Hugo Landau [Wed, 18 Jan 2023 15:43:56 +0000 (15:43 +0000)]
Fix corruption when searching for CRLs in hashed directories
The by_dir certificate/CRL lookup code uses an OPENSSL_STACK to track
how many sequentially numbered CRL files have been loaded for a given
X509_NAME hash which is being requested. This avoids loading already
loaded CRL files and repeated stat() calls.
This OPENSSL_STACK is searched using sk_find, however this mutates
the OPENSSL_STACK unless it is known to be sorted. This operation
therefore requires a write lock, which was not taken.
Fix this issue by sorting the OPENSSL_STACK whenever it is mutated. This
guarantees no mutation will occur during sk_find. This is chosen over
taking a write lock during sk_find as retrieving a CRL by X509_NAME is
assumed to be a hotter path than the case where a new CRL is installed.
Also optimise the code by avoiding creating the structure to track the
last CRL file sequence number in the circumstance where it would match
the initial value, namely where no CRL with the given hash is installed.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20076)
Matt Caswell [Fri, 20 Jan 2023 14:08:42 +0000 (14:08 +0000)]
Add DTLS support to the large app data test
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)
Matt Caswell [Thu, 19 Jan 2023 11:59:44 +0000 (11:59 +0000)]
Ensure our buffer allocation allows for the Explicit IV
Some ciphers/protocol versions have an explicit IV. We need to make sure we
have sufficient room for it in the underlying buffer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)
Matt Caswell [Thu, 19 Jan 2023 10:52:45 +0000 (10:52 +0000)]
Add a test for large app data
Test that sending large app data records works correctly.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20085)
Tomas Mraz [Fri, 20 Jan 2023 10:40:45 +0000 (11:40 +0100)]
MD5.pod: Recommend SHA-2 or SHA-3 family hashes instead of legacy ones
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20095)
Dr. David von Oheimb [Mon, 16 Jan 2023 07:38:01 +0000 (08:38 +0100)]
X509_V_ERR_INVALID_PURPOSE: fix misleading text; Fix omission in X509_VERIFY_PARAM_clear_flags doc
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20052)
Dr. David von Oheimb [Tue, 11 Oct 2022 14:21:20 +0000 (16:21 +0200)]
cmp_client.c: fix handling of total_timeout for RR and GENM transactions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
Dr. David von Oheimb [Fri, 25 Nov 2022 09:43:12 +0000 (10:43 +0100)]
cmp_client_test.c: add tests for end_time being initialized for RR/GENM
To this end, tweak the internal handling of ctx->total_timeout.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
Dr. David von Oheimb [Fri, 25 Nov 2022 11:08:42 +0000 (12:08 +0100)]
CMP docs: clarify behavior on message/total timeout values given
Clarify behavior of OSSL_CMP_CTX_set_option() when given (negative)
values for OSSL_CMP_OPT_MSG_TIMEOUT or OSSL_CMP_OPT_TOTAL_TIMEOUT.
Fix doc of -msg_timeout and -total_timeout in openssl-cmp.pod.in
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/19391)
Thib [Fri, 20 Jan 2023 13:07:15 +0000 (14:07 +0100)]
Fixes wrong return type in BIO_do_connect man page.
Current man page indicates the function returns an int while it returns
a long.
Fixes #20096.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20097)
Niels Dossche [Sat, 21 Jan 2023 12:34:34 +0000 (13:34 +0100)]
Fix incorrect check on RAND_bytes_ex() in generate_q_fips186_4()
RAND_bytes_ex() can also return 0 on failure. Other callers do check
this correctly. Change the check from <0 to <=0.
Fixes: #20100
CLA: trivial
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20106)
Ingo Franzki [Wed, 18 Jan 2023 10:24:16 +0000 (11:24 +0100)]
Allow OSSL_SIGNATURE_PARAM_NONCE_TYPE to be retrieved
Context parameter OSSL_SIGNATURE_PARAM_NONCE_TYPE can now also be
retrieved for ECDSA and DSA.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20070)
David Carlier [Sat, 19 Dec 2020 11:07:09 +0000 (11:07 +0000)]
Adding a separated build settings for BSD flavors
to avoid inheriting Linux's linker flags (ie -Wl,-z,defs)
now targetting OpenBSD.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/13393)
Richard Levitte [Fri, 13 Jan 2023 11:51:43 +0000 (12:51 +0100)]
bn2bin(): Don't accept len < 0
Test included
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)
Richard Levitte [Thu, 12 Jan 2023 10:10:01 +0000 (11:10 +0100)]
Add a test for public variants of bn2bin()
We test with binary input of length 1, length 0, and NULL input with length 0
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)
Richard Levitte [Thu, 12 Jan 2023 09:17:01 +0000 (10:17 +0100)]
bin2bn(): When len==0, just return a zero BIGNUM
This allows calls with s==NULL and len==0 to be safe. It probably already
was, but address sanitizers could still complain.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20033)
ValdikSS [Wed, 18 Jan 2023 17:14:48 +0000 (20:14 +0300)]
Padlock: fix byte swapping assembly for AES-192 and 256
Byte swapping code incorrectly uses the number of AES rounds to swap expanded
AES key, while swapping only a single dword in a loop, resulting in swapped
key and partially swapped expanded keys, breaking AES encryption and
decryption on VIA Padlock hardware.
