openssl
/
openssl
mirror of https://github.com/openssl/openssl
1
0
Fork 0
Code Issues Releases Wiki Activity
35,145 Commits 26 Branches 374 Tags 460 MiB
Commit Graph

35145 Commits

Author SHA1 Message Date
Frederik Wedel-Heinen bf5269e995 Continue processing cookieless client hellos for dtls1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22400)
 2024-05-16 18:31:06 +02:00
Frederik Wedel-Heinen 55ef7d4915 Fix description of version field of ssl connection struct 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22937)
 2024-05-16 18:28:34 +02:00
Frederik Wedel-Heinen a30510d35c Mention brainpoolP256r1tls13, brainpoolP384r1tls13, brainpoolP512r1tls13 in SSL_CONF_cmd.pod 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
 2024-05-14 15:50:59 +02:00
Frederik Wedel-Heinen ff8e63d087 Updates SSL_CONF_cmd.pod to be explicit when features are for both TLS and DTLS 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
 2024-05-14 15:49:31 +02:00
Frederik Wedel-Heinen 873ef80f6f Update documentation for DTLS1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22363)
 2024-05-14 15:49:31 +02:00
Frederik Wedel-Heinen 5b536e98c2 Correct traces for certificates in dtls13 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22935)
 2024-05-14 15:31:54 +02:00
Frederik Wedel-Heinen e1bd225a5d Clear old messages from queues in order to avoid leaks of record layer objects. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen 35306a2929 Disable middlebox for dtls 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen 5044c68c37 Check that both tls1.3 and dtls1.3 is disabled before removing code from compilation path. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen a1a5d43753 Fix test_ssl_new tests 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen e569730ba3 Run some failing tests with DTLS1.2 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen 19e072e543 Fix renegotiation check that was added in https://github.com/openssl/openssl/pull/24161 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 09:01:07 +01:00
Frederik Wedel-Heinen 78bbf9a864 Fix version check to avoid unsupported protocol error in ssl_choose_server_version() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen 28d3158e37 Update DTLS version tests 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen be225d0093 Remove obsolete TODO and guards for post handshake authentication in DTLS 1.3 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen 3a9148e0cd Update dtls max version 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22275)
 2024-05-10 08:54:30 +01:00
Frederik Wedel-Heinen e554c01533 Fix sanity tests for ssl_version_cmp for dtls 1.3 branch 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293)
 2024-05-01 15:24:45 +02:00
Frederik Wedel-Heinen 49c1e660d7 Sanity tests of inputs to ssl_version_cmp 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24293)
 2024-05-01 15:24:45 +02:00
Frederik Wedel-Heinen d6e88b0a71 Fix ssl_lib functions for dtls 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22378)
 2024-04-30 16:37:10 +02:00
Frederik Wedel-Heinen 789f7c6540 tls_post_encryption_processing_default() and tls_validate_record_header() 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22376)
 2024-04-26 17:17:10 +02:00
Frederik Wedel-Heinen 553fcfbff6 Fix session print for dtls1.3 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 988952dd3f Update session id and ticket logic for dtls13 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22936)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 00ff4b9a7e Removes an mtu assertion that fails 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22401)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen d9b01b9a66 Support TLS1.3 sigalg logic in DTLS1.3 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22380)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen cd8226fbbf Handle alerts similarly in dtls1_read_bytes() as done in ssl3_read_bytes() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen c88ec0c693 Make similar changes to dtls1_do_write() for dtls1.3 as in ssl3_do_write() for tls1.3 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 0aae70fc38 Adds some more changes dtls specific functions to make them more in sync with their tls counterparts. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 8f18467241 Make dtls1.3 changes to dtls1_read_bytes and do_dtls1_write which matches ssl3_read_bytes and ssl3_write_bytes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22360)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen a49ffb7c4c Don't allow renegotiation for DTLS 1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22362)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen c1440548fd Adds dtls 1.3 support in TLS::Proxy 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23375)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 2ccbedf081 Support TLS 1.3 kexs and groups with DTLS 1.3 
SSL_CONNECTION_IS_VERSION13 macro is used where appropriate.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22364)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen e0490029c1 Fix wrong dtls 1 and 1.2 version check 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 1bd689ab65 Do DTLS13 and TLS13 connection version check in one macro 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 2496f91d4e Fix sending session ids in DTLS-1.3 
DTLS 1.3 session id must not be sent by client unless
it has a cached id. And DTLS 1.3 servers must not echo
a session id from a client.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen e758f33cb0 Update tls state machine logic to support dtls1.3 alongside tls1.3 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22366)

Updated the logic in ssl_cipher_list_to_bytes to take account of the changes
from PR#24161

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24226)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen d58372517c Fix protocol list for cmd_Protocol() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 7b941560d7 Add dtls1.3 to ssl_protocol_to_string() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen f03867e41c Adds DTLS1.3 to ssl protocol to text structs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22273)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 65e93084a6 Determine which label prefix to use based on if the connection is dtls 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 0445518928 Use dtls1.3 cryptographic label prefix as dictated by RFC 9147 section 5.9 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22416)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 9fc5ec8e6b Support TLS1.3 extensions with DTLS1.3 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22261)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen a37a32b150 Print session ticket for dtls 1.3 as well. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 580612f38d Adds DTLS 1.3 functionality to s_client and s_server documentation. 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen b0aa6081e2 Integrate dtls1.3 in s_client and s_server 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22260)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen 03148562b4 Remove compile guards for dtls1.3 method implementations 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)
 2024-04-23 11:57:05 +01:00
Frederik Wedel-Heinen e38112066f Adds initial dtls 1.3 structs and definitions 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22259)
 2024-04-23 11:57:05 +01:00
shridhar kalavagunta 264ff64b94 Invoke tear_down when exiting test_encode_tls_sct() prematurely 
Fixes #24121

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24222)
 2024-04-23 11:33:42 +02:00
Logan Upchurch 5454ef7cb3 crypto/threads_pthread.c: Fix typos found by codespell 
CLA: trivial

Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24206)
 2024-04-23 11:26:29 +02:00
Hubert Kario 9816127463 Be more explicit about RSAES-PKCS#1v1.5 error handling 
And add a note how to perform side-channel free error stack handling.

Signed-off-by: Hubert Kario <hkario@redhat.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24159)
 2024-04-22 15:56:40 +02:00
Tim Perry 972ee925b1 Use empty renegotiate extension instead of SCSV for TLS > 1.0 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/24161)
 2024-04-22 13:23:28 +01:00