summaryrefslogtreecommitdiffstats
path: root/ssl/ssl_local.h (follow)
Commit message (Collapse)AuthorAgeFilesLines
* Add SSL_get0_group_name() to get name of the group used for KEXAlex Bozarth2023-06-061-0/+1
| | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20866)
* [feat] SSL RTT in both client and server statem. SSL_get_handshake_rtt makes ↵Jairus Christensen2023-06-021-0/+3
| | | | | | | | it available Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20248)
* Create internal/ssl.hMatt Caswell2023-05-241-3/+1
| | | | | | | | | | We create the internal/ssl.h header file and move the typedef for ossl_msg_cb. This is needed by both the QUIC code (which generally doesn't include ssl_local.h) and the rest of libssl. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Add initial QUIC support for the msg_callbackMatt Caswell2023-05-241-2/+4
| | | | | | | | At this stage we just support msg_callback on receipt of a datagram. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* QUIC Dispatch: Introduce the QUIC_XSO objectHugo Landau2023-05-121-1/+1
| | | | | | | | | | | | | | | | | | The QUIC_XSO (external stream object) is to a QUIC stream what a QUIC_CONNECTION is to a QUIC connection. Both are SSL objects. The QUIC_CONNECTION type is the internal representation of a QUIC connection SSL object (QCSO) and the QUIC_XSO type is the internal representation of a QUIC stream SSL object (QSSO) type. The name QUIC_XSO has been chosen to be distinct from the existing QUIC_STREAM type which is our existing internal stream type. QUIC_XSO is to a QUIC_STREAM what QUIC_CONNECTION is to a QUIC_CHANNEL; in other words, QUIC_CONNECTION and QUIC_XSO objects form part of the API personality layer, whereas QUIC_CHANNEL and QUIC_STREAM objects form part of the QUIC core and are distinct from the API personality layer. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* dtls: code cleanup and refactorizationFdaSilvaYY2023-04-241-1/+1
| | | | | | | | | | - factorize BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT calls. - simplify a return type - style nits Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20602)
* Make the data field for get_record() constMatt Caswell2023-04-121-1/+1
| | | | | | | | | | | Improves consistency with the QUIC rstream implementation - and improves the abstraction between the TLS implementation and the abstract record layer. We should not expect that the TLS implementation should be able to change the underlying buffer. Future record layers may not expect that. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20404)
* RFC7250 (RPK) supportTodd Short2023-03-281-1/+64
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* first cut at sigalg loadingMichael Baentsch2023-02-241-18/+49
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
* Don't declare SSL_CONNECTION twiceMatt Caswell2023-02-221-1/+1
| | | | | | | | It causes problems with some compilation options Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20030)
* Add the ability to mutate TLS handshake messages before they are writtenMatt Caswell2023-02-221-1/+1
| | | | | | | | | | | We add callbacks so that TLS handshake messages can be modified by the test framework before they are passed to the handshake hash, possibly encrypted and written to the network. This enables us to simulate badly behaving endpoints. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20030)
* Rationalize FIPS sourcesTomas Mraz2023-02-081-90/+0
| | | | | | | | | Avoid including QUIC related stuff in the FIPS sources. Also avoid including libssl headers in ssl3_cbc.c. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19658)
* Remove the user_ssl fieldMatt Caswell2023-01-241-4/+0
| | | | | | | | The user_ssl field in an SSL_CONNECTION is no longer used - so remove it. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Add the ability to add a custom extension on an SSL objectMatt Caswell2023-01-241-0/+8
| | | | | | | | | Previously we could only do this at the SSL_CTX level. We add the ability to also do this on an SSL - but only for internal code. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Add support for setting a custom TLS Record LayerMatt Caswell2023-01-241-0/+4
| | | | | | | | | | This is just an internal API for now. Something like this will be made public API at some point - but it is likely to be based on the provider interface rather that a direct setting of a METHOD like we do for now. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Move recordmethod.h to be an "internal" headerMatt Caswell2023-01-241-1/+1
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Create the SSL object for QUIC-TLSMatt Caswell2023-01-241-3/+5
| | | | | | | | | The "user" SSL object which represents the QUIC connection should have an "inner" SSL object to represent the TLS connection. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* Resolve a TODO in ssl3_dispatch_alertMatt Caswell2022-11-141-0/+9
| | | | | | | | | Properly handle the case where there is pending write data and we want to send an alert. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19550)
* Remove references to read_mac_secret and write_mac_secretMatt Caswell2022-11-141-4/+0
| | | | | | | | They are no longer used and can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Remove the read_iv/write_iv fields from SSL_CONNECTIONMatt Caswell2022-11-141-3/+0
| | | | | | | | | These fields are instead held in the new record layer code and are therefore no longer needed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Remove compress/expand fields from SSL_CONNECTIONMatt Caswell2022-11-141-3/+0
| | | | | | | | They are no longer needed. The new record layer handles this. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Remove remaining refs to enc_(write|read)_ctx/(read|write)_hashMatt Caswell2022-11-141-6/+2
| | | | | | | | | Those fields are no longer used. Their previous function is now in the new record layer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Remove some redundant codeMatt Caswell2022-10-201-3/+0
| | | | | | | Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
* Remove the old buffer management codeMatt Caswell2022-10-201-2/+0
| | | | | | | | | | We no longer use the old buffer management code now that it has all been moved to the new record layer. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
* Convert dtls_write_records to use standard record layer functionsMatt Caswell2022-10-201-5/+2
| | | | | | | | | | We have standard functions for most of the work that dtls_write_records does - so we convert it to use those functions instead. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19424)