This commit correctly sets the number of swapping loops to be done.
Fixes #20073
CLA: trivial
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20077)
Pauli [Wed, 18 Jan 2023 07:03:33 +0000 (18:03 +1100)]
Add link to EBNF definition
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
Pauli [Sun, 15 Jan 2023 23:04:11 +0000 (10:04 +1100)]
Add negative test for unquoted property string
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
Pauli [Wed, 11 Jan 2023 00:39:02 +0000 (11:39 +1100)]
Correct property EBNF for unquoted strings
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20023)
Hugo Landau [Wed, 18 Jan 2023 11:07:58 +0000 (11:07 +0000)]
QUIC Test Server: Minor fixups
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Wed, 30 Nov 2022 08:50:58 +0000 (08:50 +0000)]
QUIC DEMUX: Refactor list manipulation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 17:49:36 +0000 (17:49 +0000)]
QUIC Test Server: Basic echo server test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:45:18 +0000 (13:45 +0000)]
QUIC Test Server Implementation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:41:23 +0000 (13:41 +0000)]
QUIC CHANNEL: Add basic server support for testing
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:35:04 +0000 (13:35 +0000)]
QUIC CHANNEL: Transport params: Offer reason text and add server support
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:31:42 +0000 (13:31 +0000)]
QUIC TXP: Fix generation of CONNECTION_CLOSE
CONNECTION_CLOSE frames can be generated on multiple ELs, so the TX
packetiser was generating it on multiple ELs simultaneously. This fixes
the CONNECTION_CLOSE generation logic so that the lowest non-dropped EL
is always used.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:29:45 +0000 (13:29 +0000)]
QUIC Front-End I/O API: Fix WANT_READ signalling for SSL_read
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:28:56 +0000 (13:28 +0000)]
QUIC Front-End I/O API: Fix implementation of SSL_get_error
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:28:24 +0000 (13:28 +0000)]
QUIC QRX: (Server support) Add support for manual URXE injection
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:26:51 +0000 (13:26 +0000)]
QUIC DHS: (Server support) Add server state machine for DHS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Hugo Landau [Tue, 22 Nov 2022 13:25:41 +0000 (13:25 +0000)]
QUIC DEMUX: (Server support) Add support for default handler
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
Niels Dossche [Tue, 17 Jan 2023 19:27:49 +0000 (20:27 +0100)]
Fix incorrect error return value in i2r_ADMISSION_SYNTAX()
The other implementations of i2r return 0 in case of an error, but
i2r_ADMISSION_SYNTAX() returns -1. That means the check on i2r does not
catch the error. Change it to return 0 like the others do.
Fixes: #20066
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20068)
Juergen Christ [Tue, 17 Jan 2023 18:16:43 +0000 (19:16 +0100)]
S390X: Fix Ed448ph
CPACF does not support pre-hashing. This was considered correctly for
Ed25519ph, but not for Ed448ph which lead to errors in the test_evp suite
(test vector 20 - pre-hashing without context string). Fix this by using the
non-accelerated version of Ed448 also if no context string is provided, but
pre-hashing is performed.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20067)
Juergen Christ [Mon, 16 Jan 2023 10:37:15 +0000 (11:37 +0100)]
Fix potential NULL pointer dereference
In EC key generation, if allocation of struct ec_gen_ctx fails, values
provided by parameters are copied into the context at represented by a NULL
pointer. To fix this, prevent copy if allocation fails.
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20055)
north-16 [Fri, 13 Jan 2023 01:33:46 +0000 (17:33 -0800)]
Clarify documentation of X509_STORE_CTX_get_current_cert()
CLA: trivial
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20038)
zhangzhilei [Sat, 14 Jan 2023 06:23:48 +0000 (14:23 +0800)]
remove unused macro in cast_local.h and des_local.h
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20048)
Tomas Mraz [Fri, 13 Jan 2023 13:48:52 +0000 (14:48 +0100)]
pkey: Imply public check if -pubin is specified
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20044)
slontis [Wed, 21 Dec 2022 04:39:07 +0000 (14:39 +1000)]
PKCS12 - Add additional libctx and propq support.
