Dmitry Belyavskiy [Tue, 15 Aug 2023 12:46:26 +0000 (14:46 +0200)]
Design document of the run-time parameters activation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)
Dmitry Belyavskiy [Thu, 3 Aug 2023 11:20:33 +0000 (13:20 +0200)]
OSSL_PROVIDER_load_ex tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)
Dmitry Belyavskiy [Wed, 2 Aug 2023 15:54:01 +0000 (17:54 +0200)]
OSSL_PROVIDER_load_ex
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)
Veronika Hanulíková [Thu, 13 Jul 2023 15:07:00 +0000 (17:07 +0200)]
Add option for in-place cipher testing in evp_test
The command line option enables setting in-place
data processing for cipher testing in `evp_test`.
The `both` option argument runs both - in-place
and non-in-place testing.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21546)
Matthias St. Pierre [Mon, 28 Aug 2023 13:18:29 +0000 (15:18 +0200)]
man: update missingcrypto.txt file
Remove some entries which have been documented meanwhile.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21873)
Hugo Landau [Thu, 24 Aug 2023 12:02:09 +0000 (13:02 +0100)]
QUIC APL: Determine if an error is an I/O error dynamically
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21829)
Matthias St. Pierre [Mon, 28 Aug 2023 11:22:24 +0000 (13:22 +0200)]
Fix misspelled deprecation macro name in comment
Commit
77c30753cd replaced the convenience macros `DEPRECATEDIN_{major}_{minor}`
by `OSSL_DEPRECATEDIN_{major}_{minor}` but misspelled them in the comment.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21868)
Tomas Mraz [Mon, 28 Aug 2023 09:31:15 +0000 (11:31 +0200)]
Correct the fixed size handling for dgram_pair and dgram_mem
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21866)
Hugo Landau [Fri, 25 Aug 2023 14:48:57 +0000 (15:48 +0100)]
Minor fix during rebase
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Hugo Landau [Thu, 24 Aug 2023 13:34:04 +0000 (14:34 +0100)]
Tweak documentation for WAIT_PEER
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Hugo Landau [Thu, 24 Aug 2023 07:11:13 +0000 (08:11 +0100)]
make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Hugo Landau [Wed, 23 Aug 2023 17:36:38 +0000 (18:36 +0100)]
Tweak documentation for WAIT_PEER
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Hugo Landau [Wed, 23 Aug 2023 07:39:38 +0000 (08:39 +0100)]
QUIC MULTISTREAM TEST: Test WAIT_PEER
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Hugo Landau [Wed, 23 Aug 2023 07:25:28 +0000 (08:25 +0100)]
QUIC APL: Support waiting for peer-initiated shutdown
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Hugo Landau [Tue, 22 Aug 2023 15:59:57 +0000 (16:59 +0100)]
QUIC APL: Implement backpressure on stream creation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
Kai Pastor [Sat, 5 Aug 2023 06:34:35 +0000 (08:34 +0200)]
Set VC win64 perlasm scheme during Configure
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21661)
Frederik Wedel-Heinen [Tue, 22 Aug 2023 07:19:32 +0000 (09:19 +0200)]
Removed unused struct ssl3_comp_st
Fixes #21731
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21803)
Frederik Wedel-Heinen [Tue, 22 Aug 2023 07:30:39 +0000 (09:30 +0200)]
Removed unused member read_iv of ossl_record_layer_st
Fixes #21732
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21804)
Hugo Landau [Thu, 17 Aug 2023 08:44:37 +0000 (09:44 +0100)]
QUIC: Version negotiation testing
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
Hugo Landau [Thu, 24 Aug 2023 06:48:08 +0000 (07:48 +0100)]
QUIC RXDP: Handle PING correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
Hugo Landau [Thu, 17 Aug 2023 17:32:16 +0000 (18:32 +0100)]
QUIC MULTISTREAM TEST: Fix connect-or-fail
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
Hugo Landau [Thu, 17 Aug 2023 17:31:15 +0000 (18:31 +0100)]
QUIC QRX: Initialise all RXE fields properly for non-encrypted packets
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
Hugo Landau [Thu, 17 Aug 2023 09:00:02 +0000 (10:00 +0100)]
QUIC APL: Handle modes correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
Hugo Landau [Thu, 17 Aug 2023 07:55:52 +0000 (08:55 +0100)]
QUIC: Minimally handle version negotiation packets
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
Tomas Mraz [Tue, 29 Aug 2023 10:38:55 +0000 (12:38 +0200)]
Update Cloudflare Quiche to fix a build issue
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21885)
Tomas Mraz [Fri, 25 Aug 2023 12:24:07 +0000 (14:24 +0200)]
Raise the timeout in quic_client_test.c
Recently the Coveralls CI run started failing
because it times out in this test.
