openssl.git
36 hours agocompute_pqueue_growth(): Fix the return type master
Tomas Mraz [Mon, 16 Jan 2023 11:26:20 +0000 (12:26 +0100)]
compute_pqueue_growth(): Fix the return type

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

36 hours agoImplement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() code
Tomas Mraz [Mon, 9 Jan 2023 17:39:50 +0000 (18:39 +0100)]
Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

36 hours agoRevert "Give BIO_s_mem() the ability to support datagrams"
Tomas Mraz [Mon, 9 Jan 2023 17:03:07 +0000 (18:03 +0100)]
Revert "Give BIO_s_mem() the ability to support datagrams"

This reverts commit 5a4ba72f00f9b336a4d65abff822699ceb9617c6.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

37 hours agoQUIC FIN Support: Documentation fixups
Hugo Landau [Thu, 26 Jan 2023 13:24:35 +0000 (13:24 +0000)]
QUIC FIN Support: Documentation fixups

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC FIN Support: Various fixes
Hugo Landau [Tue, 24 Jan 2023 10:34:00 +0000 (10:34 +0000)]
QUIC FIN Support: Various fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC TSERVER: Fix probable nondeterminism in some OS network stacks
Hugo Landau [Thu, 5 Jan 2023 10:51:14 +0000 (10:51 +0000)]
QUIC TSERVER: Fix probable nondeterminism in some OS network stacks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC: Add documentation for stream and connection shutdown functions
Hugo Landau [Thu, 5 Jan 2023 08:35:07 +0000 (08:35 +0000)]
QUIC: Add documentation for stream and connection shutdown functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC Test Server: Exercise end-of-stream condition on read and write
Hugo Landau [Tue, 13 Dec 2022 12:29:23 +0000 (12:29 +0000)]
QUIC Test Server: Exercise end-of-stream condition on read and write

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC Front End I/O API: Add support for signalling and detecting end-of-stream
Hugo Landau [Tue, 13 Dec 2022 12:28:54 +0000 (12:28 +0000)]
QUIC Front End I/O API: Add support for signalling and detecting end-of-stream

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC TXP: Fix handling of FIN stream chunks
Hugo Landau [Tue, 13 Dec 2022 12:27:43 +0000 (12:27 +0000)]
QUIC TXP: Fix handling of FIN stream chunks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

37 hours agoQUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex
Hugo Landau [Tue, 13 Dec 2022 12:27:05 +0000 (12:27 +0000)]
QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

41 hours agoAdd notes about ignoring initialization failures on contexts
Tomas Mraz [Wed, 25 Jan 2023 09:15:05 +0000 (10:15 +0100)]
Add notes about ignoring initialization failures on contexts

Fixes #20130

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)

2 days agoDocument that the RSA e value is mandatory when importing.
slontis [Wed, 25 Jan 2023 01:06:34 +0000 (11:06 +1000)]
Document that the RSA e value is mandatory when importing.

The lab tried doing a RSA decryption primitive using just n (using p, q) and d.

This failed for 2 reasons:
(1) e is required when importing
(2) Internally e is used for blinding.

Note n and e can be calculated using:
n = pq
e = (1/d) mod (p-1)(q-1)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20133)

2 days agoFix Coverity 1520485: logically dead code
Pauli [Tue, 24 Jan 2023 01:23:37 +0000 (12:23 +1100)]
Fix Coverity 1520485: logically dead code

The check is unnecessary as the condition is already checked
before the switch statement.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20121)

2 days agoRevert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"
Christoph Müllner [Wed, 25 Jan 2023 16:48:41 +0000 (17:48 +0100)]
Revert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"

This reverts commit e787c57c538d0922004e49a10be0d403af773272.

The current CI host system is Ubuntu 22.04, which ships with QEMU 6.2.
This QEMU release is too old for the required RISC-V extensions.
We would need at least QEMU 7.1 (Aug 2022) for this patch.

