openssl

mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00

Author	SHA1	Message	Date
Hugo Landau	9562842b33	Simplify QUIC API masking Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:03:04 +10:00
Hugo Landau	18ca1c8fc0	Update SSL options handling Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:03:04 +10:00
Hugo Landau	6e5550a104	Minor updates Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:03:04 +10:00
Hugo Landau	3f7b67fb21	Remove unused server code Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:03:04 +10:00
Hugo Landau	d6e7ebba33	Minor fixes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:03:04 +10:00
Hugo Landau	5f69db396c	QUIC SSL: Block SSL_clear Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:27 +10:00
Hugo Landau	f66f0d3ce1	QUIC SSL: SSL_set_quiet_shutdown Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:27 +10:00
Hugo Landau	3ea30e76d7	QUIC SSL: Restrict SSL_CTX_set_ssl_version, SSL_set_ssl_method Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:27 +10:00
Hugo Landau	0eecf8418a	QUIC SSL: Version setting restrictions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	38c0ff1f40	QUIC SSL: Forbid pipeline-related operations Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	5e6015af4d	QUIC SSL: SSL_set_fd for BIO_s_datagram Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	a1c56bbe79	QUIC SSL: HelloRetryRequest Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	fe33e2c8c1	QUIC SSL: Buffer Management Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	82a2becab3	QUIC SSL: Prohibit early data functionailty Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	d0638fd5f0	QUIC SSL: Prohibit readahead-related functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	9280d26a3a	QUIC: Implement SSL_has_pending Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	9ea0e72992	QUIC: Implement SSL_rstate_string(_long) Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	7163617f33	QUIC: Prohibit post-handshake auth Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	f0d9757caf	QUIC: Control SSL option setting Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	68dbff4c04	QUIC: Forbid NPN Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	09d56d20a2	QUIC: Forbid non-QUIC ciphers Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	f082205bcf	QUIC TLS: Prohibit SRTP-related calls for QUIC TLS Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Hugo Landau	43788fb3ac	QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC handshake Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)	2023-07-05 09:02:26 +10:00
Pauli	97beb77f31	fix memory allocation and reference counting issues Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/21341)	2023-07-05 08:34:00 +10:00
Tomas Mraz	292c9df266	Cleanse data in send and receive ring buffers on release Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21311)	2023-07-03 09:15:13 +10:00
Tomas Mraz	6ba2edb714	Cleanse also the send stream data with SSL_OP_CLEANSE_PLAINTEXT QUIC differs from TLS in this regard because it buffers the data to be sent. TLS just encrypts the data to send in place. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21311)	2023-07-03 09:15:13 +10:00
Pauli	4eecc6aa5d	quic: update to structure based atomics Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21260)	2023-07-01 21:18:25 +10:00
Pauli	43a07d6dd4	tls: update to structure based atomics Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21260)	2023-07-01 21:18:25 +10:00
Matt Caswell	27195689a8	Before we do anything the ping deadline is infinite Needed for tserver so that it the deadline isn't immediate before we've accepted a connection. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)	2023-06-28 09:53:22 +10:00
Matt Caswell	fb4a2bba71	Ensure SSL_connect() actually blocks if we are in blocking mode Fix supplied by Hugo Landau. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)	2023-06-28 09:53:22 +10:00
Matt Caswell	b49d9de0e6	The CC wake up deadline is now if we have TX allowance If we have TX allowance then there is no need to wait if we have something to send - the wake up deadline is immediate. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)	2023-06-28 09:53:22 +10:00
Matt Caswell	37f27b91de	Add a test quicserver utility This QUIC server utility is intended for test purposes only and is expected to be replaced in a future version of OpenSSL by s_server. At that point it will be removed. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21204)	2023-06-28 09:53:22 +10:00
Matt Caswell	e609a4565f	Fix supported_groups handing in TLSv1.2 In TLSv1.2 we should not attempt to use a supported_group value that is intended for use with TLSv1.3 - even if both the server and the client support it, e.g. the ffdhe groups are supported by OpenSSL for TLSv1.3 but not for TLSv1.2. Fixes #21081 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21274)	2023-06-27 10:50:08 +01:00
Matt Caswell	7a949ae5f1	Don't ask for an invalid group in an HRR If the client sends us a group in a key_share that is in our supported_groups list but is otherwise not suitable (e.g. not compatible with TLSv1.3) we reject it. We should not ask for that same group again in a subsequent HRR. Fixes #21157 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/21163)	2023-06-23 14:14:59 +01:00
Tomas Mraz	a02571a024	Support SSL_OP_CLEANSE_PLAINTEXT on QUIC streams Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21182)	2023-06-23 14:31:45 +02:00
Dimitri Papadopoulos	6ea4da6e4d	Fix new typos found by codespell Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21210)	2023-06-18 16:53:09 +10:00
Hugo Landau	2525109f90	QUIC: Allow application to trigger TXKU Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:48 +10:00
Hugo Landau	692a3cab11	QUIC: Minor fixups Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:48 +10:00
Hugo Landau	29a541fe36	QUIC CHANNEL: Inform the ACKM when the handshake is confirmed Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:48 +10:00
Hugo Landau	37ba2bc722	QUIC CHANNEL: Optimise key update using ACKs Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	16f3b542f8	QUIC: Add internal APIs for white-box testing of key update Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	48120ea5e3	QUIC CHANNEL: Enforce the RX packet forgery limit Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	c93f766860	QUIC RXDP: Strictly enforce ACK PNs with regard to TX key epochs Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	54fb0072c6	QUIC CHANNEL: Ensure new packets aren't enforced with old keys Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	8a65e7a529	QUIC CHANNEL: Handle key updates correctly Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	b98c38d40a	QUIC TXP: Make TXP use time callback correctly Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	e3e9794aa4	QUIC APL: Correct implementation of time callback override Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	754d2282cd	QUIC RX: Support reporting the key epoch a packet was received with This is needed to support key update validation on the receive side. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	8f9c9213a1	QUIC TXP: Allow callbacks on ACK transmission Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00
Hugo Landau	007f9e99ea	QUIC TXP: Allow next PN to be used to be queried Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21029)	2023-06-16 09:26:28 +10:00

1 2 3 4 5 ...

4910 Commits