Holger Dengler [Wed, 27 Sep 2023 13:40:47 +0000 (15:40 +0200)]
Support EVP_DigestSqueeze() for in the digest provider for s390x.
The new EVP_DigestSqueeze() API requires changes to all keccak-based
digest provider implementations. Update the s390x-part of the SHA3
digest provider.
Squeeze for SHA3 is not supported, so add an empty function pointer
(NULL).
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Holger Dengler [Wed, 27 Sep 2023 13:43:18 +0000 (15:43 +0200)]
Fix state handling of keccak_final for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_keccac_final() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Holger Dengler [Wed, 27 Sep 2023 13:37:29 +0000 (15:37 +0200)]
Fix state handling of shake_final for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_shake_final() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Holger Dengler [Wed, 27 Sep 2023 13:36:59 +0000 (15:36 +0200)]
Fix state handling of sha3_final for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_final() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Holger Dengler [Wed, 27 Sep 2023 13:36:23 +0000 (15:36 +0200)]
Fix state handling of sha3_absorb for s390x.
The digest life-cycle state diagram has been updated for XOF. Fix the
state handling in s390x_sha3_aborb() according to the updated state
diagram.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Holger Dengler [Wed, 27 Sep 2023 19:54:34 +0000 (21:54 +0200)]
Add xof state handing for generic sha3 absorb.
The digest life-cycle diagram specifies state transitions to `updated`
(aka XOF_STATE_ABSORB) only from `initialised` and `updated`. Add this
checking to the generic sha3 absorb implementation.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
Holger Dengler [Wed, 27 Sep 2023 09:18:18 +0000 (11:18 +0200)]
Support multiple calls of low level SHA3_squeeze() for s390x.
The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. Support this on s390x
architecture as well.
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22221)
slontis [Fri, 21 Jul 2023 05:05:38 +0000 (15:05 +1000)]
Add EVP_DigestSqueeze() API.
Fixes #7894
This allows SHAKE to squeeze multiple times with different output sizes.
The existing EVP_DigestFinalXOF() API has been left as a one shot
operation. A similar interface is used by another toolkit.
The low level SHA3_Squeeze() function needed to change slightly so
that it can handle multiple squeezes. This involves changing the
assembler code so that it passes a boolean to indicate whether
the Keccak function should be called on entry.
At the provider level, the squeeze is buffered, so that it only requests
a multiple of the blocksize when SHA3_Squeeze() is called. On the first
call the value is zero, on subsequent calls the value passed is 1.
This PR is derived from the excellent work done by @nmathewson in
https://github.com/openssl/openssl/pull/7921
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21511)
James Muir [Fri, 3 Nov 2023 17:15:04 +0000 (13:15 -0400)]
cms demos: print signingTime attributes
Add a makefile for the cms demos, and add a routine to cms_ver.c to
print any signingTime attributes from the CMS_ContentInfo object.
This provides an example that could be extended if an application
wants to examine the purported signing times.
Part of #8026
Testing:
$ cd demos/cms
$ make test
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22618)
Alexey Fofanov [Wed, 18 Oct 2023 11:23:22 +0000 (14:23 +0300)]
apps/list.c: Check the result of inserting a provider into provider's stack
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22492)
(cherry picked from commit
15b83e04a5e125ab873ace1e474790a4a5b44647)
Bernd Edlinger [Mon, 6 Nov 2023 09:44:27 +0000 (10:44 +0100)]
Fix a possible memory leak of ssl->s3.tmp.psk
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22637)
Matt Caswell [Wed, 8 Nov 2023 10:15:25 +0000 (10:15 +0000)]
After a stream has implicit length don't add more stream related frames
Once we have decided that a stream has an implicit length then we should
treat the packet as full and not try to add any more stream related frames
to the packet.