Let's revert the patch.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20139)

2 days agoClarify the change of enc -S behavior in 3.0
Viktor Dukhovni [Tue, 24 Jan 2023 13:40:57 +0000 (14:40 +0100)]
Clarify the change of enc -S behavior in 3.0

Fixes  #19730

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19732)

2 days agorename 90-test_traceapi.t to 90-test_trace_api.t for consistency
Dr. David von Oheimb [Wed, 21 Dec 2022 13:16:33 +0000 (14:16 +0100)]
rename 90-test_traceapi.t to 90-test_trace_api.t for consistency

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

2 days agoOSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense
Dr. David von Oheimb [Fri, 1 Jul 2022 20:12:08 +0000 (22:12 +0200)]
OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

2 days agoadd OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()
Dr. David von Oheimb [Fri, 1 Jul 2022 20:09:18 +0000 (22:09 +0200)]
add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

3 days agoFix incomplete checks for EVP_CIPHER_asn1_to_param
Niels Dossche [Mon, 23 Jan 2023 16:16:34 +0000 (17:16 +0100)]
Fix incomplete checks for EVP_CIPHER_asn1_to_param

EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.

Fixes: #20116
CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)

4 days agoRemove the user_ssl field
Matt Caswell [Mon, 23 Jan 2023 14:04:26 +0000 (14:04 +0000)]
Remove the user_ssl field

The user_ssl field in an SSL_CONNECTION is no longer used - so remove it.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoAdd QUIC-TLS server support
Matt Caswell [Tue, 29 Nov 2022 11:26:08 +0000 (11:26 +0000)]
Add QUIC-TLS server support

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoRemove the old Dummy Handshake code
Matt Caswell [Wed, 23 Nov 2022 16:20:14 +0000 (16:20 +0000)]
Remove the old Dummy Handshake code

Now that we have a real TLS handshake we no longer need the dummy handshake
implementation and it can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoAdd support for the msg_callback
Matt Caswell [Fri, 18 Nov 2022 11:39:33 +0000 (11:39 +0000)]
Add support for the msg_callback

Having support for the msg_callback will improve debug capabilities.

For record headers we "manufacture" dummy ones so that as far as the
callback is concerned we are doing "normal" TLS.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoReplace use of the Dummy Handshake Layer with the real one
Matt Caswell [Fri, 18 Nov 2022 12:38:50 +0000 (12:38 +0000)]
Replace use of the Dummy Handshake Layer with the real one

We start using the QUIC TLS implementation rather than the dummy one.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoAdd an initial QUIC-TLS implementation
Matt Caswell [Fri, 18 Nov 2022 12:38:38 +0000 (12:38 +0000)]
Add an initial QUIC-TLS implementation

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoAdd the ability to add a custom extension on an SSL object
Matt Caswell [Mon, 14 Nov 2022 15:29:38 +0000 (15:29 +0000)]
Add the ability to add a custom extension on an SSL object

Previously we could only do this at the SSL_CTX level. We add the ability
to also do this on an SSL - but only for internal code.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoExtend the new_record_layer function
Matt Caswell [Mon, 14 Nov 2022 14:19:53 +0000 (14:19 +0000)]
Extend the new_record_layer function

Add the ability to pass the main secret and length, as well as the
digest used for the KDF.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoAdd support for setting a custom TLS Record Layer
Matt Caswell [Thu, 10 Nov 2022 16:05:16 +0000 (16:05 +0000)]
Add support for setting a custom TLS Record Layer

This is just an internal API for now. Something like this will be made
public API at some point - but it is likely to be based on the provider
interface rather that a direct setting of a METHOD like we do for now.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoRemove an unneeded OSSL_RECORD_METHOD function
Matt Caswell [Thu, 10 Nov 2022 15:45:46 +0000 (15:45 +0000)]
Remove an unneeded OSSL_RECORD_METHOD function