* Add `for_comp` flag when retrieving certs for compressionTodd Short2022-10-181-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Add support for compressed certificates (RFC8879)Todd Short2022-10-181-1/+40
| | | | | | | | | | * Compressed Certificate extension (server/client) * Server certificates (send/receive) * Client certificate (send/receive) Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18186)
* Convert the TLSv1.3 crypto code to the new write record layerMatt Caswell2022-10-121-12/+0
| | | | | | | | | We also clean up some of the KTLS code while we are doing it now that all users of KTLS have been moved to the new write record layer. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19343)
* Partial revert and reimplement "Enable brainpool curves for TLS1.3"Matt Caswell2022-10-071-2/+0
| | | | | | | | | | | | | This partially reverts commit 0a10825a0 in order to reimplement it in a simpler way in the next commit. The reverted aspects are all related to the TLSv1.3 brainpool curves in the supported_groups extension. Rather than special casing the handling of these curves we simply add new entries to the groups table to represent them. They can then be handled without any additional special casing. This makes the code simpler to maintain. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19315)
* ssl_log_secret call in tls13_key_updatevisbjn2022-09-271-0/+2
| | | | | | | | | Newly computed traffic secrets are now logged upon key update Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19241)
* Move the record block_padding capability fully into the record layerMatt Caswell2022-09-231-5/+0
| | | | | | | | | Previously we were referencing the block_padding value through the SSL_CONNECTION. Now it is held within OSSL_RECORD_LAYER. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
* Move need_empty_fragments inside the record layerMatt Caswell2022-09-231-2/+1
| | | | | | | | | This flag can now be managed entirely by the new record layer code so we move it into ossl_record_layer_st. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
* Remove empty_fragment_doneMatt Caswell2022-09-231-1/+0
| | | | | | | | | | Now that we are no longer recursively addinng the prefix record this doesn't seem necessary any more. We always add it every time we do tls_write_records. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19198)
* ssl: modify libssl so that it uses OSSL_TIMEPauli2022-09-131-12/+11
| | | | | | | | | | This is instead of time_t and struct timeval. Some public APIs mandate a presence of these two types, but they are converted to OSSL_TIME internally. Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19082)
* QUIC Demuxer and Record Layer (RX Side)Hugo Landau2022-09-021-1/+9
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18949)
* Remove redefinition of SSL_AD_NO_ALERTMatt Caswell2022-08-181-0/+1
| | | | | | | | | The SSL_AD_NO_ALERT value was defined in two places. We centralise its definition. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Standardise type for epochMatt Caswell2022-08-181-1/+1
| | | | | | | | | | | The value for epoch was being represented internally via various types: uint16_t, unsigned short, unsigned int, unsigned long We standardise on uint16_t Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move some fields out of the SSL object and into the record layer objectMatt Caswell2022-08-181-10/+1
| | | | | | | | | Fields such as rrlmethod and rrl are entirely related to the record layer, and so should be in that object. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some unnecessary function pointers from OSSL_RECORD_METHODMatt Caswell2022-08-181-0/+2
| | | | | | | | | | We had some temporary function pointers in OSSL_RECORD_METHOD which were only necessary during the process of refactoring the read record layer. These are no longer required so can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Remove some final references to the SSL object in the record layerMatt Caswell2022-08-181-5/+6
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Make the record layer directly aware of EtMMatt Caswell2022-08-181-6/+6
| | | | | | | | | We no longer have to go through the SSL object to discover whether EtM has been negotiated. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Add support for moving data from one epoch to the nextMatt Caswell2022-08-181-1/+2
| | | | | | | | | | | | Sometimes data read by a record layer in one epoch is actually intended for the next epoch. For example in a TLS with read_ahead, the read_ahead data could contain a KeyUpdate message followed by application data encrypted with new keys. Therefore we implement a mechanism for passing this data across the epochs. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Implement KTLS in the new read record layer codeMatt Caswell2022-08-181-5/+4
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Move protocol version specific code into separate filesMatt Caswell2022-08-181-12/+0
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Transfer the functionality from ssl3_read_n to the new record layerMatt Caswell2022-08-181-0/+10
| | | | | | | | | | | This transfers the low level function ssl3_read_n to the new record layer. We temporarily make the read_n function a top level record layer function. Eventually, in later commits in this refactor, we will remove it as a top level function and it will just be called from read_record. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18132)
* Update session timeout code with OSSL_TIMETodd Short2022-08-181-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18985)
* SSL object refactoring using SSL_CONNECTION objectTomas Mraz2022-07-281-198/+287
| | | | | | | | | | | | | | Make the SSL object polymorphic based on whether this is a traditional SSL connection, QUIC connection, or later to be implemented a QUIC stream. It requires adding if after every SSL_CONNECTION_FROM_SSL() call which itself has to be added to almost every public SSL_ API call. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18612)
* Add deprecation macro for 3.1 and deprecate OPENSSL_LH_statsHugo Landau2022-06-221-2/+2
| | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17937)
* Update copyright yearMatt Caswell2022-05-031-1/+1
| | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes
* Add SSL_(CTX_)?get0_(verify|chain)_cert_store functionsHugo Landau2022-04-061-0/+1
| | | | | | | | | | | Currently we do not have any way to retrieve these values once set. Fixes #18035. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18038)
generated by cgit v1.2.3 (git 2.39.1) at 2024-12-02 10:55:08 +0100