Dimitri Papadopoulos [Sun, 6 Aug 2023 17:44:37 +0000 (19:44 +0200)]
Bad function definition
void f() should probably be void f(void)
Found by running the checkpatch.pl Linux script to enforce coding style.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)
Dimitri Papadopoulos [Sun, 16 Jul 2023 18:03:40 +0000 (20:03 +0200)]
"foo * bar" should be "foo *bar"
Found by running the checkpatch.pl Linux script to enforce coding style.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)
Dimitri Papadopoulos [Sun, 16 Jul 2023 07:09:31 +0000 (09:09 +0200)]
Remove repeated words
Found by running the checkpatch.pl Linux script to enforce coding style.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21468)
Richard Levitte [Fri, 8 Sep 2023 06:20:02 +0000 (08:20 +0200)]
Fix test_quic_multistream to allow multiple concurrent tests
The server port was hard coded to 8186. That could make for some
"interesting" effects if two instances of this same test was running
on the same machine.
This change binds the server interface with port 0, and captures the
resulting random port.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22025)
Matt Caswell [Fri, 8 Sep 2023 14:26:40 +0000 (15:26 +0100)]
Fix a build failure where recvmmsg is available but not sendmmsg
Some old glibc versions have recvmmsg but not sendmmsg. We require both to
use that functionality. Introduce a test to check we have a sufficiently
recent version of glibc.
Fixes #22021
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22036)
Randall S. Becker [Thu, 7 Sep 2023 19:42:10 +0000 (20:42 +0100)]
Prevent 80-test_cmp_http from accidentally killing perl in error.
If there is an issue with setting up the test environment in this test,
pid is not set so stop_server kills the perl process. A guard has been
added to prevent this situation.
Fixes: #22014
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22015)
Min Zhou [Thu, 7 Sep 2023 03:07:53 +0000 (11:07 +0800)]
LoongArch64 assembly pack: add ChaCha20 modules
This assembly implementation for ChaCha20 includes three code paths:
scalar path, 128-bit LSX path and 256-bit LASX path. We prefer the
LASX path or LSX path if the hardware and system support these
extensions.
There are 32 vector registers avaialable in the LSX and LASX
extensions. So, we can load the 16 initial states and the 16
intermediate states of ChaCha into the 32 vector registers for
calculating in the implementation. The test results on the 3A5000
and 3A6000 show that this assembly implementation significantly
improves the performance of ChaCha20 on LoongArch based machines.
The detailed test results are as following.
Test with:
$ openssl speed -evp chacha20
3A5000
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
C code 178484.53k 282789.93k 311793.70k 322234.99k 324405.93k 324659.88k
assembly code 223152.28k 407863.65k 989520.55k
2049192.96k
2127248.70k
2131749.55k
+25% +44% +217% +536% +556% +557%
3A6000
type 16 bytes 64 bytes 256 bytes 1024 bytes 8192 bytes 16384 bytes
C code 214945.33k 310041.75k 340724.22k 349949.27k 352925.01k 353140.74k
assembly code 299151.34k 492766.34k
2070166.02k
4300909.91k
4473978.88k
4499084.63k
+39% +59% +508% +1129% +1168% +1174%
Signed-off-by: Min Zhou <zhoumin@loongson.cn>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21998)
Rainer Jung [Thu, 7 Sep 2023 22:27:07 +0000 (00:27 +0200)]
Regexp modifier "r" needs perl 5.14; OpenSSL should build with 5.11, so do not use the "r" shortcut.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22019)
Bernd Edlinger [Fri, 8 Sep 2023 08:33:24 +0000 (10:33 +0200)]
Fix output corruption in req command
when used in conjunction with -out and -modulus options.
Fixes #21403
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22026)
Randall S. Becker [Thu, 7 Sep 2023 14:15:21 +0000 (15:15 +0100)]
Exclude include of poll.h from NonStop builds - not defined on platform.
socket.h has been modified so that poll.h is omitted for OPENSSL_SYS_NONSTOP
builds. The platform configuration is derived from UNIX so the include is
only omitted for NonStop but kept in the OPENSSL_SYS_UNIX include block.