The reset() function was never called so it can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoMove recordmethod.h to be an "internal" header
Matt Caswell [Thu, 10 Nov 2022 14:25:21 +0000 (14:25 +0000)]
Move recordmethod.h to be an "internal" header

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoCreate the SSL object for QUIC-TLS
Matt Caswell [Tue, 8 Nov 2022 16:20:08 +0000 (16:20 +0000)]
Create the SSL object for QUIC-TLS

The "user" SSL object which represents the QUIC connection should have an
"inner" SSL object to represent the TLS connection.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

4 days agoAPPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given
Dr. David von Oheimb [Sat, 24 Sep 2022 21:59:12 +0000 (23:59 +0200)]
APPS: generated certs bear X.509 V3, unless -x509v1 option of req app is given

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

4 days agoapps/req.c: properly report parse errors by duplicated(); simplify the function
Dr. David von Oheimb [Sat, 24 Sep 2022 21:03:32 +0000 (23:03 +0200)]
apps/req.c: properly report parse errors by duplicated(); simplify the function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

4 days agoX509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return values
Dr. David von Oheimb [Wed, 28 Sep 2022 18:50:46 +0000 (20:50 +0200)]
X509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return values

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19271)

4 days agotest: note that a default property query must be included for FIPS validity
Pauli [Sun, 22 Jan 2023 22:52:17 +0000 (09:52 +1100)]
test: note that a default property query must be included for FIPS validity

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

4 days agochanges entry about non-approved FIPS algorithms
Pauli [Thu, 19 Jan 2023 23:26:45 +0000 (10:26 +1100)]
changes entry about non-approved FIPS algorithms

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

4 days agoPut X25519 and X448 back as approved algorithms
Pauli [Thu, 19 Jan 2023 22:32:49 +0000 (09:32 +1100)]
Put X25519 and X448 back as approved algorithms

CMVP's answer when questioned about this being:

    X448 and X25519 uses Curve448 and Curve25519, respectfully, within an
    ECDH scheme.  Therefore, it is possible for a key agreement scheme
    that uses Curve448 and Curve25519 to be used in the approved mode
    and be viewed as an allowed algorithm if requirements of Scenario
    X2 of IG D.8 and IG A.2 are met (or Scenario 3 of D.F and IG C.A for
    FIPS 140-3).  The use of EdDSA in the approved mode is not permitted
    until FIPS 186-5 is published and part of CMVP guidance.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

4 days agofips: document that the EdDSA algorithms are not-validated
Pauli [Thu, 19 Jan 2023 00:16:40 +0000 (11:16 +1100)]
fips: document that the EdDSA algorithms are not-validated

Ed25519 and Ed448 are included in the FIPS 140-3 provider for
compatibility purposes but are flagged as "fips=no" to prevent their accidental
use.  This therefore requires that applications always specify the "fips=yes"
property query to enforce FIPS correctness.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20079)

4 days agoOSSL_trace_set_channel(): add important statement that it takes BIO ownership
Dr. David von Oheimb [Thu, 22 Dec 2022 10:47:41 +0000 (11:47 +0100)]
OSSL_trace_set_channel(): add important statement that it takes BIO ownership

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)

4 days agoset_trace_data(): prevent double free on OPENSSL_strdup() failure
Dr. David von Oheimb [Thu, 22 Dec 2022 10:42:14 +0000 (11:42 +0100)]
set_trace_data(): prevent double free on OPENSSL_strdup() failure

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19959)

4 days agoTypos fixing
FdaSilvaYY [Sat, 20 Feb 2021 22:39:30 +0000 (23:39 +0100)]
Typos fixing

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20109)

4 days agoFix windows builds
FdaSilvaYY [Mon, 16 Jan 2023 22:49:01 +0000 (23:49 +0100)]
Fix windows builds

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20109)

4 days agoCI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*
Christoph Müllner [Sat, 21 Jan 2023 14:55:27 +0000 (15:55 +0100)]
CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*

RISC-V already has a couple of routines to accelerate cryptographic
calculations using ISA extensions. Let's add a cross-compile target
that allows the CI to test this code.