Outside of Coveralls it runs fine so assuming that
this is caused by slow execution under Coveralls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21844)
Min Zhou [Fri, 25 Aug 2023 10:02:47 +0000 (18:02 +0800)]
Resolve assembler complains when including loongarch_arch.h
The assembler will complain when we include loongarch_arch.h in
an assembly file as following:
crypto/loongarch_arch.h: Assembler messages:
crypto/loongarch_arch.h:12: Fatal error: no match insn: extern unsigned int OPENSSL_loongarch_hwcap_P
So, the sentence of `extern unsigned int OPENSSL_loongarch_hwcap_P`
should be guarded with "#ifndef __ASSEMBLER__".
Fixes #21838.
Signed-off-by: Min Zhou <zhoumin@loongson.cn>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21839)
Matt Caswell [Fri, 25 Aug 2023 11:04:04 +0000 (12:04 +0100)]
Fix a bad merge in quic-multi-stream.c demo
The function SSL_set_initial_peer_addr() got renamed to
SSL_set1_initial_peer_addr(). The demo missed out on the rename when it
got rebased on top of it.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21842)
Hugo Landau [Thu, 24 Aug 2023 10:28:17 +0000 (11:28 +0100)]
QUIC APL: Fix stream backpressure conditions to use non-I/O errors
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
Hugo Landau [Tue, 22 Aug 2023 15:59:57 +0000 (16:59 +0100)]
QUIC MULTISTREAM TEST: Test backpressure on stream creation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
Hugo Landau [Tue, 22 Aug 2023 15:59:57 +0000 (16:59 +0100)]
QUIC APL: Implement backpressure on stream creation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
olszomal [Mon, 21 Aug 2023 07:29:28 +0000 (09:29 +0200)]
Changed the default value of the "ess_cert_id_alg" option
This is used to calculate the TSA's public key certificate identifier.
The default algorithm is changed from sha1 to sha256.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21794)
Tomas Mraz [Fri, 25 Aug 2023 11:39:09 +0000 (13:39 +0200)]
Revert "drop! Make failing tests run on pull request to test"
This reverts commit
86051eb2bb86e3a89e69abfb6419409aa701bcf7.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21843)
Tomas Mraz [Fri, 25 Aug 2023 11:39:07 +0000 (13:39 +0200)]
Revert "drop! Make OS Zoo on pull request to test"
This reverts commit
467e5c1fb7efee2541b8ce7e5bce39f1b4614079.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21843)
Tomas Mraz [Wed, 23 Aug 2023 21:02:46 +0000 (23:02 +0200)]
80-test_cmp_http.t: Skip IPv6 address test if IPv6 is unavailable
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
Tomas Mraz [Wed, 23 Aug 2023 20:25:23 +0000 (22:25 +0200)]
drop! Make OS Zoo on pull request to test
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
Tomas Mraz [Wed, 23 Aug 2023 20:24:45 +0000 (22:24 +0200)]
The canonical localhost IPv6 address is [::1] not [::]
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
Tomas Mraz [Thu, 24 Aug 2023 08:34:53 +0000 (10:34 +0200)]
Always use uint8_t for TLS record type
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 17:59:27 +0000 (19:59 +0200)]
drop! Make failing tests run on pull request to test
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 17:57:00 +0000 (19:57 +0200)]
ch_init(): Add braces to appease older clang compilers
They produce a warning `suggest braces around initialization of subobject`
otherwise.
