Dr. David von Oheimb [Mon, 29 May 2023 04:43:29 +0000 (06:43 +0200)]
ssl/statem_srvr.c: clean up handling of EVP_PKEY_decrypt() outlen
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
Dr. David von Oheimb [Fri, 14 May 2021 13:12:54 +0000 (15:12 +0200)]
cmp_http.c: Remove obsolete comment w.r.t. ERR_clear_error()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/17354)
Rajarshi Karmakar [Mon, 22 May 2023 16:51:57 +0000 (16:51 +0000)]
OSSL_sleep(): Calling sleep() function if sleepTime > 1sec
On some systems usleep() func does not support time >1sec.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21010)
Matt Caswell [Fri, 12 May 2023 16:06:10 +0000 (17:06 +0100)]
Optimise locking in rsa_get_blinding()
We optimise locking in rsa_get_blinding() so that we normally take a
read lock, and only fallback to a write lock if we need to. This will
be very slightly slower in the case of single use RSA objects, but should
be significantly better when an RSA object is reused in a multi-threaded
environment. It's probably worth the trade off.
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20953)
Matt Caswell [Thu, 11 May 2023 10:25:07 +0000 (11:25 +0100)]
When we're just reading EX_CALLBACK data just get a read lock
The crypto_ex_data code was always obtaining a write lock in all functions
regardless of whether we were only reading EX_CALLBACK data or actually
changing it. Changes to the EX_CALLBACK data are rare, with many reads so
we should change to a read lock where we can.
We hit this every time we create or free any object that can have ex_data
associated with it (e.g. BIOs, SSL, etc)
Partially fixes #20286
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20943)
Matt Caswell [Wed, 10 May 2023 13:44:17 +0000 (14:44 +0100)]
Avoid taking a write lock in RAND_get_rand_method()
The function RAND_get_rand_method() is called every time RAND_bytes() or
RAND_priv_bytes() is called. We were obtaining a write lock in order to
find the default random method - even though we rarely write. We change
this to a read lock and only fallback to a write lock if we need to.
Partial fix for #20286
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20929)
Matt Caswell [Wed, 10 May 2023 15:27:03 +0000 (16:27 +0100)]
Don't take a write lock when freeing an EVP_PKEY
When freeing the last reference to an EVP_PKEY there is no point in
taking the lock for the key. It is the last reference and is being freed
so must only be being used by a single thread.
This should not have been the source of any contention so its unclear to
what extent this will improve performance. But we should not be locking
when we don't need to.
Partially fixes #20286
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20932)
Clemens Lang [Wed, 24 May 2023 11:12:54 +0000 (13:12 +0200)]
x509: Handle ossl_policy_level_add_node errors
The invocation of ossl_policy_level_add_node in tree_calculate_user_set
did not have any error handling. Add it to prevent a memory leak for the
allocated extra policy data.
Also add error handling to sk_X509_POLICY_NODE_push to ensure that if
a new node was allocated, but could not be added to the stack, it is
freed correctly.
Fix error handling if tree->user_policies cannot be allocated by
returning 0, indicating failure, rather than 1.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)
Clemens Lang [Wed, 24 May 2023 10:22:25 +0000 (12:22 +0200)]
x509: Fix possible use-after-free when OOM
ossl_policy_level_add_node() first adds the new node to the level->nodes
stack, and then attempts to add extra data if extra_data is true. If
memory allocation or adding the extra data to tree->extra_data fails,
the allocated node (that has already been added to the level->nodes
stack) is freed using ossl_policy_node_free(), which leads to
a potential use after free.
Additionally, the tree's node count and the parent's child count would
not be updated, despite the new node being added.
Fix this by either performing the function's purpose completely, or not
at all by reverting the changes on error.