Fixes #19718
Fixes #19716
Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and
ASN1_item_unpack_ex().
parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX.
PKCS12_free() needed to be manually constructed in order to free the propq.
pkcs12_api_test.c changed so that it actually tests the libctx, propq.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19942)
Juergen Christ [Mon, 2 Jan 2023 16:52:25 +0000 (17:52 +0100)]
s390x: Fix keccak xofs via CPACF
CPACF does not directly support xofs. Emulate this by using single block
operations on an empty input block.
Fixes: affc070aabc9 ("s390x: Optimize kmac")
Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19983)
fangming.fang [Wed, 11 Jan 2023 03:49:28 +0000 (03:49 +0000)]
Fix big-endian issue in chacha20 SVE implementation on aarch64
Fixes: #19902
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20028)
dependabot[bot] [Mon, 16 Jan 2023 15:24:25 +0000 (15:24 +0000)]
Bump actions/setup-python from 4.4.0 to 4.5.0
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0)
---
updated-dependencies:
- dependency-name: actions/setup-python
dependency-type: direct:production
update-type: version-update:semver-minor
...
CLA: trivial
Signed-off-by: dependabot[bot] <support@github.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20046)
Dmitry Belyavskiy [Tue, 10 Jan 2023 17:54:51 +0000 (18:54 +0100)]
Documenting lack of error codes stability
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20019)
Dr. David von Oheimb [Tue, 13 Dec 2022 16:47:23 +0000 (17:47 +0100)]
CMP app: fix file output of certs and cert lists on non-existing cert(s)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20035)
Bernd Edlinger [Tue, 8 Nov 2022 16:43:22 +0000 (17:43 +0100)]
Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime
Otherwise the alloca can cause an exception.
Issue reported by Jiayi Lin.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
Bernd Edlinger [Sat, 7 Jan 2023 06:58:21 +0000 (07:58 +0100)]
Revert "Limit size of modulus for BN_mod_exp_mont_consttime()"
This reverts commit
4378e3cd2a4d73a97a2349efaa143059d8ed05e8.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
Hugo Landau [Mon, 9 Jan 2023 15:48:25 +0000 (15:48 +0000)]
QUIC API: Rename want_net_read and want_net_write
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 15:47:47 +0000 (15:47 +0000)]
QUIC CHANNEL: Handle network errors as connection-fatal events
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 15:44:42 +0000 (15:44 +0000)]
QUIC QTX: Handle network errors explicitly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 15:43:52 +0000 (15:43 +0000)]
QUIC DEMUX: Handle network errors explicitly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 11:31:07 +0000 (11:31 +0000)]
QUIC: Document how blocking mode is automatically turned off
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 11:20:08 +0000 (11:20 +0000)]
QUIC BIO Poll Descriptors: simplify custom interface
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 11:18:06 +0000 (11:18 +0000)]
QUIC CSM: Tweak docs for tick functions, add DTLSv1 docs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 9 Jan 2023 11:17:42 +0000 (11:17 +0000)]
QUIC CSM: Minor style fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Fri, 6 Jan 2023 11:50:55 +0000 (11:50 +0000)]
QUIC Front End I/O API: Remove __owur from man pages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 4 Jan 2023 07:24:08 +0000 (07:24 +0000)]
QUIC: Minor cleanup
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Fri, 16 Dec 2022 13:26:33 +0000 (13:26 +0000)]
QUIC TXP: Fix bug in send stream handling, cleanup
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 11:29:38 +0000 (11:29 +0000)]
QUIC: Add TODO for CCM support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 07:07:49 +0000 (07:07 +0000)]
QUIC Front-End I/O API: Determine read completion correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 07:07:35 +0000 (07:07 +0000)]
QUIC: Use ossl_assert
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 07:07:12 +0000 (07:07 +0000)]
QUIC RXDP: Different error messages for stream conditions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 07:06:55 +0000 (07:06 +0000)]
QUIC: Minor comment and editorial fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 07:05:21 +0000 (07:05 +0000)]
QUIC Front End I/O API: Minor doc fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 15 Dec 2022 06:42:43 +0000 (06:42 +0000)]
QUIC Front End I/O API: Don't allow EPW to be enabled during AON
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Tue, 13 Dec 2022 12:34:36 +0000 (12:34 +0000)]
QUIC: Back out version string change
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 08:04:34 +0000 (08:04 +0000)]
QUIC: Documentation updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 08:04:00 +0000 (08:04 +0000)]
QUIC Front End I/O API: Tweaks to handshake processing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 08:02:50 +0000 (08:02 +0000)]
QUIC Front End I/O API: Remove unnecessary code from SSL_get_tick_timeout
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 08:01:58 +0000 (08:01 +0000)]
