aboutsummaryrefslogtreecommitdiffstats
path: root/ssl
Commit message (Collapse)AuthorAgeFilesLines
* Before we do anything the ping deadline is infiniteMatt Caswell2023-06-281-0/+2
| | | | | | | | | | Needed for tserver so that it the deadline isn't immediate before we've accepted a connection. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)
* Ensure SSL_connect() actually blocks if we are in blocking modeMatt Caswell2023-06-281-0/+1
| | | | | | | | | Fix supplied by Hugo Landau. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)
* The CC wake up deadline is now if we have TX allowanceMatt Caswell2023-06-281-5/+10
| | | | | | | | | | If we have TX allowance then there is no need to wait if we have something to send - the wake up deadline is immediate. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)
* Add a test quicserver utilityMatt Caswell2023-06-281-2/+61
| | | | | | | | | | | This QUIC server utility is intended for test purposes only and is expected to be replaced in a future version of OpenSSL by s_server. At that point it will be removed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)
* Fix supported_groups handing in TLSv1.2Matt Caswell2023-06-271-0/+20
| | | | | | | | | | | | | | In TLSv1.2 we should not attempt to use a supported_group value that is intended for use with TLSv1.3 - even if both the server and the client support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but not for TLSv1.2. Fixes #21081 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21274)
* Don't ask for an invalid group in an HRRMatt Caswell2023-06-231-1/+5
| | | | | | | | | | | | | If the client sends us a group in a key_share that is in our supported_groups list but is otherwise not suitable (e.g. not compatible with TLSv1.3) we reject it. We should not ask for that same group again in a subsequent HRR. Fixes #21157 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21163)
* Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streamsTomas Mraz2023-06-236-7/+49
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21182)
* Fix new typos found by codespellDimitri Papadopoulos2023-06-181-1/+1
| | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21210)
* QUIC: Allow application to trigger TXKUHugo Landau2023-06-162-0/+61
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC: Minor fixupsHugo Landau2023-06-162-3/+12
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC CHANNEL: Inform the ACKM when the handshake is confirmedHugo Landau2023-06-161-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC CHANNEL: Optimise key update using ACKsHugo Landau2023-06-162-0/+23
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC: Add internal APIs for white-box testing of key updateHugo Landau2023-06-164-2/+57
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC CHANNEL: Enforce the RX packet forgery limitHugo Landau2023-06-161-0/+34
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC RXDP: Strictly enforce ACK PNs with regard to TX key epochsHugo Landau2023-06-163-7/+48
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC CHANNEL: Ensure new packets aren't enforced with old keysHugo Landau2023-06-161-0/+17
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC CHANNEL: Handle key updates correctlyHugo Landau2023-06-162-0/+300
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC TXP: Make TXP use time callback correctlyHugo Landau2023-06-161-1/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC APL: Correct implementation of time callback overrideHugo Landau2023-06-161-7/+27
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC RX: Support reporting the key epoch a packet was received withHugo Landau2023-06-161-8/+78
| | | | | | | | | This is needed to support key update validation on the receive side. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC TXP: Allow callbacks on ACK transmissionHugo Landau2023-06-161-0/+18
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC TXP: Allow next PN to be used to be queriedHugo Landau2023-06-161-0/+9
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC RX: Refactor key update callback to provide PNHugo Landau2023-06-161-3/+4
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC TXP: Remove TX key update handling from TXPHugo Landau2023-06-161-13/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC TXP: Refactor status output to use an extensible structureHugo Landau2023-06-162-12/+13
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC ACKM: Allow largest acked PN to be queriedHugo Landau2023-06-161-0/+5
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* QUIC WIRE: Utility function to determine if PN is in an ACK frameHugo Landau2023-06-161-0/+12
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)
* Fix typos found by codespellDimitri Papadopoulos2023-06-157-11/+11
| | | | | | | | Typos in doc/man* will be fixed in a different commit. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20910)
* Only take note of the ack deadline if we can actually issue an ackMatt Caswell2023-06-141-4/+14
| | | | | | | | | | | | | | When determining the next tick deadline we cannot actually issue an ack if the CC will not let us, or the enc_level is not yet provisioned. This avoids a bug where we can end up in a busy loop because the next event deadline is reported as "now" because we want to send an ack, but we can't actually send anything yet. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21181)
* Add SSL_get0_group_name() to get name of the group used for KEXAlex Bozarth2023-06-063-0/+27
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20866)
* [feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes ↵Jairus Christensen2023-06-024-0/+27
| | | | | | | | it available Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20248)
* QUIC: CID conformancePauli2023-06-011-7/+40
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21078)
* ssl/statem_srvr.c: clean up handling of EVP_PKEY_decrypt() outlenDr. David von Oheimb2023-05-301-8/+5
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/17354)
* SSL_handle_events(): Minor fixes to documentationHugo Landau2023-05-291-4/+5
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20879)
* QUIC APL: Allow DTLSv1 APIs to be used for compatibilityHugo Landau2023-05-291-0/+12
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20879)
* QUIC APL: Change SSL_get_event_timeout API designHugo Landau2023-05-292-8/+19
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20879)
* QUIC: Rename SSL_tick, SSL_get_tick_timeoutHugo Landau2023-05-293-15/+16
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20879)
* Create internal/ssl.hMatt Caswell2023-05-241-3/+1
| | | | | | | | | | We create the internal/ssl.h header file and move the typedef for ossl_msg_cb. This is needed by both the QUIC code (which generally doesn't include ssl_local.h) and the rest of libssl. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Rename msg_callback_s to msg_callback_ssl for greater clarityMatt Caswell2023-05-246-21/+22
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Use the %llu format specifier for uint64_tMatt Caswell2023-05-241-30/+47
| | | | | | | | | We change to use %llu when printing uint64_t types for consistency with what we've done elsewhere. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Create setter functions for the msg_callback and msg_callback_argMatt Caswell2023-05-246-52/+89
| | | | | | | | | | We create setter functions for the msg_callback and msg_callback_arg so that these values can be properly propagated to the QRX/QTX/TXP even after the channel has been created. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Fix an SSL_trace bugMatt Caswell2023-05-241-4/+9
| | | | | | | | | Ensure that SSL_trace can print certificate data even with a non-default libctx. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Add more trace details for the remaining frame typesMatt Caswell2023-05-241-35/+95
| | | | | | | | | | Prior to this commit we were just printing the fact that we had received or sent a frame of a particular type. We now provide more details about those frames. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Properly handling stream/crypto frames while tracingMatt Caswell2023-05-243-25/+36
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Enable tracing of datagrams we have sentMatt Caswell2023-05-241-1/+7
| | | | | | | | | Extend the tracing capability to also trace when we have a datagram to the peer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Enable tracing of packets that have been sentMatt Caswell2023-05-245-17/+42
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Extend tracing of frames to transmitted framesMatt Caswell2023-05-242-0/+27
| | | | | | | | | Previously we were only doing tracing of frames received from the peer. Now we do that for transmitted frames as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Support trace for QUIC FramesMatt Caswell2023-05-243-5/+464
| | | | | | | | Extend the existing QUIC tracing capability for frames. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Support trace for QUIC PacketsMatt Caswell2023-05-242-1/+108
| | | | | | | | | | We enable SSL_trace support for when we receive QUIC Packets. This is called after header protection is removed, but before the packet is decrypted. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Support trace for QUIC datagramsMatt Caswell2023-05-245-5/+58
| | | | | | | | | Extend SSL_trace so that it knows how to dump information about the receipt of a QUIC datagram. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
generated by cgit v1.2.3 (git 2.39.1) at 2024-09-16 03:15:19 +0000