Commit Graph

36 Commits

Author SHA1 Message Date
Hugo Landau
652fbb62a3 Revise build.info
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:17 +01:00
Hugo Landau
9f7acf071c QUIC Thread Assist Core
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Todd Short
b67cb09f8d Add support for compressed certificates (RFC8879)
* Compressed Certificate extension (server/client)
* Server certificates (send/receive)
* Client certificate (send/receive)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18186)
2022-10-18 09:30:22 -04:00
Pauli
02d0f87a8b time: move OSSL_TIME to libcrypto
Keep building it for libssl without exposing any symbols.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)
2022-09-13 21:13:22 +10:00
Matt Caswell
5b24990ba4 Move ktls.c into the record layer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
50023e9b7e Move protocol version specific code into separate files
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
4840c2a5e6 Move Record layer methods code into a sub-directory
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Matt Caswell
34a4068cc4 Add a skeleton TLS record method
It doesn't yet do anything. This is a placeholder which will be filled in
by susbsequent commits.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18132)
2022-08-18 16:38:12 +01:00
Pauli
e6be47e427 ssl: implement an event queue
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18345)
2022-07-06 10:33:11 +10:00
Pauli
d6bfdf6789 ssl: expose the get time function internally
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)
2022-06-22 13:05:40 +10:00
Pauli
4bb1fdf78c build.info changes for priority queue
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18274)
2022-06-22 13:05:40 +10:00
Tomas Mraz
99e1cc7bca Add empty implementations of quic method functions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
2022-06-03 12:07:17 +10:00
Hugo Landau
416d0a638c QUIC wire format support
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18382)
2022-05-27 08:00:52 +02:00
Tomas Mraz
eaa39eb678 Do not duplicate symbols between libcrypto and libssl in static builds
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15714)
2021-06-14 09:21:05 +10:00
Pauli
407820c0e3 tls: remove TODOs
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15539)
2021-06-02 16:30:15 +10:00
Richard Levitte
848af5e8fe Drop libimplementations.a
libimplementations.a was a nice idea, but had a few flaws:

1.  The idea to have common code in libimplementations.a and FIPS
    sensitive helper functions in libfips.a / libnonfips.a didn't
    catch on, and we saw full implementation ending up in them instead
    and not appearing in libimplementations.a at all.

2.  Because more or less ALL algorithm implementations were included
    in libimplementations.a (the idea being that the appropriate
    objects from it would be selected automatically by the linker when
    building the shared libraries), it's very hard to find only the
    implementation source that should go into the FIPS module, with
    the result that the FIPS checksum mechanism include source files
    that it shouldn't

To mitigate, we drop libimplementations.a, but retain the idea of
collecting implementations in static libraries.  With that, we not
have:

libfips.a

    Includes all implementations that should become part of the FIPS
    provider.

liblegacy.a

    Includes all implementations that should become part of the legacy
    provider.

libdefault.a

    Includes all implementations that should become part of the
    default and base providers.

With this, libnonfips.a becomes irrelevant and is dropped.
libcommon.a is retained to include common provider code that can be
used uniformly by all providers.

Fixes #15157

Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/15171)
2021-05-07 10:17:23 +02:00
Richard Levitte
f5a46ed7fe Modify the ERR init functions to use the internal ERR string loaders
This deprecates all the ERR_load_ functions, and moves their definition to
separate C source files that can easily be removed when those functions are
finally removed.

This also reduces include/openssl/kdferr.h to include cryptoerr_legacy.h,
moves the declaration of ERR_load_ERR_strings() from include/openssl/err.h
to include/openssl/cryptoerr_legacy.h, and finally removes the declaration
of ERR_load_DSO_strings(), which was entirely internal anyway.

Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13390)
2020-11-24 15:21:44 +01:00
Richard Levitte
d7e498ac55 Deprecate RSA harder
This deprecates all functions that deal with the types RSA and RSA_METHOD

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/13096)
2020-11-18 23:38:34 +01:00
Matt Caswell
301fcb2843 Concentrate deprecated libssl API usage in one file
We create a new file ssl/tls_depr.c to contain functions that need to call
deprecated APIs in libssl. This enables us to remove
OPENSSL_SUPPRESS_DEPRECATED from a number of other libssl files.

The deprecated API usage is either related to ENGINEs and is needed to
continue to support applications that use such ENGINEs. Or they are needed
to support some deprecated public libssl APIs.

One other file remains in libssl that still uses deprecated APIs: s3_cbc.c
This is needed to support the deprecated SSLv3.

