Dmitry Belyavskiy [Tue, 27 Feb 2024 14:22:58 +0000 (15:22 +0100)]
Fix a memory leak on successful load of CRL
Fixes #23693
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23695)
Hugo Landau [Mon, 4 Mar 2024 22:56:45 +0000 (22:56 +0000)]
QUIC QLOG: Fix ANSI
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23744)
Hugo Landau [Mon, 4 Mar 2024 22:55:51 +0000 (22:55 +0000)]
QUIC QLOG: Fix use of sprintf
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23744)
Hugo Landau [Mon, 4 Mar 2024 22:49:54 +0000 (22:49 +0000)]
Enable qlog support by default
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23744)
Tomas Mraz [Thu, 14 Dec 2023 17:04:58 +0000 (18:04 +0100)]
Document that unknown groups and sigalgs marked with ? are ignored
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)
Tomas Mraz [Thu, 14 Dec 2023 16:47:43 +0000 (17:47 +0100)]
Add test for ignoring unknown sigalgs and groups marked with ?
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)
Tomas Mraz [Thu, 14 Dec 2023 16:08:56 +0000 (17:08 +0100)]
Allow ignoring unknown sigalgs and groups in the configuration
Related to #20789
Signature algorithms and groups in the configuration that are
preceded with ? character and are unknown to libssl are just ignored.
The handling for them is similar to handling of ciphers.
I.e., there should be a failure only in case the configuration produces
no valid sigalgs or groups.
Also ignore duplicate sigalgs and groups as such confiuration errors
should not be fatal.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23050)
Dr. David von Oheimb [Fri, 4 Aug 2023 15:05:20 +0000 (17:05 +0200)]
apps/cmp: improve -reqin option to read fallback public key from first request message file given
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Dr. David von Oheimb [Fri, 4 Aug 2023 19:45:07 +0000 (21:45 +0200)]
crypto/cmp: add OSSL_CMP_MSG_get0_certreq_publickey(); fix coding style nit
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Dr. David von Oheimb [Fri, 4 Aug 2023 09:47:17 +0000 (11:47 +0200)]
apps/cmp: extend documentation and diagnostics for using -reqin in special situations
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Dr. David von Oheimb [Thu, 3 Aug 2023 14:55:35 +0000 (16:55 +0200)]
apps/cmp: add -reqout_only option for dumping/saving just the initial CMP request message
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Dr. David von Oheimb [Fri, 4 Aug 2023 19:54:29 +0000 (21:54 +0200)]
apps/cmp.c: refactor to fix some coding style nits and more convenient source-level debugging
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Dr. David von Oheimb [Wed, 17 Jan 2024 17:32:46 +0000 (18:32 +0100)]
cmperr.h: use free reason value 106 rather than 197 for CMP_R_UNEXPECTED_SENDER
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21660)
Neil Horman [Thu, 29 Feb 2024 17:01:31 +0000 (12:01 -0500)]
Dump out qlog json if it is malformed
We're still seeing periodic failures in qlog from malformed json output,
so lets try to catch it.
Modify the verify-qlog.py script to, in the event of an exception in
json.loads, to replay the entire json file to the console, followed by
an exception indicating what line it died trying to parse.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23715)
pohsingwu [Sun, 28 Jan 2024 10:18:02 +0000 (18:18 +0800)]
Implement PCT for EDDSA
According to FIPS 140-3 IG 10.3.A Additonal Comment 1, a PCT shall be
performed consistent with the intended use of the keys.
This commit implements PCT for EDDSA via performing sign and verify
operations after key generated.
Also use the same pairwise test logic in EVP_PKEY_keygen and
EVP_PKEY_pairwise_check for EDDSA in FIPS_MODULE.
Add OSSL_SELF_TEST_DESC_PCT_EDDSA to OSSL_PROVIDER-FIPS page.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23408)
Alexandr Nedvedicky [Thu, 15 Feb 2024 11:07:26 +0000 (12:07 +0100)]
demos/http3: Use `SSL_write_ex2()` together with `SSL_WRITE_FLAG_CONCLUDE`
These calls were introduced by PR #23343.
Change also does a minor tweak to Makefile so CFLAGS and LDFLAGS variables
from the environment are respected.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23602)
shridhar kalavagunta [Sat, 27 Jan 2024 03:10:32 +0000 (21:10 -0600)]
Fix off by one issue in buf2hexstr_sep()
Fixes #23363
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23404)
Michael [Fri, 9 Feb 2024 22:45:00 +0000 (23:45 +0100)]
Improve documentation of standard IANA cipher suite names.