The new defined machine is a rv64gc machine with
* all Bitmanip extensions (Zb*)
* all Scalar Crypto extensions (Zk*)

This selection matches the supported RISC-V extensions in OpenSSL.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20107)

4 days agoCI: cross-compile: Allow to set CPU capabilities
Christoph Müllner [Sat, 21 Jan 2023 14:49:17 +0000 (15:49 +0100)]
CI: cross-compile: Allow to set CPU capabilities

The cross-compile CI tests use cross-compilers for building
and QEMU for testing. This implies that testing of ISA extension
for HW accelerated cryptographic calculations is undefined
(it depends on arch-specific QEMU defaults and arch-specific
detection mechanisms in OpenSSL).

Let's add a mechanism to set two environment variables, that allow
to control the ISA extensions:
* QEMU_CPU: used by QEMU to specify CPU capabilities of the emulation
* OPENSSL_*: used by OpenSSL (on some architectures) to enable ISA
  extensions.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20107)

5 days agoFix corruption when searching for CRLs in hashed directories
Hugo Landau [Wed, 18 Jan 2023 15:43:56 +0000 (15:43 +0000)]
Fix corruption when searching for CRLs in hashed directories

The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.

This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.

Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.

Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)

5 days agoAdd DTLS support to the large app data test
Matt Caswell [Fri, 20 Jan 2023 14:08:42 +0000 (14:08 +0000)]
Add DTLS support to the large app data test

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)

5 days agoEnsure our buffer allocation allows for the Explicit IV
Matt Caswell [Thu, 19 Jan 2023 11:59:44 +0000 (11:59 +0000)]
Ensure our buffer allocation allows for the Explicit IV

Some ciphers/protocol versions have an explicit IV. We need to make sure we
have sufficient room for it in the underlying buffer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)

5 days agoAdd a test for large app data
Matt Caswell [Thu, 19 Jan 2023 10:52:45 +0000 (10:52 +0000)]
Add a test for large app data

Test that sending large app data records works correctly.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)

5 days agoMD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones
Tomas Mraz [Fri, 20 Jan 2023 10:40:45 +0000 (11:40 +0100)]
MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20095)

5 days agoX509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_cl...
Dr. David von Oheimb [Mon, 16 Jan 2023 07:38:01 +0000 (08:38 +0100)]
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)

5 days agocmp_client.c: fix handling of total_timeout for RR and GENM transactions
Dr. David von Oheimb [Tue, 11 Oct 2022 14:21:20 +0000 (16:21 +0200)]
cmp_client.c: fix handling of total_timeout for RR and GENM transactions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)

5 days agocmp_client_test.c: add tests for end_time being initialized for RR/GENM
Dr. David von Oheimb [Fri, 25 Nov 2022 09:43:12 +0000 (10:43 +0100)]
cmp_client_test.c: add tests for end_time being initialized for RR/GENM

To this end, tweak the internal handling of ctx->total_timeout.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)

5 days agoCMP docs: clarify behavior on message/total timeout values given
Dr. David von Oheimb [Fri, 25 Nov 2022 11:08:42 +0000 (12:08 +0100)]
CMP docs: clarify behavior on message/total timeout values given

Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)

5 days agoFixes wrong return type in BIO_do_connect man page.
Thib [Fri, 20 Jan 2023 13:07:15 +0000 (14:07 +0100)]
Fixes wrong return type in BIO_do_connect man page.

Current man page indicates the function returns an int while it returns
a long.

Fixes #20096.

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20097)

5 days agoFix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()
Niels Dossche [Sat, 21 Jan 2023 12:34:34 +0000 (13:34 +0100)]
Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()

RAND_bytes_ex() can also return 0 on failure. Other callers do check
this correctly. Change the check from <0 to <=0.

