aboutsummaryrefslogtreecommitdiffstats
path: root/ssl/ssl_err.c
Commit message (Collapse)AuthorAgeFilesLines
* QUIC: Add polling APIHugo Landau2024-02-101-0/+2
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23495)
* QUIC: Add new error codes for tuning APIHugo Landau2024-02-081-0/+10
| | | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23360)
* QUIC APL: Implement optimised FIN APIHugo Landau2024-01-231-1/+3
| | | | | | Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/23343)
* QUIC APL: Implement backpressure on stream creationHugo Landau2023-08-251-0/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21811)
* QUIC: Add ERR_raise() calls for EVP call failuresTomas Mraz2023-08-231-0/+2
| | | | | | | | This improves tracking where the failure was triggered. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21700)
* QUIC TLS: Rethink error handlingHugo Landau2023-08-081-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21547)
* QUIC CHANNEL: Improve error reportingHugo Landau2023-08-081-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21547)
* Raise SSL_R_QUIC_PROTOCOL_ERROR on any QUIC protocol errorTomas Mraz2023-07-181-0/+2
| | | | | | | | | | | QUIC error code, frame type and reason is in error data Fixes #21337 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21476)
* make updateHugo Landau2023-07-171-0/+4
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21135)
* QUIC MSST: make updateHugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_set_default_stream_mode, default XSO refactorHugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* RFC7250 (RPK) supportTodd Short2023-03-281-0/+6
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* Provide better errors for some QUIC failuresMatt Caswell2023-03-201-1/+3
| | | | | | | | | For example if would be helpful if we got more useful information if the caller forgot to set the peer address. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20514)
* Make error reason for disallowed legacy sigalg more specificTomas Mraz2022-12-131-0/+2
| | | | | | | | | | | The internal error reason is confusing and indicating an error in OpenSSL and not a configuration problem. Fixes #19867 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19875)
* Consolidate sequence counter incrementing codeMatt Caswell2022-10-201-0/+2
| | | | | | | | | | | The sequence counter was incremented in numerous different ways in numerous different locations. We introduce a single function to do this inside the record layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
* Add support for compressed certificates (RFC8879)Todd Short2022-10-181-0/+2
| | | | | | | | | | * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Make the record layer directly aware of EtMMatt Caswell2022-08-181-0/+2
| | | | | | | | | We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Implement KTLS in the new read record layer codeMatt Caswell2022-08-181-0/+2
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Convert ssl3_get_record to tls_read_recordMatt Caswell2022-08-181-0/+3
| | | | | | | | | We move the old ssl3_get_record function to conform with the new record layer design. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Transfer the functionality from ssl3_read_n to the new record layerMatt Caswell2022-08-181-0/+4
| | | | | | | | | | | This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Update alert to common protocolKan2022-01-081-11/+11
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17161)
* err: rename err_load_xxx_strings_int functionsPauli2021-05-261-1/+1
| | | | | | | | The new names are ossl_err_load_xxx_strings. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15446)
* make updateBenjamin Kaduk2021-05-121-0/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/14749)
* Remove all trace of FIPS_mode functionsRich Salz2021-05-061-2/+0
| | | | | | | | | | Removed error codes, and the mention of the functions. This removal is already documented in the CHANGES doc. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/15140)
* Use OCSP-specific error code for clarityDmitry Belyavskiy2021-05-011-0/+2
| | | | | | | | Fixes #12735 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/xxxxx)
* Remove OPENSSL_NO_EC guards from libsslMatt Caswell2021-02-051-0/+2
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Make supported_groups code independent of EC and DHMatt Caswell2021-02-051-0/+1
| | | | | | | | | | The supported groups code was checking the OPENSSL_NO_EC and OPENSSL_NO_DH guards in order to work, and the list of default groups was based on those guards. However we now need it to work even in a no-ec and no-dh build, because new groups might be added from providers. Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13916)
* Update copyright yearRichard Levitte2021-01-281-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13999)
* Clean away extraneous library specific FETCH_FAILED reason codesRichard Levitte2021-01-121-4/+0
| | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/13467)
* ERR: Rebuild all generated error headers and source filesRichard Levitte2020-11-241-1/+2
| | | | | | | This is the result of 'make errors ERROR_REBUILD=-rebuild' Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13390)
* Improve some error messages if a digest is not availableMatt Caswell2020-08-291-0/+2
| | | | | | | | | | If a digest is not available we just get an "internal error" error message - which isn't very helpful for diagnosing problems. Instead we explicitly state that we couldn't find a suitable digest. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/12733)
* Provider a better error message if we fail to copy parametersMatt Caswell2020-06-191-0/+2