Add -Wno-missing-braces to silence old clang compilers
And drop unnecessary braces in zeroing initializers.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 17:52:39 +0000 (19:52 +0200)]
quic_tls.c: Fix wrong format string when raising error
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 16:12:32 +0000 (18:12 +0200)]
Avoid issues with endianness when type is used in SSL_trace()
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Matt Caswell [Tue, 22 Aug 2023 11:11:29 +0000 (12:11 +0100)]
Add a link to the multi-stream QUIC client tutorial from the introduction
We've added a new page to the guide so we should add a link to it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Mon, 21 Aug 2023 14:11:17 +0000 (15:11 +0100)]
Update demos/tutorial to distinguish between stream and connection errors
We can use SSL_get_stream_read_state() to distinguish these cases.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Mon, 21 Aug 2023 12:57:39 +0000 (13:57 +0100)]
Clarify SSL_accept_stream/SSL_new_stream behaviour with a default stream
Explain what happens if you call those functions and there is no default
stream present yet.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Thu, 17 Aug 2023 09:49:17 +0000 (10:49 +0100)]
Add some additional comments to the demos
Add some additional explanation for some code lines in the demos that did
not have a comment.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Tue, 15 Aug 2023 13:40:39 +0000 (14:40 +0100)]
Provide introduction/tutorial page for QUIC multi-stream
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Mon, 14 Aug 2023 15:32:44 +0000 (16:32 +0100)]
Update quicserver to be able to handle multiple streams
We extend quicserver so that it can handle multiple requests with an
HTTP request on each one. If a uni-directional stream comes in we create
a uni-directional stream for the response
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Mon, 14 Aug 2023 14:40:52 +0000 (15:40 +0100)]
Add a QUIC multi-stream client demo
Demonstrate how to use the QUIC multi-stream APIs with a simple blocking
client.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Fri, 11 Aug 2023 15:15:43 +0000 (16:15 +0100)]
Add an initial guide page for writing a multi-stream QUIC client
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Fri, 11 Aug 2023 15:24:47 +0000 (16:24 +0100)]
Update some links within the guide to not use crypto(7)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Wed, 9 Aug 2023 16:43:13 +0000 (17:43 +0100)]
Update the desciption of shutdown in the QUIC client blocking tutorial
Give a better description of the shutdown process in QUIC.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Mon, 21 Aug 2023 15:10:53 +0000 (16:10 +0100)]
Test that we send multiple datagrams in one go if appropriate
If we have enough data for more than one datagram then we should send more
than one datagram
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
Matt Caswell [Fri, 18 Aug 2023 10:55:50 +0000 (11:55 +0100)]
Don't keep creating CONNECTION_CLOSE frames
If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
Matt Caswell [Thu, 17 Aug 2023 14:35:15 +0000 (15:35 +0100)]
Keep sending datagrams while we have data to send
If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
Ingo Franzki [Wed, 23 Aug 2023 13:08:51 +0000 (15:08 +0200)]
Allow RSA-PSS also in EVP_PKEY_assign() and EVP_PKEY_can_sign()
Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign()
and detect_foreign_key() which is called by EVP_PKEY_assign().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21819)
Ingo Franzki [Wed, 23 Aug 2023 07:45:45 +0000 (09:45 +0200)]
ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS
The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Ingo Franzki [Wed, 23 Aug 2023 07:20:52 +0000 (09:20 +0200)]
ctrl_params_translate: Allow RSA controls also for RSA-PSS
Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Jakub Jelen [Wed, 23 Aug 2023 11:24:57 +0000 (13:24 +0200)]
doc: Avoid usage of non-existing constant
CLA: trivial
Fixes: #21809