Fixes #22658
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22662)
Veronika Hanulíková [Thu, 12 Oct 2023 12:38:06 +0000 (14:38 +0200)]
Add config tests for including provider config files
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22598)
Tomas Mraz [Tue, 7 Nov 2023 14:22:00 +0000 (15:22 +0100)]
Add CHANGES.md and NEWS.md entry for CVE-2023-5678
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22647)
(cherry picked from commit
4ee71b4c302a06c24b46a5def1cff2096bd57f0b)
Tomas Mraz [Tue, 7 Nov 2023 14:14:34 +0000 (15:14 +0100)]
Sync CHANGES.md and NEWS.md with 3.1 branch
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22647)
(cherry picked from commit
2d0d3edb04ab0fa53e30e3cbdd114de9933d5361)
Hugo Landau [Fri, 3 Nov 2023 15:13:51 +0000 (15:13 +0000)]
QUIC TXP: Handle padding correctly for ACK_ONLY archetype
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22615)
Hugo Landau [Fri, 3 Nov 2023 14:53:10 +0000 (14:53 +0000)]
QUIC TXP: Fix use of implicit-length STREAM frames in presence of PATH_REPSONSE frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22615)
Neil Horman [Fri, 3 Nov 2023 16:56:40 +0000 (12:56 -0400)]
add locking around fake_now
fake_now in the quictestlib is read/written by potentially many threads,
and as such should have a surrounding lock to prevent WAR/RAW errors as
caught by tsan:
2023-11-03T16:27:23.7184999Z ==================
2023-11-03T16:27:23.7185290Z WARNING: ThreadSanitizer: data race (pid=18754)
2023-11-03T16:27:23.7185720Z Read of size 8 at 0x558f6f9fe970 by main thread:
2023-11-03T16:27:23.7186726Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aead) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7187665Z #1 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7188567Z #2 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7189561Z #3 run_tests <null> (quicapitest+0x2237ab) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7190294Z #4 main <null> (quicapitest+0x223d2b) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7190720Z
2023-11-03T16:27:23.7190902Z Previous write of size 8 at 0x558f6f9fe970 by thread T1:
2023-11-03T16:27:23.7191607Z #0 qtest_create_quic_connection_ex <null> (quicapitest+0x14aecf) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7192505Z #1 run_server_thread quictestlib.c (quicapitest+0x14b1d6) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7193361Z #2 thread_run quictestlib.c (quicapitest+0x14cadf) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7193848Z
2023-11-03T16:27:23.7194220Z Location is global 'fake_now.0' of size 8 at 0x558f6f9fe970 (quicapitest+0x1af4970)
2023-11-03T16:27:23.7194636Z
2023-11-03T16:27:23.7194816Z Thread T1 (tid=18760, running) created by main thread at:
2023-11-03T16:27:23.7195465Z #0 pthread_create <null> (quicapitest+0xca12d) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7196317Z #1 qtest_create_quic_connection_ex <null> (quicapitest+0x14adcb) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7197214Z #2 qtest_create_quic_connection <null> (quicapitest+0x14b220) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7198111Z #3 test_quic_write_read quicapitest.c (quicapitest+0x150ee2) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7198940Z #4 run_tests <null> (quicapitest+0x2237ab) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7199661Z #5 main <null> (quicapitest+0x223d2b) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5)
2023-11-03T16:27:23.7200083Z
2023-11-03T16:27:23.7200862Z SUMMARY: ThreadSanitizer: data race (/home/runner/work/openssl/openssl/test/quicapitest+0x14aead) (BuildId:
d06f7b04830b55de9c8482b398a1781472d1c7d5) in qtest_create_quic_connection_ex
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22616)
Neil Horman [Fri, 3 Nov 2023 16:12:38 +0000 (12:12 -0400)]
Correct order of ossl_condvar_signal in quic_multistream_test
quic_multistream test was issuing a signal on a condvar after dropping
the corresponding mutex, not before, leading to potential race
conditions in the reading of the associated data
Fixes #22588
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22616)
Pauli [Mon, 6 Nov 2023 20:44:49 +0000 (07:44 +1100)]
Add unit test for #22644
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22646)
Pauli [Mon, 6 Nov 2023 20:32:18 +0000 (07:32 +1100)]
Fix bug in priority queue remove function
The short circuit in the remove function when the element is the last in the
heap, failed to add the removed slot back to the freelist.
Fixes #22644
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22646)
Matthias St. Pierre [Wed, 25 Oct 2023 09:05:58 +0000 (11:05 +0200)]
apps/rehash.c: avoid printf format warning [-Wformat]
The `aarch64-linux-android33-clang` cross-compiler (v14.0.6)
complains twice about an unsupported '%n' format specifier,
preventing a successful `--strict-warnings` build:
error: '%n' specifier not supported on this platform [-Werror,-Wformat]
BIO_snprintf(buf, buflen, "%s%s%n%08x.%s%d",
This is a false positive, because BIO_snprintf() implements its
own format parsing (which is implemented in the _dopr() function).