Fixes: #20100
CLA: trivial

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20106)

5 days agoAllow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved
Ingo Franzki [Wed, 18 Jan 2023 10:24:16 +0000 (11:24 +0100)]
Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved

Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be
retrieved for ECDSA and DSA.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20070)

8 days agoAdding a separated build settings for BSD flavors
David Carlier [Sat, 19 Dec 2020 11:07:09 +0000 (11:07 +0000)]
Adding a separated build settings for BSD flavors
to avoid inheriting Linux's linker flags (ie -Wl,-z,defs)
now targetting OpenBSD.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13393)

8 days agobn2bin(): Don't accept len < 0
Richard Levitte [Fri, 13 Jan 2023 11:51:43 +0000 (12:51 +0100)]
bn2bin(): Don't accept len < 0

Test included

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)

8 days agoAdd a test for public variants of bn2bin()
Richard Levitte [Thu, 12 Jan 2023 10:10:01 +0000 (11:10 +0100)]
Add a test for public variants of bn2bin()

We test with binary input of length 1, length 0, and NULL input with length 0

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)

8 days agobin2bn(): When len==0, just return a zero BIGNUM
Richard Levitte [Thu, 12 Jan 2023 09:17:01 +0000 (10:17 +0100)]
bin2bn(): When len==0, just return a zero BIGNUM

This allows calls with s==NULL and len==0 to be safe.  It probably already
was, but address sanitizers could still complain.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)

8 days agoPadlock: fix byte swapping assembly for AES-192 and 256
ValdikSS [Wed, 18 Jan 2023 17:14:48 +0000 (20:14 +0300)]
Padlock: fix byte swapping assembly for AES-192 and 256

Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.

This commit correctly sets the number of swapping loops to be done.

Fixes #20073

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20077)

9 days agoAdd link to EBNF definition
Pauli [Wed, 18 Jan 2023 07:03:33 +0000 (18:03 +1100)]
Add link to EBNF definition

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)

9 days agoAdd negative test for unquoted property string
Pauli [Sun, 15 Jan 2023 23:04:11 +0000 (10:04 +1100)]
Add negative test for unquoted property string

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)

9 days agoCorrect property EBNF for unquoted strings
Pauli [Wed, 11 Jan 2023 00:39:02 +0000 (11:39 +1100)]
Correct property EBNF for unquoted strings

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)

9 days agoQUIC Test Server: Minor fixups
Hugo Landau [Wed, 18 Jan 2023 11:07:58 +0000 (11:07 +0000)]
QUIC Test Server: Minor fixups

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC DEMUX: Refactor list manipulation
Hugo Landau [Wed, 30 Nov 2022 08:50:58 +0000 (08:50 +0000)]
QUIC DEMUX: Refactor list manipulation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC Test Server: Basic echo server test
Hugo Landau [Tue, 22 Nov 2022 17:49:36 +0000 (17:49 +0000)]
QUIC Test Server: Basic echo server test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC Test Server Implementation
Hugo Landau [Tue, 22 Nov 2022 13:45:18 +0000 (13:45 +0000)]
QUIC Test Server Implementation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC CHANNEL: Add basic server support for testing
Hugo Landau [Tue, 22 Nov 2022 13:41:23 +0000 (13:41 +0000)]
QUIC CHANNEL: Add basic server support for testing

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC CHANNEL: Transport params: Offer reason text and add server support
Hugo Landau [Tue, 22 Nov 2022 13:35:04 +0000 (13:35 +0000)]
QUIC CHANNEL: Transport params: Offer reason text and add server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC TXP: Fix generation of CONNECTION_CLOSE
Hugo Landau [Tue, 22 Nov 2022 13:31:42 +0000 (13:31 +0000)]
QUIC TXP: Fix generation of CONNECTION_CLOSE