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21817)
Xu Yizhou [Wed, 23 Aug 2023 09:30:09 +0000 (17:30 +0800)]
Optimize SM2 on aarch64
Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20754)
Hugo Landau [Wed, 23 Aug 2023 07:19:01 +0000 (08:19 +0100)]
QUIC: Rename SSL_set_initial_peer_addr to SSL_set1_initial_peer_addr
Fixes #21701
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21814)
Matt Caswell [Thu, 17 Aug 2023 13:32:53 +0000 (14:32 +0100)]
Add a -trace option to quicserver to enable tracing of the communication
Trace output of the communication with the client is dumped to stderr if
the -trace options is supplied
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
Matt Caswell [Thu, 17 Aug 2023 13:32:00 +0000 (14:32 +0100)]
Add the ability to set SSL_trace as the msg_callback in tserver
This is useful for debugging purposes. The standard SSL_trace msgcallback
can be used with tserver.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
olszomal [Tue, 22 Aug 2023 08:20:07 +0000 (10:20 +0200)]
Fixed default value of the "ess_cert_id_alg" option in man openssl-ts(1)
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21805)
Matt Caswell [Tue, 22 Aug 2023 14:56:18 +0000 (15:56 +0100)]
Change the TLS handshake keys early if we're not doing early data
We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early data. However for QUIC we
want to do this as early as possible (after ServerHello). Since we will
never do TLS early data with QUIC we just do it as early as possible if
early data is not being used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21810)
Matthias St. Pierre [Tue, 22 Aug 2023 10:56:30 +0000 (12:56 +0200)]
doc: add the migration guide to the new guide series
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21807)
Tomas Mraz [Mon, 21 Aug 2023 20:33:52 +0000 (22:33 +0200)]
Update CHANGES.md and NEWS.md for the upcoming 3.2 release
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21802)
Tomas Mraz [Fri, 18 Aug 2023 16:32:21 +0000 (18:32 +0200)]
quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Fri, 18 Aug 2023 15:08:18 +0000 (17:08 +0200)]
ossl_quic_tx_packetiser_generate(): Always report if packets were sent
Even in case of later failure we need to flush
the previous packets.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 15:32:49 +0000 (17:32 +0200)]
QUIC: Miscellaneous error handling updates
Raise errors when appropriate.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 14:28:41 +0000 (16:28 +0200)]
QUIC: Add ERR_raise() calls for EVP call failures
This improves tracking where the failure was triggered.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 13:10:10 +0000 (15:10 +0200)]
Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()
This was already resolved by https://github.com/openssl/openssl/pull/21547
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Matt Caswell [Mon, 21 Aug 2023 11:19:44 +0000 (12:19 +0100)]
Fix a leak in ossl_encode_ctx_setup_for_pkey
Make sure we free the stack of names we allocated in an error path.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21796)
Tomas Mraz [Thu, 17 Aug 2023 14:23:36 +0000 (16:23 +0200)]
qtest: Use fake time on both client and server
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Tue, 15 Aug 2023 18:53:32 +0000 (20:53 +0200)]
qtest: Run both client and server during connect
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Tue, 15 Aug 2023 18:15:53 +0000 (20:15 +0200)]
QUIC: Update ping deadline when we receive a packet
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 17:06:13 +0000 (19:06 +0200)]
quic_trace.c: Fix typo in traces
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 17:04:40 +0000 (19:04 +0200)]
Update the ssltraceref.txt
Also adds saving the new trace to ssltraceref-new.txt in
test-runs which can be handy when the trace changes and
needs to be updated.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 16:07:49 +0000 (18:07 +0200)]
QUIC: Do not discard the INITIAL el too early
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.