This commit fixes the problem by rewriting the code to dispense with
the dubious '%n' format specifier. As a side-effect, the code becomes
a little bit more comprehensible and self-explaining.
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22511)
наб [Tue, 31 Oct 2023 19:36:31 +0000 (20:36 +0100)]
CHANGES.md: note BLAKE2s supports BLAKE2b-like "size" setting
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)
наб [Thu, 19 Oct 2023 22:01:28 +0000 (00:01 +0200)]
Document BLAKE2's variable size
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)
наб [Thu, 19 Oct 2023 16:31:33 +0000 (18:31 +0200)]
Implement BLAKE2s with the same macro as BLAKE2b
This avoids code duplication and provides variable-size support
for BLAKE2s like
786b9a8
Test data obtained with libb2 with the following programs:
==> b2.c <==
#include <blake2.h>
#include <unistd.h>
int main() {
char buf[16] = {};
blake2s(buf, 0, 0, 16, 0, 0);
write(1, buf, 16);
}
==> b3.c <==
#include <blake2.h>
#include <unistd.h>
int main() {
char buf[10] = {};
blake2s(buf, "\x61", 0, 10, 1, 0);
write(1, buf, 10);
}
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)
наб [Wed, 18 Oct 2023 16:40:07 +0000 (18:40 +0200)]
Lift BLAKE2B provider definition into a macro
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22444)
Bernd Edlinger [Mon, 6 Nov 2023 10:03:05 +0000 (11:03 +0100)]
Fix a possible memory leak in custom_ext_add
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22638)
James Muir [Sun, 29 Oct 2023 19:24:08 +0000 (15:24 -0400)]
quic http3 demo: minor updates
-update run command to include LD_LIBRARY_PATH
-suggest installing libnghttp3-dev on Ubuntu
-drop "-f" from clean recipe (it is already included in $(RM))
Part of https://github.com/openssl/project/issues/253
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22623)
Dmitry Belyavskiy [Mon, 6 Nov 2023 09:53:46 +0000 (10:53 +0100)]
Use proper KDF SS parameter name
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22636)
Richard Levitte [Fri, 20 Oct 2023 07:24:01 +0000 (09:24 +0200)]
Fix conflicts between DH check flags and FFC check flags
There are comments in include/openssl/dh.h and include/internal/ffc.h
that they must be aligned with each other, and yet, clashes have been
introduced.
The simplest fix is to move the offending FFC flags out of the way, as they
are indeed internal and shouldn't affect any public interface, apart from
those that are aligned with the DH flags, which are public.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)
Richard Levitte [Fri, 20 Oct 2023 07:18:19 +0000 (09:18 +0200)]
Make DH_check_pub_key() and DH_generate_key() safer yet
We already check for an excessively large P in DH_generate_key(), but not in
DH_check_pub_key(), and none of them check for an excessively large Q.
This change adds all the missing excessive size checks of P and Q.
It's to be noted that behaviours surrounding excessively sized P and Q
differ. DH_check() raises an error on the excessively sized P, but only
sets a flag for the excessively sized Q. This behaviour is mimicked in
DH_check_pub_key().
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22453)
Neil Horman [Wed, 1 Nov 2023 12:53:18 +0000 (08:53 -0400)]
Introduce libabigail checking in ci
It would be nice if we could monitor the consistency of our ABI from PR to PR,
to ensure there are no inadvertent changes to the library ABI.
Introduce a new CI job that runs the libabigail tools to build an ABI
representation of the PR-built library and compares it to a stored/expected
representation, reporting any discrepancies it finds.
Fixes #22571
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22589)
Matt Caswell [Thu, 2 Nov 2023 16:25:27 +0000 (16:25 +0000)]
Correctly track the original length when generating a stream frame
txp_generate_stream_frames() plans chunks of data to send via the
function txp_plan_stream_chunk(). That function may clamp the amount in
the chunk due to flow control, even though there is more available to send.