Reviewed-by: Paul Dale <paul.dale@oracle.com>
Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/13135)
2020-10-16 14:47:21 +01:00
Pauli
5c97eeb726 TLS fixes for CBC mode and no-deprecated
Reviewed-by: Ben Kaduk <kaduk@mit.edu>
(Merged from https://github.com/openssl/openssl/pull/11961)
2020-09-09 17:59:08 +10:00
Matt Caswell
3fddbb264e Add an HMAC implementation that is TLS aware
The TLS HMAC implementation should take care to calculate the MAC in
constant time in the case of MAC-Then-Encrypt where we have a variable
amount of padding.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
(Merged from https://github.com/openssl/openssl/pull/12732)
2020-09-03 09:40:52 +01:00
John Baldwin
c7b46b549d Move KTLS inline functions only used by libssl into ssl/ktls.c.
These functions are a bit large to inline and are not usable outside
of libssl.

Reviewed-by: Tomas Mraz <tmraz@fedoraproject.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/12111)
2020-08-31 09:34:19 +01:00
Matt Caswell
e71fd827bc Add provider support for TLS CBC padding and MAC removal
The previous commits separated out the TLS CBC padding code in libssl.
Now we can use that code to directly support TLS CBC padding and MAC
removal in provided ciphers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:09 +01:00
Matt Caswell
ebacd57bee Split the padding/mac removal functions out into a separate file
We split these functions out into a separate file because we are
preparing to make this file shared between libssl and providers.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/12288)
2020-07-06 09:26:00 +01:00
Matt Caswell
d954227611 If we are multiblock capable make sure we use it
Recent changes to the assembler defines meant that they weren't being
set for libssl code. This resulted in the multiblock code never being
used.

Fixes #9571

Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9574)
2019-08-14 11:04:09 +01:00
Matt Caswell
0d345f0e10 Make the PACKET/WPACKET code available to both libcrypto and libssl
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/9111)
2019-07-12 06:26:46 +10:00
Matt Caswell
b443c84594 Move ssl/t1_ext.c to ssl/statem/extensions_cust.c
Brings all the extensions code together.

Reviewed-by: Rich Salz <rsalz@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/3139)
2017-04-07 13:41:04 +01:00
Matt Caswell
6dd083fd68 Move client parsing of ServerHello extensions into new framework
Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:25 +00:00
Matt Caswell
25670f3e87 Split extensions code into core extensions and server extensions code
Later we will have client extensions code too.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:18:06 +00:00
Matt Caswell
6b473acabd Refactor ClientHello extension parsing
This builds on the work started in 1ab3836b3 and extends is so that
each extension has its own identified parsing functions, as well as an
allowed context identifying which messages and protocols it is relevant for.
Subsequent commits will do a similar job for the ServerHello extensions.
This will enable us to have common functions for processing extension blocks
no matter which of the multiple messages they are received from. In TLSv1.3
a number of different messages have extension blocks, and some extensions
have moved from one message to another when compared to TLSv1.2.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:45 +00:00
Matt Caswell
ede6f76203 Move tls_collect_extensions() into a separate file
Subsequent commits will pull other extensions code into this file.

Perl changes reviewed by Richard Levitte. Non-perl changes reviewed by Rich
Salz

Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-12-08 17:17:26 +00:00
Matt Caswell
bebc0c7d85 Use the TLSv1.3 nonce construction
This updates the record layer to use the TLSv1.3 style nonce construciton.
It also updates TLSProxy and ossltest to be able to recognise the new
layout.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-29 23:31:10 +00:00
Matt Caswell
34574f193b Add support for TLS1.3 secret generation
Nothing is using this yet, it just adds the underlying functions necesary
for generating the TLS1.3 secrets.

Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-11-09 14:08:14 +00:00
Matt Caswell
b7273855ac First pass at writing a writeable packets API
Reviewed-by: Rich Salz <rsalz@openssl.org>
2016-09-13 09:41:21 +01:00
Matt Caswell
5c858c5915 Update build.info files for auto-init/de-init
Various Makefile.in files have changes for auto-init/de-init. Make the
equivalent changes in build.info.

Reviewed-by: Richard Levitte <levitte@openssl.org>
2016-02-09 15:11:38 +00:00
Richard Levitte
777a288270 unified build scheme: add build.info files
Now that we have the foundation for the "unified" build scheme in
place, we add build.info files.  They have been generated from the
Makefiles in the same directories.  Things that are platform specific
will appear in later commits.

Reviewed-by: Andy Polyakov <appro@openssl.org>
2016-02-01 12:46:58 +01:00