLS::Proxy	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23375)
2024-04-23	Support TLS 1.3 kexs and groups with DTLS 1.3	Frederik Wedel-Heinen
	SSL_CONNECTION_IS_VERSION13 macro is used where appropriate. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22364)
2024-04-23	Fix wrong dtls 1 and 1.2 version check	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22366)
2024-04-23	Do DTLS13 and TLS13 connection version check in one macro	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22366)
2024-04-23	Fix sending session ids in DTLS-1.3	Frederik Wedel-Heinen
	DTLS 1.3 session id must not be sent by client unless it has a cached id. And DTLS 1.3 servers must not echo a session id from a client. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22366)
2024-04-23	Update tls state machine logic to support dtls1.3 alongside tls1.3	Frederik Wedel-Heinen
	Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22366) Updated the logic in ssl_cipher_list_to_bytes to take account of the changes from PR#24161 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24226)
2024-04-23	Fix protocol list for cmd_Protocol()	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22273)
2024-04-23	Add dtls1.3 to ssl_protocol_to_string()	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22273)
2024-04-23	Adds DTLS1.3 to ssl protocol to text structs	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22273)
2024-04-23	Determine which label prefix to use based on if the connection is dtls	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22416)
2024-04-23	Use dtls1.3 cryptographic label prefix as dictated by RFC 9147 section 5.9	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22416)
2024-04-23	Support TLS1.3 extensions with DTLS1.3	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22261)
2024-04-23	Print session ticket for dtls 1.3 as well.	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22260)
2024-04-23	Adds DTLS 1.3 functionality to s_client and s_server documentation.	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22260)
2024-04-23	Integrate dtls1.3 in s_client and s_server	Frederik Wedel-Heinen
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22260)
2024-04-23	Remove compile guards for dtls1.3 method implementations	Frederik Wedel-Heinen
	Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22259)
2024-04-23	Adds initial dtls 1.3 structs and definitions	Frederik Wedel-Heinen
	Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22259)
2024-04-23	Invoke tear_down when exiting test_encode_tls_sct() prematurely	shridhar kalavagunta
	Fixes #24121 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24222)
2024-04-23	crypto/threads_pthread.c: Fix typos found by codespell	Logan Upchurch
	CLA: trivial Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24206)
2024-04-22	Be more explicit about RSAES-PKCS#1v1.5 error handling	Hubert Kario
	And add a note how to perform side-channel free error stack handling. Signed-off-by: Hubert Kario <hkario@redhat.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24159)
2024-04-22	Use empty renegotiate extension instead of SCSV for TLS > 1.0	Tim Perry
	Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24161)
2024-04-22	Fix missing NULL check in prov_config_test	Neil Horman
	coverity-1596500 caught a missing null check. We should never hit it as the test harness always sets the environment variable, but lets add the check for safety Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24208)
2024-04-22	fix sending error when no root CA cert update available	Rajeev Ranjan
	Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24169)
2024-04-19	Fix migration guide mappings for i2o/o2i_ECPublicKey	slontis
	Fixes #23854 Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24041)
2024-04-19	Make rcu_thread_key context-aware	Neil Horman
	Currently, rcu has a global bit of data, the CRYPTO_THREAD_LOCAL object to store per thread data. This works in some cases, but fails in FIPS, becuase it contains its own copy of the global key. So 1) Make the rcu_thr_key a per-context variable, and force ossl_rcu_lock_new to be context aware 2) Store a pointer to the context in the lock object 3) Use the context to get the global thread key on read/write lock 4) Use ossl_thread_start_init to properly register a cleanup on thread exit 5) Fix up missed calls to OSSL_thread_stop() in our tests Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24162)
2024-04-19	OSSL_STORE: Add reference docs for the built-in Windows store implementation	Richard Levitte
	Fixes openssl/project#422 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/24170)
2024-04-19	openssl fipsinstall: fix cosmetic wart	Enji Cooper
	This change makes the message on failure consistent with the message on success by trimming a single space in the error message. CLA: trivial Signed-off-by: Enji Cooper <yaneurabeya@gmail.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/24180)