Signed-off-by: Clemens Lang <cllang@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21040)
Tomas Mraz [Thu, 25 May 2023 14:58:04 +0000 (16:58 +0200)]
Add missing CHANGES.md entries
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21057)
(cherry picked from commit
3afa246520852ba3bfc16c7c976cb3c2064a3baa)
Hugo Landau [Wed, 24 May 2023 15:06:22 +0000 (16:06 +0100)]
SSL_handle_events(): Minor fixes to documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Thu, 18 May 2023 12:10:36 +0000 (13:10 +0100)]
QUIC: Rename SSL_tick etc. in s_client
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Thu, 18 May 2023 12:07:00 +0000 (13:07 +0100)]
QUIC: Rename SSL_tick etc. in man(7) docs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:27:58 +0000 (19:27 +0100)]
QUIC: Update documentation to reflect compatibility of DTLS APIs
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:22:15 +0000 (19:22 +0100)]
QUIC APL: Allow DTLSv1 APIs to be used for compatibility
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:16:13 +0000 (19:16 +0100)]
QUIC: Update documentation for SSL_get_event_timeout
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:09:05 +0000 (19:09 +0100)]
QUIC APL: Change SSL_get_event_timeout API design
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:01:12 +0000 (19:01 +0100)]
QUIC: Rename SSL_tick, SSL_get_tick_timeout
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Hugo Landau [Wed, 3 May 2023 18:00:03 +0000 (19:00 +0100)]
QUIC Documentation: Rename SSL_tick, SSL_get_tick_timeout
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20879)
Anis-cpu-13 [Tue, 2 May 2023 12:59:11 +0000 (14:59 +0200)]
Replace __attribute__((malloc)) with __attribute__((__malloc__)) in macros.h
Fix macro attribute conflict with cmocka
Fixes #20776
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Nicola Tuveri <nic.tuv@gmail.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20869)
Watson Ladd [Fri, 19 May 2023 20:55:08 +0000 (13:55 -0700)]
Clarify how to return string data
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21004)
minyong.ha [Mon, 22 May 2023 05:44:13 +0000 (14:44 +0900)]
Fix a bug where the result of rehash is unstable
The root cause is that the file entries targeted for rehash are not actually sorted.
Sort was skipped because the compare function was null.
So a compare function has been implemented to allow file entries to be sorted.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21013)
Dr. David von Oheimb [Tue, 16 May 2023 08:24:35 +0000 (10:24 +0200)]
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_number()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
Dr. David von Oheimb [Tue, 16 May 2023 08:17:03 +0000 (10:17 +0200)]
APPS: replace awkward and error-prone pattern by calls to new app_conf_try_string()
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
Dr. David von Oheimb [Mon, 15 May 2023 17:59:16 +0000 (19:59 +0200)]
APPS/ca: remove spurious errors when certain config file entries are not provided
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20971)
Matt Caswell [Mon, 22 May 2023 14:23:21 +0000 (15:23 +0100)]
Create internal/ssl.h
We create the internal/ssl.h header file and move the typedef for
ossl_msg_cb. This is needed by both the QUIC code (which generally doesn't
include ssl_local.h) and the rest of libssl.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 22 May 2023 14:00:00 +0000 (15:00 +0100)]
Rename msg_callback_s to msg_callback_ssl for greater clarity
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 22 May 2023 13:54:43 +0000 (14:54 +0100)]
Use the %llu format specifier for uint64_t
We change to use %llu when printing uint64_t types for consistency with
what we've done elsewhere.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Thu, 18 May 2023 14:46:58 +0000 (15:46 +0100)]
Create setter functions for the msg_callback and msg_callback_arg
We create setter functions for the msg_callback and msg_callback_arg so
that these values can be properly propagated to the QRX/QTX/TXP even
after the channel has been created.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Tue, 9 May 2023 12:22:38 +0000 (13:22 +0100)]
Add a test for the new QUIC tracing capability
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Tue, 9 May 2023 14:20:04 +0000 (15:20 +0100)]
Fix an SSL_trace bug
Ensure that SSL_trace can print certificate data even with a non-default
libctx.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Tue, 9 May 2023 11:00:18 +0000 (12:00 +0100)]
Update the msg_callback documentation
We provide information about the new QUIC support related to the
msg_callback. We also document SSL_trace() which was previously missing
from the man pages.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 8 May 2023 13:26:30 +0000 (14:26 +0100)]
Add more trace details for the remaining frame types
Prior to this commit we were just printing the fact that we had received
or sent a frame of a particular type. We now provide more details about
those frames.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 8 May 2023 12:51:39 +0000 (13:51 +0100)]
Properly handling stream/crypto frames while tracing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 8 May 2023 10:32:04 +0000 (11:32 +0100)]
Enable tracing of datagrams we have sent
Extend the tracing capability to also trace when we have a datagram to the
peer.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Fri, 5 May 2023 15:51:43 +0000 (16:51 +0100)]
Enable tracing of packets that have been sent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Fri, 5 May 2023 13:46:01 +0000 (14:46 +0100)]
Extend tracing of frames to transmitted frames
Previously we were only doing tracing of frames received from the peer.