We should take this into account when deciding whether or not to try
serializing the next chunk.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22601)
Tomas Mraz [Fri, 3 Nov 2023 07:57:21 +0000 (08:57 +0100)]
tparam_on_enc_ext(): Remove dead code in cleanup
Fixes Coverity
1548382
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22606)
Tomas Mraz [Fri, 3 Nov 2023 07:52:43 +0000 (08:52 +0100)]
ossl_quic_new(): Avoid dereferencing NULL qc during cleanup
Fixes Coverity
1548383
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22606)
Michael Hinz [Fri, 3 Nov 2023 13:17:39 +0000 (14:17 +0100)]
Fix documentation regarding KMAC sizes
As per recommendation by jfinkhaeuser, this documents the defaults for
KMAC-128 as 32 and for KMAC-256 as 64. The code already accomodates for
these values, so no changes are needed there.
Fixes #22381
CLA: trivial
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22614)
Tomas Mraz [Thu, 2 Nov 2023 16:19:38 +0000 (17:19 +0100)]
ossl_qrl_enc_level_set_provide_secret(): Avoid leaking keyslot in error condition
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22600)
Matthias St. Pierre [Thu, 2 Nov 2023 19:51:52 +0000 (20:51 +0100)]
internal/common.h: rename macro `(un)likely` to `ossl_(un)likely`
The macro was introduced in commit
ed6dfd1e3694 without an
openssl-specific prefix as mandated by the coding style.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22603)
Tomas Mraz [Wed, 1 Nov 2023 17:39:32 +0000 (18:39 +0100)]
Add negative test for key length change
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22590)
Tomas Mraz [Wed, 1 Nov 2023 17:14:09 +0000 (18:14 +0100)]
Add negative test for iv length change
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22590)
Tomas Mraz [Wed, 1 Nov 2023 15:54:58 +0000 (16:54 +0100)]
update/final: Return error if key is not set
Also make sure the key is not set if the key
length is changed on the context after the key was
set previously.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22590)
Tomas Mraz [Wed, 1 Nov 2023 13:00:22 +0000 (14:00 +0100)]
When changing IV length invalidate previously set IV
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22590)
Pauli [Thu, 2 Nov 2023 01:26:50 +0000 (12:26 +1100)]
rand uniform: fix likely usage
@mspncp noted that the condition should have been likely not unlikely.
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22593)
Matt Caswell [Wed, 1 Nov 2023 16:15:24 +0000 (16:15 +0000)]
Add support for streams to the quic-client fuzzer
Enable the quic-client fuzzer to accept and create new streams
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22592)
Matt Caswell [Wed, 1 Nov 2023 15:25:24 +0000 (15:25 +0000)]
Call SSL_write() in the quic-client-fuzzer
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22592)
Stephen Farrell [Mon, 16 Oct 2023 20:04:06 +0000 (21:04 +0100)]
Add additional internal HPKE hardening checks resulting from code audit.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22493)
slontis [Thu, 13 Jul 2023 04:32:02 +0000 (14:32 +1000)]
Add design notes for XOF API.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21443)
Hugo Landau [Thu, 26 Oct 2023 11:47:58 +0000 (12:47 +0100)]
TLS: Fix use of an uninitialized value
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
Hugo Landau [Thu, 26 Oct 2023 10:39:06 +0000 (11:39 +0100)]
QUIC: Test missing/malformed/duplicate/etc. transport parameters
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
Hugo Landau [Thu, 26 Oct 2023 10:37:21 +0000 (11:37 +0100)]
QUIC QTEST_FAULT: Allow deleted TLS extension to be output
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
Hugo Landau [Thu, 26 Oct 2023 10:36:51 +0000 (11:36 +0100)]
QUIC WIRE: Refuse integer transport params with trailing body bytes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
Hugo Landau [Thu, 26 Oct 2023 10:36:31 +0000 (11:36 +0100)]
QUIC CHANNEL: Set reason string for missing tparams extension
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
Tomas Mraz [Tue, 31 Oct 2023 14:11:30 +0000 (15:11 +0100)]
ossl_quic_new(): Fix a leak found by error injection
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22572)
Neil Horman [Mon, 30 Oct 2023 17:47:05 +0000 (13:47 -0400)]
Fix quicserver binding when duplicate entries exist
In testing the quic demos, I found that the quicserver refused to start for me,
indicating an inability to bind a socket to listen on
The problem turned out to be that getaddrinfo on my system was returning
multiple entries, due to the fact that /etc/host maps the localhost host name to
both ipv4 (127.0.0.1) and ipv6 (::1), but returns the latter as an ipv4 mapped
address (specifying family == AF_INET)
It seems like the proper fix would be to modify the /etc/hosts file to not make
that mapping, and indeed that works. However, since several distribution ship
with this setup, it seems like it is worthwhile to manage it in the server code.