Fixes: #22001
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22006)
Randall S. Becker [Thu, 7 Sep 2023 14:00:19 +0000 (15:00 +0100)]
Modify 50-nonstop.conf to enable c99 extensions for uintptr_t.
This is done using the define __NSK_OPTIONAL_TYPES__ and is specific to the
NonStop platform builds.
Fixes: #22002
Signed-off-by: Randall S. Becker <randall.becker@nexbridge.ca>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22005)
Matt Caswell [Wed, 6 Sep 2023 11:36:43 +0000 (12:36 +0100)]
Return NULL if we fail to create a BIO in the demos/quicserver
Strictly speaking the previous code was still correct since BIO_set_fd
is tolerant of a NULL BIO. But this way is more clear.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
Matt Caswell [Wed, 6 Sep 2023 11:14:33 +0000 (12:14 +0100)]
Add a missing call to BIO_closesocket()
A couple of the demos missed a call to this function in an error case.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
Matt Caswell [Tue, 5 Sep 2023 14:17:29 +0000 (15:17 +0100)]
Expand the explanation of how to go and do useful work in non-blocking
Add additional commentary to the non-blocking examples explaining where to
add code to go and do other useful work.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
Matt Caswell [Fri, 1 Sep 2023 16:41:48 +0000 (17:41 +0100)]
Add a new guide page on writing a non-blocking QUIC client
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
Matt Caswell [Fri, 25 Aug 2023 17:05:32 +0000 (18:05 +0100)]
Add a new guide page on writing a non-blocking TLS client
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
Matt Caswell [Fri, 25 Aug 2023 12:44:14 +0000 (13:44 +0100)]
Add a QUIC non-blocking demo
Show how to write a QUIC client using a non-blocking socket
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
Matt Caswell [Thu, 24 Aug 2023 08:14:21 +0000 (09:14 +0100)]
Add a TLS non-blocking demo
Show how to write a TLS client using a non-blocking socket
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21950)
dependabot[bot] [Fri, 8 Sep 2023 08:14:37 +0000 (08:14 +0000)]
Bump coverallsapp/github-action from 2.2.1 to 2.2.3
Bumps [coverallsapp/github-action](https://github.com/coverallsapp/github-action) from 2.2.1 to 2.2.3.
- [Release notes](https://github.com/coverallsapp/github-action/releases)
- [Commits](https://github.com/coverallsapp/github-action/compare/v2.2.1...v2.2.3)
---
updated-dependencies:
- dependency-name: coverallsapp/github-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22012)
Bernd Edlinger [Wed, 6 Sep 2023 12:06:52 +0000 (14:06 +0200)]
Fix a possible memleak in SRP_VBASE_new
In the error handling case the memory in
vb->users_pwd was accidentally not released.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21981)
Richard Levitte [Wed, 6 Sep 2023 05:13:26 +0000 (07:13 +0200)]
OSSL_STORE: Fix error flag clearing and setting (provider path only)
When the provider's load function returned with an error, the libcrypto
error flag was only set if EOF hadn't been reached. This is troublesome,
as an error can very well occur during the last load before EOF is reached!
Also, the error flag was never reset, even though documentation specifies
that it should indicate an error in the last load (i.e. not the one before
that).
Fixes #21968
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21976)
Pauli [Thu, 7 Sep 2023 02:35:10 +0000 (12:35 +1000)]
Add test case for #21986
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21988)
Pauli [Wed, 6 Sep 2023 23:27:37 +0000 (09:27 +1000)]
Check error return from cms_sd_asn1_ctrl() correctly.
Fixes #21986
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21988)
Richard Levitte [Thu, 7 Sep 2023 05:34:33 +0000 (07:34 +0200)]
Fix 80-test_cmp_http.t to be more flexible regarding IP versions
Because apps/lib/http_server.c had a hard coded "[::]" for the accept host,
80-test_cmp_http.t assumed that it would always get a CMP server on an IPv6
address, and tested for that.