CONNECTION_CLOSE frames can be generated on multiple ELs, so the TX
packetiser was generating it on multiple ELs simultaneously. This fixes
the CONNECTION_CLOSE generation logic so that the lowest non-dropped EL
is always used.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC Front-End I/O API: Fix WANT_READ signalling for SSL_read
Hugo Landau [Tue, 22 Nov 2022 13:29:45 +0000 (13:29 +0000)]
QUIC Front-End I/O API: Fix WANT_READ signalling for SSL_read

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC Front-End I/O API: Fix implementation of SSL_get_error
Hugo Landau [Tue, 22 Nov 2022 13:28:56 +0000 (13:28 +0000)]
QUIC Front-End I/O API: Fix implementation of SSL_get_error

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC QRX: (Server support) Add support for manual URXE injection
Hugo Landau [Tue, 22 Nov 2022 13:28:24 +0000 (13:28 +0000)]
QUIC QRX: (Server support) Add support for manual URXE injection

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC DHS: (Server support) Add server state machine for DHS
Hugo Landau [Tue, 22 Nov 2022 13:26:51 +0000 (13:26 +0000)]
QUIC DHS: (Server support) Add server state machine for DHS

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoQUIC DEMUX: (Server support) Add support for default handler
Hugo Landau [Tue, 22 Nov 2022 13:25:41 +0000 (13:25 +0000)]
QUIC DEMUX: (Server support) Add support for default handler

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)

9 days agoFix incorrect error return value in i2r_ADMISSION_SYNTAX()
Niels Dossche [Tue, 17 Jan 2023 19:27:49 +0000 (20:27 +0100)]
Fix incorrect error return value in i2r_ADMISSION_SYNTAX()

The other implementations of i2r return 0 in case of an error, but
i2r_ADMISSION_SYNTAX() returns -1. That means the check on i2r does not
catch the error. Change it to return 0 like the others do.

Fixes: #20066
CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20068)

9 days agoS390X: Fix Ed448ph
Juergen Christ [Tue, 17 Jan 2023 18:16:43 +0000 (19:16 +0100)]
S390X: Fix Ed448ph

CPACF does not support pre-hashing.  This was considered correctly for
Ed25519ph, but not for Ed448ph which lead to errors in the test_evp suite
(test vector 20 - pre-hashing without context string).  Fix this by using the
non-accelerated version of Ed448 also if no context string is provided, but
pre-hashing is performed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20067)

11 days agoFix potential NULL pointer dereference
Juergen Christ [Mon, 16 Jan 2023 10:37:15 +0000 (11:37 +0100)]
Fix potential NULL pointer dereference

In EC key generation, if allocation of struct ec_gen_ctx fails, values
provided by parameters are copied into the context at represented by a NULL
pointer.  To fix this, prevent copy if allocation fails.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20055)

11 days agoClarify documentation of X509_STORE_CTX_get_current_cert()
north-16 [Fri, 13 Jan 2023 01:33:46 +0000 (17:33 -0800)]
Clarify documentation of X509_STORE_CTX_get_current_cert()

CLA: trivial

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20038)

11 days agoremove unused macro in cast_local.h and des_local.h
zhangzhilei [Sat, 14 Jan 2023 06:23:48 +0000 (14:23 +0800)]
remove unused macro in cast_local.h and des_local.h

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20048)

11 days agopkey: Imply public check if -pubin is specified
Tomas Mraz [Fri, 13 Jan 2023 13:48:52 +0000 (14:48 +0100)]
pkey: Imply public check if -pubin is specified

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20044)

12 days agoPKCS12 - Add additional libctx and propq support.
slontis [Wed, 21 Dec 2022 04:39:07 +0000 (14:39 +1000)]
PKCS12 - Add additional libctx and propq support.

Fixes #19718
Fixes #19716

Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and
ASN1_item_unpack_ex().

parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX.
PKCS12_free() needed to be manually constructed in order to free the propq.

pkcs12_api_test.c changed so that it actually tests the libctx, propq.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19942)

12 days agos390x: Fix keccak xofs via CPACF
Juergen Christ [Mon, 2 Jan 2023 16:52:25 +0000 (17:52 +0100)]
s390x: Fix keccak xofs via CPACF

CPACF does not directly support xofs.  Emulate this by using single block
operations on an empty input block.