its also that some other application may be bound to a given address/port
leading to failure, which I think could be considered erroneous, as any failure
for the full addrinfo list in quicserver would lead to a complete failure
Fix this by modifying the create_dgram_bio function to count the number of
sockets is successfully binds/listens on, skipping any failures, and only exit
the application if the number of bound sockets is zero.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22559)
Pauli [Wed, 25 Oct 2023 23:58:11 +0000 (10:58 +1100)]
tag ossl_assert not failing as being 'likely' to improve optimisation
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22516)
наб [Tue, 31 Oct 2023 19:36:59 +0000 (20:36 +0100)]
CHANGES.md: document BLAKE2b's "size"-setting support
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22583)
Hugo Landau [Tue, 31 Oct 2023 16:47:55 +0000 (16:47 +0000)]
QUIC SSTREAM: Fix bug in ossl_quic_sstream_is_totally_acked
ossl_quic_sstream_is_totally_acked would return 0
if no data had been appended to the stream yet.
Fixed and added tests.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22580)
Bernd Edlinger [Wed, 1 Nov 2023 07:05:30 +0000 (08:05 +0100)]
Fix a possible memory leak in load_builtin_compressions
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22585)
Matt Caswell [Mon, 30 Oct 2023 12:39:37 +0000 (12:39 +0000)]
Update the OpenSSL Guide tutorials with changes to the demos
The demo code has changed to accept the hostname/port on the command line.
We update the tutorials to keep in sync with the demo code.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22552)
Matt Caswell [Mon, 30 Oct 2023 12:17:30 +0000 (12:17 +0000)]
Update the README with information about how to run the QUIC demos
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22552)
Matt Caswell [Mon, 30 Oct 2023 12:04:40 +0000 (12:04 +0000)]
Update the QUIC demos to accept hostname/port on the command line
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22552)
Matt Caswell [Mon, 30 Oct 2023 11:22:24 +0000 (11:22 +0000)]
Extend the README to describe how to run the TLS demos
We also supply some test certificates for use with the demos.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22552)
Matt Caswell [Mon, 30 Oct 2023 11:22:00 +0000 (11:22 +0000)]
Amend the TLS demos to accept hostname/port as an argument
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22552)
Hugo Landau [Tue, 31 Oct 2023 16:11:43 +0000 (16:11 +0000)]
QUIC MULTISTREAM TEST: Ensure frames are only injected into correct packet types
Although the previous commit is enough to fix the immediate cause of the
stochastic failure on Windows, this is a more resilient fix; make sure
we only inject a given frame into the correct packet type for our
various injection functions.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22578)
Hugo Landau [Tue, 31 Oct 2023 15:58:21 +0000 (15:58 +0000)]
QUIC MULTISTREAM TEST: Fix script 38 stochastic failure on Windows
The QUIC fault injector frame injection functionality injects injected
frames on whatever EL we happen to be using to generate a packet in.
This means we sometimes inject the frame into a packet type it is not
allowed to be in, causing a different error code to be generated.
Fix this by making sure the connection is fully established before
trying to generate the frame in question.
Fixes #22348.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22578)
Matt Caswell [Tue, 31 Oct 2023 16:24:44 +0000 (16:24 +0000)]
Don't create an ack frame if one isn't wanted for this pn_space
The txp->want_ack value has different bit values for different pn_space
values. Make sure we take that into account when we read it.
Fixes #22568
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22579)
Christian Schmidt [Tue, 31 Oct 2023 14:12:10 +0000 (15:12 +0100)]
Correct comment in crypto/ec/curve448/ed448.h
Obvious Copy&Paste¬ edit error.
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22573)
James Muir [Thu, 26 Oct 2023 21:50:45 +0000 (17:50 -0400)]
quic ddd demos: update makefile and demo sources
Update makefile and fix some signedness issues in the demo sources.
Drop stray "\n" in the host-port format string that prevented ddd-01
from working (this was also noticed by Neil H). Also, determine the
length of the message we are sending and send that many bytes (rather
than send sizeof the buffer storing the message).