With the fix in apps/lib/http_server.c, that test was of course doomed to
fail. Since CMP should be about IP version testing, 80-test_cmp_http.t is
adapted to allow the Mock server to accept connections on either IP version,
and the test for IPv6 is removed.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21989)
Richard Levitte [Thu, 7 Sep 2023 03:57:36 +0000 (05:57 +0200)]
BIO_set_accept_name(): To accept from any interface, use *
Using "*:{port}" is preferred to "[::]:{port}", because it won't break on
IPv4-only machines.
This fixes test failures in 79-test_http.t and 80-test_ssl_new.t on machines
without IPv6.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21989)
wangcheng [Wed, 6 Sep 2023 13:29:38 +0000 (21:29 +0800)]
Modify the dkeyform type to support engine
The valtype value of dkeyform defined in the s_server_options structure is F, which leads to the judgment that the engine is not supported when processing parameters in the opt_next function.
This the valtype value of dkeyform should be changed to "f".
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21982)
Min Zhou [Wed, 6 Sep 2023 03:52:26 +0000 (11:52 +0800)]
test/chacha: replace CPUID_OBJ with OPENSSL_CPUID_OBJ
Fixes #21977
Signed-off-by: Min Zhou <zhoumin@loongson.cn>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21978)
Matt Caswell [Thu, 7 Sep 2023 09:00:46 +0000 (10:00 +0100)]
Prepare for 3.2 alpha 2
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Matt Caswell [Thu, 7 Sep 2023 09:00:22 +0000 (10:00 +0100)]
Prepare for release of 3.2 alpha 1
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Matt Caswell [Thu, 7 Sep 2023 09:00:21 +0000 (10:00 +0100)]
make update
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Matt Caswell [Thu, 7 Sep 2023 08:59:15 +0000 (09:59 +0100)]
Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
Hugo Landau [Mon, 4 Sep 2023 16:53:13 +0000 (17:53 +0100)]
QUIC MULTISTREAM TEST: Add comment
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21827)
Hugo Landau [Wed, 30 Aug 2023 07:01:47 +0000 (08:01 +0100)]
QUIC MULTISTREAM TEST: Adjust spin behaviour
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21827)
Hugo Landau [Tue, 29 Aug 2023 13:33:44 +0000 (14:33 +0100)]
win32: Support condition variable broadcasting on XP
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21827)
Hugo Landau [Thu, 24 Aug 2023 14:19:20 +0000 (15:19 +0100)]
QUIC MULTISTREAM TEST: Synchronize script 20 correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21827)
Hugo Landau [Thu, 24 Aug 2023 09:16:52 +0000 (10:16 +0100)]
QUIC MULTISTREAM TEST: Run all scripts in both blocking and non-blocking modes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21827)
Pauli [Tue, 5 Sep 2023 01:49:38 +0000 (11:49 +1000)]
fips compatibility: update 3.1.1 to 3.1.2
The plan at the moment is to validate 3.1.2 all going well.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21962)
Philip Prindeville [Sat, 2 Sep 2023 19:18:04 +0000 (13:18 -0600)]
Per other commands, make progress dots in req only w/ -verbose
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21937)
Dr. David von Oheimb [Tue, 29 Aug 2023 09:09:05 +0000 (11:09 +0200)]
CMP: generalize ossl_cmp_calc_protection() to handle Edwards curves correctly
Fixes #21564
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21884)
Kurt Roeckx [Fri, 1 Sep 2023 12:03:07 +0000 (14:03 +0200)]
Update fuzz corpora to latest commit
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21927)
Bernd Edlinger [Mon, 4 Sep 2023 07:40:28 +0000 (09:40 +0200)]
Fix internal memory leaks from OPENSSL_MALLOC_FAILURES
There is a rarely used feature that can be enabled
with `./config enable-crypto-mdebug` when additionally
the environment variable OPENSSL_MALLOC_FAILURES is used.
It turns out to be possible that CRYPTO_zalloc may
create a leak when the memory is allocated and then
the shouldfail happens, then the memory is lost.