| | | | | | | | If EVP_PKEY_copy_parameters() failed in libssl we did not provide a very helpful error message. We provide a better one. Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/11914)
* New Russian TLS 1.2 implementationDmitry Belyavskiy2020-05-191-2/+2
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/11442)
* Use a fetched version of SHA256 in tls_process_new_session_ticket()Matt Caswell2020-03-241-0/+2
| | | | | | | | | We use the SHA256 digest of the ticket as a "fake" session id. We should ensure that the SHA256 implementation is fetched from the appropriate provider. Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> (Merged from https://github.com/openssl/openssl/pull/11356)
* Detect EOF while reading in libsslMatt Caswell2020-02-041-1/+3
| | | | | | | | | | | | If we hit an EOF while reading in libssl then we will report an error back to the application (SSL_ERROR_SYSCALL) but errno will be 0. We add an error to the stack (which means we instead return SSL_ERROR_SSL) and therefore give a hint as to what went wrong. Contains a partial fix for #10880 Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/10907)
* util/mkerr.pl: make it not depend on the function codeRichard Levitte2019-09-121-1/+1
| | | | | | | | | | | | | | | | The output C code was made to use ERR_func_error_string() to see if a string table was already loaded or not. Since this function returns NULL always, this check became useless. Change it to use ERR_reason_error_string() instead, as there's no reason to believe we will get rid of reason strings, ever. To top it off, we rebuild all affected C sources. Fixes #9756 Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9756)
* Regenerate mkerr filesRich Salz2019-07-161-715/+1
| | | | | | Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/9058)
* ssl: Add SSL_sendfileBoris Pismenny2019-05-071-0/+1
| | | | | | | | | | | This commit adds the SSL_sendfile call, which allows KTLS sockets to transmit file using zero-copy semantics. Signed-off-by: Boris Pismenny <borisp@mellanox.com> Reviewed-by: Paul Dale <paul.dale@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/8727)
* Remove heartbeats completelyRichard Levitte2019-03-291-5/+0
| | | | | | | Fixes #4856 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/1928)
* Don't interleave handshake and other record types in TLSv1.3Matt Caswell2019-02-191-1/+3
| | | | | | | | | | In TLSv1.3 it is illegal to interleave handshake records with non handshake records. Fixes #8189 Reviewed-by: Ben Kaduk <kaduk@mit.edu> (Merged from https://github.com/openssl/openssl/pull/8191)
* Following the license change, modify the boilerplates in ssl/Richard Levitte2018-12-061-1/+1
| | | | | Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/7768)
* Fix some TLSv1.3 alert issuesMatt Caswell2018-07-311-0/+4
| | | | | | | | | | | | | | | Ensure that the certificate required alert actually gets sent (and doesn't get translated into handshake failure in TLSv1.3). Ensure that proper reason codes are given for the new TLSv1.3 alerts. Remove an out of date macro for TLS13_AD_END_OF_EARLY_DATA. This is a left over from an earlier TLSv1.3 draft that is no longer used. Fixes #6804 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6809)
* Validate legacy_versionMatt Caswell2018-07-201-0/+1
| | | | | | | | | | The spec says that a client MUST set legacy_version to TLSv1.2, and requires servers to verify that it isn't SSLv3. Fixes #6600 Reviewed-by: Rich Salz <rsalz@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6747)
* Return a fatal error if application data is encountered during shutdownMatt Caswell2018-06-271-0/+2
| | | | | | | | | | | | | | Currently if you encounter application data while waiting for a close_notify from the peer, and you have called SSL_shutdown() then you will get a -1 return (fatal error) and SSL_ERROR_SYSCALL from SSL_get_error(). This isn't accurate (it should be SSL_ERROR_SSL) and isn't persistent (you can call SSL_shutdown() again and it might then work). We change this into a proper fatal error that is persistent. Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/6340)
* Respect SSL_OP_NO_TICKET in TLSv1.3Matt Caswell2018-06-261-0/+4
| | | | | | | | | Implement support for stateful TLSv1.3 tickets, and use them if SSL_OP_NO_TICKET is set. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
* Restructure the ticket construction codeMatt Caswell2018-06-261-0/+2
| | | | | | | | | Separate out as a new function the code to write out data which is specific to a stateless ticket. Reviewed-by: Rich Salz <rsalz@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/6563)
* Fix last(?) batch of malloc-NULL placesRich Salz2018-04-261-0/+2
| | | | | | | Add a script to find them in the future Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> (Merged from https://github.com/openssl/openssl/pull/6103)
* Set error code on alloc failuresRich Salz2018-04-031-0/+19
| | | | | | | Almost all *alloc failures now set an error code. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/5842)
* Split configuration of TLSv1.3 ciphers from older ciphersMatt Caswell2018-03-141-0/+1
| | | | | | | | | | | | | | | | | | | With the current mechanism, old cipher strings that used to work in 1.1.0, may inadvertently disable all TLSv1.3 ciphersuites causing connections to fail. This is confusing for users. In reality TLSv1.3 are quite different to older ciphers. They are much simpler and there are only a small number of them so, arguably, they don't need the same level of control that the older ciphers have. This change splits the configuration of TLSv1.3 ciphers from older ones. By default the TLSv1.3 ciphers are on, so you cannot inadvertently disable them through your existing config. Fixes #5359 Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/5392)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-07 03:12:38 +0000