These changes are part of https://github.com/openssl/project/issues/253
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22542)
James Muir [Fri, 27 Oct 2023 16:46:30 +0000 (12:46 -0400)]
quic docs: update ddd README.md
Minor edits (expand MVP acronym, suggest how to install "libuv")
These changes are part of
https://github.com/openssl/project/issues/253
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22543)
Hugo Landau [Mon, 30 Oct 2023 20:19:46 +0000 (20:19 +0000)]
QUIC APL: Optimise write buffer sizes automatically
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22569)
Hugo Landau [Mon, 30 Oct 2023 19:36:49 +0000 (19:36 +0000)]
QUIC TXP: Fix drainage calculation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22569)
Neil Horman [Mon, 23 Oct 2023 16:47:13 +0000 (12:47 -0400)]
Create a rudimentary symbol scanning script
We would like to be able to log and audit the symbols we use in openssl
so that we might catch when a new platform symbols is referecned
Add such a script (just on unix platforms for now) that gathers the used
symbols not belonging to libcrypto or libssl, and compare it to a prior
known set of used symbols. Error out if a new symbol is found
Add this script to the ci workflow in CI to capture newly
introduced platform symbols
Fixes #22330
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22478)
Sam James [Tue, 31 Oct 2023 11:30:32 +0000 (11:30 +0000)]
CI: add Clang 17
Signed-off-by: Sam James <sam@gentoo.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22570)
Matt Caswell [Mon, 30 Oct 2023 16:30:35 +0000 (16:30 +0000)]
Stop the quicserver if the handshake or receiving the request fails
Previously we entered an infinite loop if these things failed.
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22557)
Pauli [Tue, 31 Oct 2023 21:52:00 +0000 (08:52 +1100)]
rand uniform: add comments outlining the algorithm
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22499)
Pauli [Sat, 28 Oct 2023 09:49:08 +0000 (20:49 +1100)]
Add test case for uniform random generators
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22499)
Pauli [Wed, 25 Oct 2023 06:48:43 +0000 (17:48 +1100)]
rand: implement an unbiased random integer from a range
Refer: https://github.com/apple/swift/pull/39143 for a description
of the algorithm.
It is optimal in the sense of having:
* no divisions
* minimal number of blocks of random bits from the generator
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22499)
Matt Caswell [Mon, 30 Oct 2023 16:53:30 +0000 (16:53 +0000)]
Don't error if s_client receives exactly BUFSIZZ data
We should accept that many bytes without failing
Fixes #22551
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22558)
Dmitry Misharov [Mon, 30 Oct 2023 15:55:01 +0000 (16:55 +0100)]
remove setup-perl actiond from windows jobs
Windows runner have Perl preinstalled.
https://github.com/actions/runner-images/blob/main/images/win/Windows2022-Readme.md
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/22555)
Matt Caswell [Fri, 27 Oct 2023 11:22:11 +0000 (12:22 +0100)]
Check for NULL when freeing the QUIC_TLS object
Free functions are expected to be tolerant of a NULL pointer being passed.
Fixes the problem in
https://github.com/openssl/openssl/pull/21668#issuecomment-
1782718328
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22536)
Tomas Mraz [Thu, 26 Oct 2023 07:59:22 +0000 (09:59 +0200)]
evp_test.c: There are now 3 parameters possible for digests
In digest_test_run() there are now 3 parameters possible plus
the sentinel value. In reality we will never use all three
at once but Coverity rightfully complains that it is possible
to overflow the params array.
Fixes Coverity
1548054
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22521)
Hugo Landau [Fri, 27 Oct 2023 09:21:46 +0000 (10:21 +0100)]
QUIC CHANNEL: Make ping deadline and idle deadline calculation consistent
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22533)
Matt Caswell [Fri, 27 Oct 2023 15:11:57 +0000 (16:11 +0100)]
If the loss detection timer has fired we may not have lost packets
We calculate the delay from the point that a packet arrives until it will
be counted as lost based on rtt info. Looking at all the packets we can
then calculate the earliest time that a packet will be counted as lost.
When that timer fires the latest rtt info may have changed and therefore
the packet may no longer be counted as lost yet.
We should not assume that just because the ackm timeout has fired that
there will definitely be lost packets.