Likewise when OPENSSL_realloc is used with size=0,
then the memory is to be free'd but here the shouldfail
check is too early, and the failure may prevent the
memory to be freed thus creating a bogus memory leak.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21944)
Tomas Mraz [Mon, 4 Sep 2023 07:09:40 +0000 (09:09 +0200)]
Test that NULL BIGNUM is supported in OSSL_PARAM_BLD_push_BN()
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21945)
Tomas Mraz [Mon, 4 Sep 2023 06:59:53 +0000 (08:59 +0200)]
OSSL_PARAM_BLD_push_BN_pad(): Allow NULL BIGNUM
This was supported previously and regressed
with commit
17898ec6011cc583c5af69ca8f25f5d165ff3e6a
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21945)
Dr. David von Oheimb [Fri, 4 Aug 2023 17:02:28 +0000 (19:02 +0200)]
apps/cmp.c: fix bug not allowing to reset -csr and -serial option values
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
Dr. David von Oheimb [Fri, 4 Aug 2023 06:23:58 +0000 (08:23 +0200)]
apps.c: improve warning texts of parse_name() when skipping RDN input
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
Dr. David von Oheimb [Thu, 3 Aug 2023 14:52:49 +0000 (16:52 +0200)]
apps.c: fix error messages (newline and needless text) in load_key_certs_crls()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21659)
Hugo Landau [Thu, 31 Aug 2023 17:54:16 +0000 (18:54 +0100)]
MUTEX: Assert on locking failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21919)
dependabot[bot] [Tue, 5 Sep 2023 07:56:28 +0000 (07:56 +0000)]
Bump actions/checkout from 2 to 4
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 4.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v4)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21953)
Richard Levitte [Mon, 4 Sep 2023 20:09:27 +0000 (22:09 +0200)]
VMS: More header inclusion compensation for VMS C compiler
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21959)
Kai Pastor [Sun, 3 Sep 2023 08:59:22 +0000 (10:59 +0200)]
Use armv8 .quad instead of .dword
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21939)
Tomas Mraz [Mon, 4 Sep 2023 19:39:30 +0000 (21:39 +0200)]
04-test_encoder_decoder.t: Use algorithm that is non-fips also on 3.0.0
The test encrypted RSA key with DES3 which is still
allowed in the 3.0 fips provider.
Instead use the traditional key format that uses MD5
to create the password based key. MD5 is disallowed
in the 3.0 fips provider.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/21957)
Tomas Mraz [Mon, 4 Sep 2023 19:50:18 +0000 (21:50 +0200)]
quicserver.c: Fix build with no-ssl-trace
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21958)
Richard Levitte [Mon, 4 Sep 2023 15:54:22 +0000 (17:54 +0200)]
internal/numbers.h: Add fallback implementation for UINT32_C and UINT64_C
Other similar macros can be implemented later. Right now, this are the most
likely to be actually useful
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)
Richard Levitte [Mon, 4 Sep 2023 14:24:05 +0000 (16:24 +0200)]
Include #include "internal/numbers.h" in ssl/quic/quic_cfq.c
It's needed for platforms that don't define UINT64_MAX and similar macros
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)
Richard Levitte [Mon, 4 Sep 2023 14:23:05 +0000 (16:23 +0200)]
VMS: Add a fallback definition of socklen_t
It is not present in current VMS C headers...
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)
Richard Levitte [Mon, 4 Sep 2023 14:22:10 +0000 (16:22 +0200)]
VMS: More header inclusion compensation for VMS C compiler
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)
slontis [Thu, 31 Aug 2023 07:51:46 +0000 (17:51 +1000)]
Added 'saltlen' option to the OpenSSL enc command line app.
This allows PBKDF2 to change the saltlen to something other than the
new default value of 16. Previously this app hardwired the salt length
to a maximum of 8 bytes. Non PBKDF2 mode uses EVP_BytesToKey()
internally, which is documented to only allow 8 bytes.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
slontis [Thu, 31 Aug 2023 07:49:55 +0000 (17:49 +1000)]
Added a 'saltlen' option to the openssl pkcs8 command line app.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
slontis [Mon, 28 Aug 2023 02:47:51 +0000 (12:47 +1000)]
Change PBES2 KDF default salt length to 16 bytes.