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23539)
Job Snijders [Wed, 21 Feb 2024 21:26:50 +0000 (21:26 +0000)]
Add appropriate lower bound checks for GeneralizedTime and UTCTime
ITU-T X.690 / ISO/IEC 8825-1 section 11.7 and section 11.8
impose specific constraints on how GeneralizedTime and UTCTime
can be encoded in BER/CER/DER. Following from these constraints
a minimum length can be derived.
Checking the length in this context can potentially help prevent
applications from interpreting an invalid GeneralizedTime as a
valid UTCTime.
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23483)
Martin Oliveira [Fri, 9 Feb 2024 21:31:27 +0000 (14:31 -0700)]
apps/engine: add EC to list of capabilities
openssl engine -c wasn't showing if an engine implemented EC
cla: trivial
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23538)
Hamilton Chapman [Wed, 21 Feb 2024 13:47:19 +0000 (13:47 +0000)]
Ensure `$(MAKE)` commands and `CFLAGS` are appropriately quoted in the Makefile.
If a user's `make` command came from a path that contained a space then both the
`$(MAKE)` variable (and parts of the generated `CFLAGS`, when building for iOS)
would not be properly quoted and the build would fail.
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23663)
Tom Cosgrove [Wed, 21 Feb 2024 09:11:20 +0000 (09:11 +0000)]
Apply the AES-GCM unroll8 optimisation to Microsoft Azure Cobalt 100
Performance improvements range from 18% to 32%.
Change-Id: Ifb89eeac3c0625a582a25ff07cf7f9c9ec8f5ba6
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23651)
响马 [Sat, 17 Feb 2024 22:57:57 +0000 (06:57 +0800)]
chachap10-ppc.pl: Fix truncated relocation
Fix error: relocation truncated to fit: R_PPC64_REL14 (stub)
against symbol `ChaCha20_ctr32_vsx_8x'
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23618)
Michael Baentsch [Mon, 19 Feb 2024 05:41:35 +0000 (06:41 +0100)]
SSL_set1_groups_list(): Fix memory corruption with 40 groups and more
Fixes #23624
The calculation of the size for gid_arr reallocation was wrong.
A multiplication by gid_arr array item size was missing.
Testcase is added.
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23625)
MrRurikov [Wed, 21 Feb 2024 08:11:34 +0000 (11:11 +0300)]
s_cb.c: Add missing return value checks
Return value of function 'SSL_CTX_ctrl', that is called from
SSL_CTX_set1_verify_cert_store() and SSL_CTX_set1_chain_cert_store(),
is not checked, but it is usually checked for this function.
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23647)
(cherry picked from commit
6f794b461c6e16c8afb996ee190e084cbbddb6b8)
Tomas Mraz [Tue, 20 Feb 2024 17:42:24 +0000 (18:42 +0100)]
Minor wording fixes related to no-atexit
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/23642)
(cherry picked from commit
66e6f72c3e4221580a7f456ddeaa5027f0bbb8b7)
Matt Caswell [Tue, 20 Feb 2024 15:11:26 +0000 (15:11 +0000)]
Don't print excessively long ASN1 items in fuzzer
Prevent spurious fuzzer timeouts by not printing ASN1 which is excessively
long.
This fixes a false positive encountered by OSS-Fuzz.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23640)
Ijtaba Hussain [Fri, 9 Jun 2023 06:04:53 +0000 (11:04 +0500)]
Extended SSL_SESSION functions using time_t
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21206)
Frederik Wedel-Heinen [Fri, 16 Feb 2024 10:44:01 +0000 (11:44 +0100)]
Future proof RLAYER_USE_EXPLICIT_IV by checking dtls versions directly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23611)
Bernd Ritter [Sat, 17 Feb 2024 18:15:14 +0000 (19:15 +0100)]
Correct the defined name of the parameter "micalg" in the documentation
The EVP_DigestInit(3) manual page contains wrong name for the define
macro for the OSSL_DIGEST_PARAM_MICALG param.