On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Frederik Wedel-Heinen [Fri, 7 Jul 2023 11:17:11 +0000 (13:17 +0200)]
Updates documentation of RC4_CHAR and RC4_INT: Should not be used for new configuration targets
Fixes: #21358
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21391)
Matt Caswell [Fri, 18 Aug 2023 15:30:46 +0000 (16:30 +0100)]
Test that a thread blocking in SSL_read_ex() will wake up on FIN
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)
Matt Caswell [Fri, 18 Aug 2023 14:57:41 +0000 (15:57 +0100)]
Handle the case where the read buffer is empty but we have received FIN
In some cases where a FIN has been received but with no data quic_read_actual
was failing to raise SSL_ERROR_ZERO_RETURN. This meant that we could end up
blocking in SSL_read(_ex) for too long.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)
shub-al [Thu, 17 Aug 2023 13:21:26 +0000 (16:21 +0300)]
ssl_get_min_max_version(): Remove unused variable single
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21768)
Tomas Mraz [Wed, 16 Aug 2023 14:29:01 +0000 (16:29 +0200)]
ossl_x509_store_ctx_get_by_subject(): Check return value of X509_STORE_lock()
Fixes Coverity
1539148
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Tomas Mraz [Wed, 16 Aug 2023 14:18:59 +0000 (16:18 +0200)]
cmp_genm.c: Remove superfluous store_ctx != 0 check
This really cannot be ever called with NULL store_ctx
and the check confuses Coverity.
Fixes Coverity
1538865
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Tomas Mraz [Wed, 16 Aug 2023 14:07:10 +0000 (16:07 +0200)]
ssl_old_test.c: Check inconsistent values from SSL_get0_alpn_selected()
Fixes Coverity
1534838
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Tomas Mraz [Wed, 16 Aug 2023 13:58:33 +0000 (15:58 +0200)]
apps/spkac.c: Check result of ASN1_STRING_set()
Fixes Coverity
1027256
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)
Tomas Mraz [Wed, 16 Aug 2023 14:48:28 +0000 (16:48 +0200)]
quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE
Fixes openssl/project#134
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21756)
Rob Stradling [Tue, 15 Aug 2023 20:07:25 +0000 (21:07 +0100)]
Add two missing entries to the OCSP CRLReason table
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21743)
Matt Caswell [Wed, 16 Aug 2023 11:15:07 +0000 (12:15 +0100)]
Fix a memory leak in tls_new_record_layer
If setting the crypto state has failed then memory might have been
partially allocated to fields within the partially constructed record
layer. We need to call tls_int_free() to properly free it.
Found by the reproducible error patch in openssl#21668
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21753)
vl-loz [Wed, 9 Aug 2023 22:56:27 +0000 (15:56 -0700)]
Add X509_STORE_CTX_set_get_crl and X509_STORE_CTX_set_current_reasons
This change is for feature request #21679.
Adds a couple of setters to aid with custom CRL validation.
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21737)
Hugo Landau [Tue, 1 Aug 2023 15:51:16 +0000 (16:51 +0100)]
QUIC: Update SSL_shutdown manpage
Fixes https://github.com/openssl/project/issues/138
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21618)
Hugo Landau [Tue, 1 Aug 2023 14:04:42 +0000 (15:04 +0100)]
QUIC: Update SSL_accept_stream manpage
Fixes https://github.com/openssl/project/issues/135
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21618)
Matt Caswell [Tue, 15 Aug 2023 14:33:34 +0000 (15:33 +0100)]
Don't free the prev BIO prematurely
We shouldn't free the prev BIO in ssl_set_new_record_layer until it is
no longer referenced by s->rlayer.rrlnext.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)
Matt Caswell [Tue, 15 Aug 2023 14:05:38 +0000 (15:05 +0100)]
Fix a leak in an error path when duplicating an OSSL_DECODER_CTX.