The PKCS5 (RFC 8018) standard uses a 64 bit salt length for PBE, and
recommends a minimum of 64 bits for PBES2. For FIPS compliance PBKDF2
requires a salt length of 128 bits.
This affects OpenSSL command line applications such as "genrsa" and "pkcs8"
and API's such as PEM_write_bio_PrivateKey() that are reliant on the
default salt length.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21858)
Neil Horman [Mon, 28 Aug 2023 16:07:16 +0000 (12:07 -0400)]
Implement dupctx for chacha20 cipher
Implement the dupctx method for the chacha20 cipher, so that
EVP_PKEY_CTX_copy works
Its pretty straightforward, its basically just a memdup. Checking the
pointers that might need fixing up:
in PROV_CHACHA20_CTX all members are statically declared, so memduping
should be fine
in PROV_CHACHA20_CTX->base (PROV_CIPHER_CTX):
Non statically declared members:
*tlsmac needs to get memduped to avoid double free
conditions, but only if base.alloced is set
*hw pointer is always assigned to the chacha20_hw global
variable, so can be left alone
*libctx can be left alone as provctx is always NULL in
chacha20_newctx
*ks appears unused by chacha20, so can be ignored
Fixes #20978
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21878)
Tom Cosgrove [Fri, 1 Sep 2023 07:41:11 +0000 (08:41 +0100)]
Move ALIGN32 and ALIGN64 into common.h, and fix for clang-cl.exe
clang-cl.exe defines __clang__ and _MSC_VER but not __GNUC__, so a clang-
specific guard is needed to get the correct ALIGNxx versions.
Fixes #21914
Change-Id: Icdc047b182ad1ba61c7b1b06a1e951eda1a0c33d
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21921)
Sumitra Sharma [Fri, 1 Sep 2023 07:10:49 +0000 (12:40 +0530)]
Replace ssl3_get_message() with tls_get_message_header() and/or tls_get_message_body()
Update commit messages that previously used ssl3_get_message()
to now use tls_get_message_header() and tls_get_message_body()
due to the split in OpenSSL 1.1.0.
CLA: trivial
Fixes #21582
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21886)
Sumitra Sharma [Fri, 1 Sep 2023 10:22:47 +0000 (15:52 +0530)]
Fix typo in openssl-pkeyutl(1)
Changed "than" to "then" for improved clarity and correctness.
CLA: trivial
Fixes #21543
Signed-off-by: Sumitra Sharma <sumitraartsy@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21925)
Matt Caswell [Thu, 31 Aug 2023 15:18:28 +0000 (16:18 +0100)]
Add a test for QUIC non IO retry errors
Test that errors such as SSL_ERROR_WANT_RETRY_VERIFY are properly
handled by QUIC connections.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)
Matt Caswell [Thu, 31 Aug 2023 14:31:42 +0000 (15:31 +0100)]
Handle non IO based retry errors in QUIC
SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOOKUP.
These can occur during a TLS handshake. If they occur when a QUIC Connection
is performing a TLS handshake then we need to propagate these up to the QCSO.
We also handle SSL_ERROR_WANT_CLIENT_HELLO_CB. This one will only ever
occur on the server side which we don't currently support. However adding
the handling for it now is identical to all the other handling so including
it is no cost, and will be needed when we do add server support.
We are not concerned with SSL_ERROR_WANT_ASYNC or SSL_ERROR_WANT_ASYNC_JOB
since we do not support async operation with QUIC.
Fixes openssl/project#199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)
Bernd Edlinger [Tue, 22 Aug 2023 14:07:30 +0000 (16:07 +0200)]
Avoid clobbering non-volatile XMM registers
This affects some Poly1305 assembler functions
which are only used for certain CPU types.
Remove those functions for Windows targets,
as a simple interim solution.