Fixes #23580
CLA: trivial
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23615)
Hugo Landau [Wed, 14 Feb 2024 10:06:45 +0000 (10:06 +0000)]
Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Mon, 12 Feb 2024 11:31:18 +0000 (11:31 +0000)]
Fix warning
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Mon, 12 Feb 2024 10:06:23 +0000 (10:06 +0000)]
JSON_ENC: Ensure ossl_json_flush() really flushes the BIO
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Mon, 12 Feb 2024 09:50:59 +0000 (09:50 +0000)]
QUIC CHANNEL: Defer QLOG instantiation until first event
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Mon, 12 Feb 2024 09:50:42 +0000 (09:50 +0000)]
QUIC TXP: Allow QLOG instance retrieval via callback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Mon, 12 Feb 2024 09:49:58 +0000 (09:49 +0000)]
QUIC QTX: Allow QLOG instance retrieval via callback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Mon, 12 Feb 2024 09:49:32 +0000 (09:49 +0000)]
QUIC FIFD: Allow QLOG instance retrieval via callback
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Fri, 9 Feb 2024 14:22:51 +0000 (14:22 +0000)]
Add entry to CHANGES.md
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Fri, 9 Feb 2024 14:08:52 +0000 (14:08 +0000)]
QUIC MULTISTREAM TEST: Test explicit event handling mode
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Fri, 9 Feb 2024 12:52:49 +0000 (12:52 +0000)]
QUIC APL: Add implementation of SSL_VALUE_EVENT_HANDLING_MODE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Fri, 9 Feb 2024 12:52:33 +0000 (12:52 +0000)]
QUIC: Add API for SSL_VALUE_EVENT_HANDLING_MODE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Hugo Landau [Fri, 9 Feb 2024 12:52:09 +0000 (12:52 +0000)]
QUIC: Add docs for SSL_VALUE_EVENT_HANDLING_MODE
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23535)
Shakti Shah [Tue, 13 Feb 2024 19:03:19 +0000 (00:33 +0530)]
OpenSSL License is applied for some source files, change to Apache 2
The following files
include/openssl/hpke.h
crypto/hpke/hpke.c
crypto/ec/asm/ecp_sm2p256-armv8.pl
crypto/chacha/asm/chacha-loongarch64.pl
still seem to be released under the OpenSSL License instead of the Apache 2 license.
Fixes #23570
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23576)
Marcel Gosmann [Wed, 14 Feb 2024 10:35:47 +0000 (11:35 +0100)]
Fixed Visual Studio 2008 compiler errors
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23586)
Frederik Wedel-Heinen [Tue, 13 Feb 2024 12:21:52 +0000 (13:21 +0100)]
Removes record_queue struct which is no longer useful.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23571)
Hugo Landau [Wed, 14 Feb 2024 08:08:01 +0000 (08:08 +0000)]
QUIC: Test that SSL_ctrl, SSL_set_mode are routed correctly on QSSOs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23581)
Hugo Landau [Wed, 14 Feb 2024 08:04:12 +0000 (08:04 +0000)]
QUIC: Fix SSL_ctrl operation for QSSOs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23581)
Neil Horman [Sat, 16 Dec 2023 20:32:48 +0000 (15:32 -0500)]
Check for NULL cleanup function before using it in encoder_process
encoder_process assumes a cleanup function has been set in the currently
in-use encoder during processing, which can lead to segfaults if said
function hasn't been set
Add a NULL check for this condition, returning -1 if it is not set
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23069)
Hugo Landau [Tue, 13 Feb 2024 11:33:08 +0000 (11:33 +0000)]
Add CHANGES: Fixed SSL_export_keying_material for QUIC.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23567)
(cherry picked from commit
a2ccaa666545c4c8dd501e6739d88b4e4d9199be)
Hugo Landau [Tue, 13 Feb 2024 11:29:53 +0000 (11:29 +0000)]
Fix SSL_export_keying_material for QUIC
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23567)
(cherry picked from commit
498d4e4c4f4a1e220cfa64cfcc76174e2f656fd0)
Neil Horman [Thu, 8 Feb 2024 14:17:44 +0000 (09:17 -0500)]
Skip shlibload tests if no-atexit is configured
the shared library load tests fail if no-atexit is configured. The
entire test suite relies on atexit handling to indicate an at exit
handler has run, by producing a file that the test recipe then reads.