Now we do that for transmitted frames as well.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Thu, 4 May 2023 16:18:01 +0000 (17:18 +0100)]
Support trace for QUIC Frames
Extend the existing QUIC tracing capability for frames.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Thu, 4 May 2023 14:47:32 +0000 (15:47 +0100)]
Support trace for QUIC Packets
We enable SSL_trace support for when we receive QUIC Packets. This is
called after header protection is removed, but before the packet is
decrypted.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Tue, 2 May 2023 12:26:47 +0000 (13:26 +0100)]
Support trace for QUIC datagrams
Extend SSL_trace so that it knows how to dump information about the
receipt of a QUIC datagram.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Matt Caswell [Mon, 1 May 2023 14:40:28 +0000 (15:40 +0100)]
Add initial QUIC support for the msg_callback
At this stage we just support msg_callback on receipt of a datagram.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
Hugo Landau [Mon, 22 May 2023 12:37:17 +0000 (13:37 +0100)]
Resolve a djgpp function name conflict
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Mon, 22 May 2023 12:26:03 +0000 (13:26 +0100)]
Add note about Windows LONG
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Mon, 22 May 2023 12:24:38 +0000 (13:24 +0100)]
Make testutil text output functions thread safe (tsan)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Mon, 22 May 2023 12:24:02 +0000 (13:24 +0100)]
QUIC APL: Unlock mutex before freeing (clang tsan error)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Mon, 22 May 2023 12:23:40 +0000 (13:23 +0100)]
Remove an unused variable (clang 16 warning)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Mon, 22 May 2023 06:40:40 +0000 (07:40 +0100)]
QUIC: Add to threads sanitizer CI
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Mon, 22 May 2023 06:40:31 +0000 (07:40 +0100)]
QUIC Glossary: Add QCTX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Wed, 17 May 2023 12:59:21 +0000 (13:59 +0100)]
Add no-threads build to CI
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Wed, 17 May 2023 12:15:01 +0000 (13:15 +0100)]
QUIC: Fix bugs where threading is disabled
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Tue, 2 May 2023 17:21:07 +0000 (18:21 +0100)]
QUIC TSERVER: Use a random port in the tserver test
Fixes nondeterministic failures where BIO_bind would fail on some
platforms.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Tue, 2 May 2023 16:59:04 +0000 (17:59 +0100)]
QUIC MSMT: macOS robustness fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC APL: Make SSL_get_error per-stream, error raising refactor
This refactors the error raising code in the APL to automatically raise
errors in the correct SSL object, either a QCSO or QSSO depending on the
circumstances. The QCTX structure's responsibilities are expanded to
facilitate this. This further drives towards a unified mechanism for
generic dispatch precondition checking and error raising.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC MSMT TESTS: Add tests to exercise MAX_STREAMS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC RXDP: Ensure all stream-related frames autocreate a stream
RFC requirement.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC FC: Correct operation of stream count mode
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC QSM: Correct the logic for determining stream count limits
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC QSM: Allow QSM to know if we are in the server role
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:34 +0000 (16:56 +0100)]
QUIC MSMT: Stress tests, support for repeating test opoerations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:33 +0000 (16:56 +0100)]
QUIC MSMT: Add a basic multithreading test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:33 +0000 (16:56 +0100)]
QUIC MSMT: Revise tests to support multithreading
Alsoo rename OPK_C_ACCEPT_STREAM to reflect its current behaviour.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Hugo Landau [Fri, 28 Apr 2023 15:56:33 +0000 (16:56 +0100)]
QUIC TSERVER: Allow detection of new incoming streams
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
Richard Levitte [Sat, 20 May 2023 06:39:20 +0000 (08:39 +0200)]
Drop the last reference of SHLIB_EXT
SHLIB_EXT is a variable that exists on OpenSSL build file templates before
version 3.0, for which much of the logic for figuring out file names and
such was moved to the 'platform' set of routines.