Fixes #22538
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22541)
Kurt Roeckx [Fri, 27 Oct 2023 08:31:00 +0000 (10:31 +0200)]
Create a fuzz introspector exclude config file
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22532)
James Muir [Wed, 25 Oct 2023 00:08:54 +0000 (20:08 -0400)]
free oaep label-octet-string on error
When successful, ossl_X509_ALGOR_from_nid() returns a pointer to an
X509_ALGOR object. Inside ossl_X509_ALGOR_from_nid(),
X509_ALGOR_set0() is called, and this passes ownership of the ASN1
object "los" (label octet string) to the X509_ALGOR object. When
ossl_X509_ALGOR_from_nid() fails, ownership has not been passed on and
we need to free "los".
Change the scope of "los" and ensure it is freed on failure (on
success, set it to NULL so it is not freed inside the function).
Fixes #22336
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22495)
Kurt Roeckx [Fri, 27 Oct 2023 08:17:02 +0000 (10:17 +0200)]
Update to latest fuzz corpora
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22531)
Matt Caswell [Wed, 25 Oct 2023 12:10:59 +0000 (13:10 +0100)]
Add a separate README for the guide demos
Point users at the actual guide, and also explain about LD_LIBRARY_PATH
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22505)
Matt Caswell [Wed, 25 Oct 2023 11:57:12 +0000 (12:57 +0100)]
Add a reference for HTTP/3
We also add reference for ALPN ids
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22505)
Matt Caswell [Wed, 25 Oct 2023 11:48:31 +0000 (12:48 +0100)]
Add a reference to the demos subfolder
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22505)
Matt Caswell [Wed, 25 Oct 2023 11:46:33 +0000 (12:46 +0100)]
Update to the demos README file
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22505)
Matt Caswell [Wed, 25 Oct 2023 11:31:19 +0000 (12:31 +0100)]
Update README-QUIC.md
We move some of the "why QUIC" content into the guide and just provide a
summary in README-QUIC.md.
We also clarify how to use s_client with QUIC.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22505)
Matt Caswell [Wed, 25 Oct 2023 10:10:51 +0000 (11:10 +0100)]
Refresh the README.md file
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22505)
Richard Levitte [Thu, 26 Oct 2023 14:45:43 +0000 (16:45 +0200)]
Prepare for 3.3
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22525)
Dr. David von Oheimb [Sat, 21 Oct 2023 07:57:09 +0000 (09:57 +0200)]
EVP_PKEY_get_size.pod and provider-keymgmt.pod: document their relation
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)
Dr. David von Oheimb [Fri, 20 Oct 2023 18:51:17 +0000 (20:51 +0200)]
EVP_PKEY_get_{bits,security_bits,size}(): add missing error queue entry on failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)
Dr. David von Oheimb [Fri, 20 Oct 2023 19:00:10 +0000 (21:00 +0200)]
CMS and PKCS7: fix handlling of EVP_PKEY_get_size() failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22459)
Phoebe Chen [Mon, 25 Sep 2023 03:09:12 +0000 (20:09 -0700)]
Provide additional AES-ECB test patterns to enhance test coverage.
To enhance test coverage for AES-ECB mode, we provided longer additional
testing patterns for AES-128/192/256-ECB.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Mon, 25 Sep 2023 03:07:48 +0000 (20:07 -0700)]
riscv: Provide vector crypto implementation of AES-ECB mode.
This patch provides stream and multi-block implementations for
AES-128-ECB, AES-192-ECB, and AES-256-ECB to accelerate AES-ECB.
Also, refactor functions to share the same variable
declaration in aes-riscv64-zvkned.pl.
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Jerry Shih [Mon, 11 Sep 2023 03:30:52 +0000 (11:30 +0800)]
riscv: Support sm3 on platforms with vlen >= 128.
This patch updates the OSSSL_HWSM3_block_data_order_zvksh and enables
SM3 on platforms with VLEN >= 128.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)
Phoebe Chen [Thu, 14 Sep 2023 04:07:27 +0000 (21:07 -0700)]
Provide additional AES-XTS test patterns to enhance test coverage.
To enhance test coverage for AES-XTS mode, we provided longer additional
testing patterns from BoringSSL for AES-XTS testing.
Signed-off-by: Jerry Shih <jerry.shih@sifive.com>
Signed-off-by: Phoebe Chen <phoebe.chen@sifive.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21923)