With no-atexit that never happens, and the test fails
If no-atexit is specified, skip all the tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23523)
Shakti Shah [Sat, 10 Feb 2024 19:39:10 +0000 (01:09 +0530)]
KDF_CTX_new API has incorrect signature (const should not be there)
https://www.openssl.org/docs/man3.1/man3/EVP_KDF_CTX.html
The pages for 3.0/3.1/master seem to have the following
EVP_KDF_CTX *EVP_KDF_CTX_new(const EVP_KDF *kdf);
which does not match with the actual header which is
EVP_KDF_CTX *EVP_KDF_CTX_new(EVP_KDF *kdf);
Fixes #23532
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23541)
Dimitri Papadopoulos [Mon, 12 Feb 2024 20:22:30 +0000 (21:22 +0100)]
Fix the grammar as suggsted in the review
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23545)
Dimitri Papadopoulos [Sun, 11 Feb 2024 17:14:30 +0000 (18:14 +0100)]
Fix new typos found by codespell
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23545)
Dr. David von Oheimb [Wed, 7 Feb 2024 07:53:17 +0000 (08:53 +0100)]
test_cmp_http: decrease risk of timeouts due to delays caused by the underlying system running tests
Fixes #22870
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23502)
Tomas Mraz [Mon, 12 Feb 2024 09:59:27 +0000 (10:59 +0100)]
os-zoo.yml: Do not add enable-unstable-qlog as this CI tests all branches
The enable-unstable-qlog is enabled in windows.yml,
which is sufficient for testing it on Windows.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23550)
Hugo Landau [Fri, 9 Feb 2024 10:27:53 +0000 (10:27 +0000)]
Fix nit
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Thu, 8 Feb 2024 16:56:52 +0000 (16:56 +0000)]
Minor tweak to recipe
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Wed, 7 Feb 2024 08:53:41 +0000 (08:53 +0000)]
Fix typo
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Tue, 6 Feb 2024 12:51:53 +0000 (12:51 +0000)]
QUIC MULTISTREAM Test: Ensure poll test is robust
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Tue, 6 Feb 2024 12:24:49 +0000 (12:24 +0000)]
QUIC POLLING: Support no-quic builds
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Tue, 6 Feb 2024 12:07:59 +0000 (12:07 +0000)]
QUIC MULTISTREAM TEST: Fix perl warning around envvars
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Tue, 6 Feb 2024 12:07:43 +0000 (12:07 +0000)]
QUIC MULTISTREAM TEST: Add test for SSL_poll
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Fri, 2 Feb 2024 12:30:41 +0000 (12:30 +0000)]
QUIC POLLING: Implement autotick
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Fri, 2 Feb 2024 12:26:00 +0000 (12:26 +0000)]
make update
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Fri, 2 Feb 2024 12:24:24 +0000 (12:24 +0000)]
QUIC: Add manpage for SSL_poll
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Fri, 2 Feb 2024 12:21:28 +0000 (12:21 +0000)]
QUIC APL: Implement SSL_poll backend
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Fri, 2 Feb 2024 12:21:11 +0000 (12:21 +0000)]
QUIC QSM: Allow bidi and uni incoming streams to be tracked separately
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Fri, 2 Feb 2024 12:19:15 +0000 (12:19 +0000)]
QUIC RIO: Add frontend SSL_poll implementation
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Wed, 31 Jan 2024 12:36:45 +0000 (12:36 +0000)]
QUIC: Add glossary entry for RIO
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Wed, 31 Jan 2024 12:35:15 +0000 (12:35 +0000)]
QUIC: Add polling API
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Hugo Landau [Wed, 31 Jan 2024 12:34:21 +0000 (12:34 +0000)]
BIO: Add SSL poll descriptor type
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23495)
Frederik Wedel-Heinen [Wed, 7 Feb 2024 18:41:40 +0000 (19:41 +0100)]
Remove unused function arguments from tls_int_new_record_layer
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23514)
Hugo Landau [Thu, 8 Feb 2024 10:27:56 +0000 (10:27 +0000)]
THREADING: Make CRYPTO_MUTEX and CRYPTO_CONDVAR typesafe
There was really no need for this to be void and it made bugs very easy
to introduce accidentally, especially given that the free functions
needed to be passed a pointer to the pointer.
Also fix some bugs in the QUIC code detected immediately by this change.
.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23519)
Dmitry Belyavskiy [Wed, 7 Feb 2024 10:27:23 +0000 (11:27 +0100)]
Amend CHANGES.md/NEWS.md to reflect DN output changes
Fixes #23492
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23507)
Hugo Landau [Thu, 8 Feb 2024 10:36:50 +0000 (10:36 +0000)]
Windows: Add _dclass to the allowed symbols list
We use isnan() and isinf() in JSON_ENC now, which is translated to a
call to Microsoft's standard library function _dclass.