QUIC CHANNEL: Minor cleanups and bug fix
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 08:01:39 +0000 (08:01 +0000)]
QUIC: Style fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 08:00:19 +0000 (08:00 +0000)]
QUIC Front End I/O API: Wire up SSL_CTX ctrls and remove unneeded functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 07:57:55 +0000 (07:57 +0000)]
QUIC CHANNEL: Revise inaccurate comments
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 07:57:36 +0000 (07:57 +0000)]
QUIC: Revise and add some TODO lines
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 07:55:48 +0000 (07:55 +0000)]
QUIC Front End I/O API: Correct implementation of SSL_tick, SSL_get_tick_timeout
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Wed, 30 Nov 2022 07:54:39 +0000 (07:54 +0000)]
QUIC Front End I/O API: Change version string
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Matt Caswell [Mon, 21 Nov 2022 11:00:34 +0000 (11:00 +0000)]
Separate handling of RX and TX enc level
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Tue, 22 Nov 2022 17:56:18 +0000 (17:56 +0000)]
QUIC CHANNEL: Only pump the demuxer once per tick
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Tue, 22 Nov 2022 13:46:05 +0000 (13:46 +0000)]
QUIC CHANNEL: Only reprocess after an RX secret has been provisioned
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 21 Nov 2022 09:55:30 +0000 (09:55 +0000)]
QUIC TXP: Correct an issue with an uninitialized variable
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 21 Nov 2022 07:55:37 +0000 (07:55 +0000)]
QUIC Front-End I/O API: Ensure BIOs are reffed and freed correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Fri, 18 Nov 2022 17:25:25 +0000 (17:25 +0000)]
QUIC_CHANNEL: Handle deferred packet processing after yielding of secrets correctly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Fri, 18 Nov 2022 17:20:20 +0000 (17:20 +0000)]
QUIC DEMUX: Allow MTU to vary over time and autodetect MTU
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 16:03:00 +0000 (16:03 +0000)]
QUIC: Enable building with QUIC support disabled
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:47:17 +0000 (15:47 +0000)]
QUIC: make update
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:45:11 +0000 (15:45 +0000)]
QUIC: Temporarily disable front-end API tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:39:18 +0000 (15:39 +0000)]
QUIC: Remove RX depacketiser tests from QRL test suite
These create significant coupling between the QRL tests and the RXDP.
Moreover, the RXDP has no state of its own and is implemented as part of
the QUIC_CHANNEL, ergo it doesn't make that much sense to test it in
isolation.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:35:17 +0000 (15:35 +0000)]
QUIC Front-End I/O API: Wire up the SSL API functions
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:33:11 +0000 (15:33 +0000)]
QUIC Front-End I/O API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:30:57 +0000 (15:30 +0000)]
internal/sockets.h: Add support for testing EINTR portably
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:30:22 +0000 (15:30 +0000)]
QUIC: Add miscellaneous QUIC constants
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:29:44 +0000 (15:29 +0000)]
QUIC Stream Mapper: CSM-related changes, stream limits handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:26:39 +0000 (15:26 +0000)]
QUIC: Complete the implementation of the RX depacketiser in terms of QUIC_CHANNEL
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:00:41 +0000 (15:00 +0000)]
QUIC_CHANNEL: Implementation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 14:59:18 +0000 (14:59 +0000)]
QUIC: Add QUIC reactor
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 15:17:39 +0000 (15:17 +0000)]
Add BIO poll descriptors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Tue, 1 Nov 2022 16:39:09 +0000 (16:39 +0000)]
QUIC ACKM: Add function to get PTO
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Tue, 1 Nov 2022 14:38:07 +0000 (14:38 +0000)]
QUIC RXDP: Remove non-actionable TODOs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Mon, 14 Nov 2022 18:13:35 +0000 (18:13 +0000)]
QUIC CSM: Documentation for new APIs
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 17 Nov 2022 14:20:39 +0000 (14:20 +0000)]
QUIC Transport Parameters: Add CID encoder/decoder, make ID optional
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
Hugo Landau [Thu, 3 Nov 2022 06:45:50 +0000 (06:45 +0000)]
QUIC RX: Refactor unsafe DCID consistency checking
Previously, we enforced the requirement that the DCIDs be the same for
all packets in a datagram by keeping a pointer to the first RXE
generated from a datagram. This is unsafe and could lead to a UAF if the
first packet is malformed, meaning that no RXE ended up being generated
from it. Keep track of the DCID directly instead, as we should enforce
this correctly even if the first packet in a datagram is malformed (but
has an intelligible header with a DCID and length).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)