Make sure we free process_data_dest if it is not actually used.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21741)
Neil Horman [Fri, 11 Aug 2023 19:50:59 +0000 (15:50 -0400)]
issue-21718: remove setting of PTHREAD_MUTEX_NORMAL
issue: https://github.com/openssl/openssl/issues/21718
build break reported:
crypto/threads_pthread.c:76:5: warning: implicit declaration of function 'pthread_mutexattr_settype'; did you mean 'pthread_mutexattr_destroy'? [-Wimplicit-function-declaration]
76 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| pthread_mutexattr_destroy
crypto/threads_pthread.c:76:38: error: 'PTHREAD_MUTEX_NORMAL' undeclared (first use in this function); did you mean 'PTHREAD_MUTEX_TIMED_NP'?
76 | pthread_mutexattr_settype(&attr, PTHREAD_MUTEX_NORMAL);
| ^~~~~~~~~~~~~~~~~~~~
| PTHREAD_MUTEX_TIMED_NP
This occurs because PTHREAD_MUTEX_NORMAL is only defined in glibc if
__USE_UNIX98 or __USE_XOPEN2K8 is defined, which is derived from setting
__USE_POSIX_C_SOURCE or __XOPEN_SOURCE is selected in the glibc feature
set for a build. Since openssl selects no specific feature set from
glibc, the build break occurs
We could select a feature set of course, but that seems like a
significant discussion to have prior to doing so. Instead, the simpler
solution is to just not set the mutex type at all, given that
pthread_mutexattr_init sets the default mutex type, which should be akin
to normal anyway (i.e. no mutex error checking or allowed-recursive
behavior)
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21726)
slontis [Fri, 16 Jun 2023 06:40:06 +0000 (16:40 +1000)]
Fix decoders so that they use the passed in propq.
Fixes #21198
decoder objects were setting propq as NULL.
Added a set_ctx/settable_ctx to all decoders that should supply
a property query parameter to internal functions.
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21219)
Neil Horman [Mon, 14 Aug 2023 16:17:11 +0000 (12:17 -0400)]
Improve documentation for BIO_s_mem
Recent leak discovered by valgrind:
==
1007580== at 0x483C815: malloc (vg_replace_malloc.c:431)
==
1007580== by 0x2C2689: CRYPTO_zalloc (in /home/vien/microedge-c/test)
==
1007580== by 0x295A17: BUF_MEM_new (in /home/vien/microedge-c/test)
==
1007580== by 0x295A78: BUF_MEM_new_ex (in /home/vien/microedge-c/test)
==
1007580== by 0x28CACE: mem_new (in /home/vien/microedge-c/test)
==
1007580== by 0x285EA8: BIO_new_ex (in /home/vien/microedge-c/test)
==
1007580== by 0x231894: convert_pubkey_ECC (tpm2_driver.c:221)
==
1007580== by 0x232B73: create_ephemeral_key (tpm2_driver.c:641)
==
1007580== by 0x232E1F: tpm_gen_keypair (tpm2_driver.c:695)
==
1007580== by 0x22D60A: gen_keypair (se_driver_api.c:275)
==
1007580== by 0x21FF35: generate_keypair (dhkey.c:142)
==
1007580== by 0x24D4C8: __test_dhkey (dhkey_test.c:55)
led me to find that BIO_get_mem_data is informative only, it does not
transer ownership of a BIO_s_mems data structure to the caller.
Additionally treating it as such leads to the above leak, or possibly
data corruption in the event that BIO_set_close(bio, BIO_NOCLOSE) is not
set properly prior to calling BIO_free.
Made an attempt to fix it in a minimally invasive manner in the 3.1
branch, but based on discussion, its just not safe to do in an API
compatible way, so just document the sematics a little more clearly
here, and fix it properly in a future release
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21724)
(cherry picked from commit
66d1658b4d88c66b27a8a538b2fb365ef1907936)
Pauli [Tue, 1 Aug 2023 23:35:35 +0000 (09:35 +1000)]
quic: process stateless resets
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21649)
3lswear [Wed, 9 Aug 2023 13:25:51 +0000 (16:25 +0300)]
Check i2d_X509_NAME return in X509_NAME_hash_ex/old
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21697)