.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23517)
Hugo Landau [Thu, 8 Feb 2024 10:12:45 +0000 (10:12 +0000)]
QUIC QLOG: Fix use of size_t and uint64_t
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23517)
Hugo Landau [Thu, 8 Feb 2024 09:55:24 +0000 (09:55 +0000)]
QUIC QLOG: Retrieve PID correctly on Windows
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23517)
Hugo Landau [Thu, 8 Feb 2024 09:41:23 +0000 (09:41 +0000)]
JSON_ENC: Fix unit test for MSVC
Previously scripts were defined like this:
{
static const char *const script_name = "xxx";
static const struct script_info script_info = {
script_name, ...
};
return &script_info;
}
MSVC cannot handle this, presumably because this technically involves a
load from a variable to determine that script_name equals "xxx" and it
is unable to do this during evaluation of a constant initializer list.
Resolve this by changing script_name and script_title to be arrays
instead, allowing the correct pointer values to be filled into
script_info as symbol addresses/relocations rather than dereferences.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23517)
Hugo Landau [Thu, 8 Feb 2024 09:11:46 +0000 (09:11 +0000)]
QUIC qlog: Enable qlog in Windows CI
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Neil Horman <nhorman@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23517)
Tomas Mraz [Wed, 7 Feb 2024 09:27:50 +0000 (10:27 +0100)]
Fix memory leaks on error cases during drbg initializations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/23503)
Angel Baez [Wed, 7 Feb 2024 15:34:48 +0000 (10:34 -0500)]
Rearrange terms in gf_mul to prevent segfault
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23512)
Frederik Wedel-Heinen [Wed, 31 Jan 2024 08:35:58 +0000 (09:35 +0100)]
Remove unneeded stuff
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Wed, 31 Jan 2024 08:35:27 +0000 (09:35 +0100)]
Refactor skip test statements.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Wed, 31 Jan 2024 08:16:47 +0000 (09:16 +0100)]
Adds some version guards for dummy proxy.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Wed, 31 Jan 2024 07:39:10 +0000 (08:39 +0100)]
Don't use dtls proxy on windows.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Tue, 30 Jan 2024 13:51:32 +0000 (14:51 +0100)]
Check if creating a tlsproxy instance per use allows to run the tests on windows.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Tue, 30 Jan 2024 13:29:53 +0000 (14:29 +0100)]
Fix test runs on builds without tls1_3
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Tue, 30 Jan 2024 09:31:00 +0000 (10:31 +0100)]
Skip tests if build does not support dtls1.2 or tls1.2
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Tue, 30 Jan 2024 09:09:07 +0000 (10:09 +0100)]
Remove obsolete comment.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Tue, 30 Jan 2024 09:00:39 +0000 (10:00 +0100)]
Merge dtls and tls records tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Fri, 26 Jan 2024 11:14:57 +0000 (12:14 +0100)]
Don't run dtls test on windows.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Fri, 26 Jan 2024 10:27:02 +0000 (11:27 +0100)]
chomp does not work on windows.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Tue, 23 Jan 2024 14:18:51 +0000 (15:18 +0100)]
Handle DTLS 1.2 in CertificateVerify messages
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Mon, 22 Jan 2024 13:12:06 +0000 (14:12 +0100)]
Use open2 instead of open for s_server instance
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Frederik Wedel-Heinen [Thu, 11 Jan 2024 13:18:07 +0000 (14:18 +0100)]
Support DTLS in TLS::Proxy.
Fixes #23199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23319)
Hugo Landau [Wed, 7 Feb 2024 12:43:02 +0000 (12:43 +0000)]
Minor updates
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
Hugo Landau [Wed, 7 Feb 2024 08:54:21 +0000 (08:54 +0000)]
QUIC APL: Move NULL pointer check to quic_impl.c
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
Hugo Landau [Wed, 7 Feb 2024 08:49:30 +0000 (08:49 +0000)]
QUIC CHANNEL: Optimise struct packing
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
Hugo Landau [Fri, 2 Feb 2024 09:14:26 +0000 (09:14 +0000)]
Fixup multistream test
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23360)
projects / openssl.git / log