Fixes #21522
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21808)
Hugo Landau [Thu, 31 Aug 2023 10:53:47 +0000 (11:53 +0100)]
QUIC MULTISTREAM TEST: Test SSL_want for consistency with SSL_get_error
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
Hugo Landau [Thu, 31 Aug 2023 10:53:32 +0000 (11:53 +0100)]
QUIC APL: Implement SSL_want
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
Hugo Landau [Thu, 31 Aug 2023 10:53:07 +0000 (11:53 +0100)]
QUIC APL: Revise I/O error setting so that the last error is set on success
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
Hugo Landau [Thu, 31 Aug 2023 10:52:38 +0000 (11:52 +0100)]
QUIC APL: Adjust expect_quic_conn_only
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
Hugo Landau [Thu, 31 Aug 2023 12:28:34 +0000 (13:28 +0100)]
QUIC RXDP: Reuse allocations between ACK frame processing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
Hugo Landau [Thu, 31 Aug 2023 12:20:05 +0000 (13:20 +0100)]
QUIC WIRE: When peeking at number of ACK ranges, ensure enough data is available
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
Hugo Landau [Thu, 31 Aug 2023 11:47:25 +0000 (12:47 +0100)]
Comment on internal flag
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 16:42:04 +0000 (17:42 +0100)]
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 15:48:45 +0000 (16:48 +0100)]
Fix after rebase
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 15:36:11 +0000 (16:36 +0100)]
QUIC: Note differences in SSL_want
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 15:22:27 +0000 (16:22 +0100)]
QUIC: Update API overview document
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 15:19:05 +0000 (16:19 +0100)]
QUIC: Note that SSL_set_shutdown is not supported
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 15:18:50 +0000 (16:18 +0100)]
QUIC APL: Report that we do not support SSL_clear correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 15:18:39 +0000 (16:18 +0100)]
QUIC: Update API table
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 13:00:14 +0000 (14:00 +0100)]
BIO: Emphasise API contract for BIO_sendmmsg/BIO_recvmmsg
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 12:45:40 +0000 (13:45 +0100)]
BIO: Allow third parties to use integers instead of pointers for poll descriptors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 12:43:35 +0000 (13:43 +0100)]
QUIC: Make TLS1_FLAGS_QUIC private
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 12:41:39 +0000 (13:41 +0100)]
QUIC API: Revise SSL_get_conn_close_info to use a flags field
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 12:19:40 +0000 (13:19 +0100)]
Document OSSL_get_thread_support_flags()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 12:09:13 +0000 (13:09 +0100)]
QUIC APL: Allow stream origin to be queried
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
Hugo Landau [Wed, 30 Aug 2023 16:00:16 +0000 (17:00 +0100)]
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Fri, 18 Aug 2023 11:06:10 +0000 (12:06 +0100)]
Minor updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Thu, 10 Aug 2023 18:49:17 +0000 (19:49 +0100)]
Add manpages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Thu, 10 Aug 2023 18:29:27 +0000 (19:29 +0100)]
Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:34 +0000 (17:46 +0100)]
QUIC DDD: Final report
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:34 +0000 (17:46 +0100)]
QUIC DDD: ddd-02-conn-nonblocking-threads: Unplanned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:34 +0000 (17:46 +0100)]
QUIC DDD: ddd-02-conn-nonblocking-threads: Planned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:34 +0000 (17:46 +0100)]
QUIC DDD: ddd-06-mem-uv: Unplanned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:34 +0000 (17:46 +0100)]
QUIC DDD: ddd-06-mem-uv: Planned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:34 +0000 (17:46 +0100)]
QUIC DDD: ddd-05-mem-nonblocking: Unplanned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:33 +0000 (17:46 +0100)]
QUIC DDD: ddd-05-mem-nonblocking: Planned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:33 +0000 (17:46 +0100)]
QUIC DDD: ddd-04-fd-nonblocking: Unplanned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:33 +0000 (17:46 +0100)]
QUIC DDD: ddd-04-fd-nonblocking: Planned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
Hugo Landau [Wed, 9 Aug 2023 16:46:33 +0000 (17:46 +0100)]
QUIC DDD: ddd-03-fd-blocking: Unplanned changes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)