Fixes: affc070aabc9 ("s390x: Optimize kmac")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19983)

12 days agoFix big-endian issue in chacha20 SVE implementation on aarch64
fangming.fang [Wed, 11 Jan 2023 03:49:28 +0000 (03:49 +0000)]
Fix big-endian issue in chacha20 SVE implementation on aarch64

Fixes: #19902
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20028)

12 days agoBump actions/setup-python from 4.4.0 to 4.5.0
dependabot[bot] [Mon, 16 Jan 2023 15:24:25 +0000 (15:24 +0000)]
Bump actions/setup-python from 4.4.0 to 4.5.0

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

CLA: trivial
Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20046)

12 days agoDocumenting lack of error codes stability
Dmitry Belyavskiy [Tue, 10 Jan 2023 17:54:51 +0000 (18:54 +0100)]
Documenting lack of error codes stability

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20019)

12 days agoCMP app: fix file output of certs and cert lists on non-existing cert(s)
Dr. David von Oheimb [Tue, 13 Dec 2022 16:47:23 +0000 (17:47 +0100)]
CMP app: fix file output of certs and cert lists on non-existing cert(s)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20035)

2 weeks agoLimit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
Bernd Edlinger [Tue, 8 Nov 2022 16:43:22 +0000 (17:43 +0100)]
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime

Otherwise the alloca can cause an exception.

Issue reported by Jiayi Lin.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)

2 weeks agoRevert "Limit size of modulus for BN_mod_exp_mont_consttime()"
Bernd Edlinger [Sat, 7 Jan 2023 06:58:21 +0000 (07:58 +0100)]
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"

This reverts commit 4378e3cd2a4d73a97a2349efaa143059d8ed05e8.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)

2 weeks agoQUIC API: Rename want_net_read and want_net_write
Hugo Landau [Mon, 9 Jan 2023 15:48:25 +0000 (15:48 +0000)]
QUIC API: Rename want_net_read and want_net_write

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC CHANNEL: Handle network errors as connection-fatal events
Hugo Landau [Mon, 9 Jan 2023 15:47:47 +0000 (15:47 +0000)]
QUIC CHANNEL: Handle network errors as connection-fatal events

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC QTX: Handle network errors explicitly
Hugo Landau [Mon, 9 Jan 2023 15:44:42 +0000 (15:44 +0000)]
QUIC QTX: Handle network errors explicitly

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC DEMUX: Handle network errors explicitly
Hugo Landau [Mon, 9 Jan 2023 15:43:52 +0000 (15:43 +0000)]
QUIC DEMUX: Handle network errors explicitly

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC: Document how blocking mode is automatically turned off
Hugo Landau [Mon, 9 Jan 2023 11:31:07 +0000 (11:31 +0000)]
QUIC: Document how blocking mode is automatically turned off

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC BIO Poll Descriptors: simplify custom interface
Hugo Landau [Mon, 9 Jan 2023 11:20:08 +0000 (11:20 +0000)]
QUIC BIO Poll Descriptors: simplify custom interface

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC CSM: Tweak docs for tick functions, add DTLSv1 docs
Hugo Landau [Mon, 9 Jan 2023 11:18:06 +0000 (11:18 +0000)]
QUIC CSM: Tweak docs for tick functions, add DTLSv1 docs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC CSM: Minor style fixes
Hugo Landau [Mon, 9 Jan 2023 11:17:42 +0000 (11:17 +0000)]
QUIC CSM: Minor style fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

2 weeks agoQUIC Front End I/O API: Remove __owur from man pages
Hugo Landau [Fri, 6 Jan 2023 11:50:55 +0000 (11:50 +0000)]
QUIC Front End I/O API: Remove __owur from man pages

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)