But, it seems that one (now useless) reference remained on the VMS specific
descrip.mms.tmpl. We replace it with an explicit '.EXE', which is the
default extension for shared libraries on VMS.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21007)
lan1120 [Mon, 22 May 2023 12:37:59 +0000 (20:37 +0800)]
Fix incorrect parameter verification in EVP_MD_CTX_get_params
Signed-off-by: lan1120 <lanming@huawei.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21022)
Richard Levitte [Mon, 22 May 2023 11:11:30 +0000 (13:11 +0200)]
doc/fingerprints.txt: Add the OpenSSL OMC PGP key fingerprint
We want to move to using this key for tarball and announcement signatures.
It won't happen immediately, though, as we must have it specified in the
latest update of each release branch, so people can verify properly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21015)
Dmitry Belyavskiy [Thu, 18 May 2023 13:38:56 +0000 (15:38 +0200)]
If oaep_md is not initialized, correctly initialize it
Fixes #20993
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20994)
Tomas Mraz [Fri, 12 May 2023 12:56:58 +0000 (14:56 +0200)]
Update the FIPS checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
Tomas Mraz [Fri, 12 May 2023 10:55:24 +0000 (12:55 +0200)]
fips.module.sources: Add missing cpuid and related .c sources for other architectures
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
Yi Li [Tue, 16 May 2023 03:09:47 +0000 (11:09 +0800)]
crypto/params: drop float for UEFI
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.
Avoid those problems by not compiling the related code for floating
point numbers.
Signed-off-by: Yi Li <yi1.li@intel.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20992)
Dragan Zuvic [Wed, 17 May 2023 06:10:46 +0000 (07:10 +0100)]
Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311
and changed hopefully all occurences for that OID
Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20986)
Nicky Mouha [Wed, 17 May 2023 20:46:41 +0000 (16:46 -0400)]
Update hkdf.c to avoid potentially vulnerable code pattern
The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.
This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.
It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-
1466056959
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)
Richard Levitte [Wed, 17 May 2023 08:33:27 +0000 (10:33 +0200)]
Add information on the 'ias' port for OpenVMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
Richard Levitte [Mon, 15 May 2023 08:09:42 +0000 (10:09 +0200)]
Update VMS configurations
A native x86_64 C compiler has appeared.
We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
Masatake YAMATO [Tue, 17 Jan 2023 04:59:51 +0000 (13:59 +0900)]
util/ctags.sh: a script for generating tags file with expanding macros
This script requires Universal Ctags 6.0.0 or newer.
Usage:
./util/ctags.sh [...options passed to ctags...]
Fixing #10251
Running the script in "tags" make target is suggested by
Dmitry Belyavskiy <beldmit@gmail.com>.
The falling back action for running older ctags if u-ctags 6 is not
available is suggested
by Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>.
Signed-off-by: Masatake YAMATO <yamato@redhat.com>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20960)
Marco Abbadini [Tue, 16 May 2023 21:52:53 +0000 (23:52 +0200)]
pkcs12: Fix macsaltlen parameter type
It expects an integer so change it from non-argument type to positive integer type.
Fixes #20969
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20979)
Tomas Mraz [Fri, 28 Apr 2023 17:28:53 +0000 (19:28 +0200)]
Initial design for error handling in QUIC
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20857)
Marc Brooks [Wed, 10 May 2023 22:48:00 +0000 (17:48 -0500)]
Add support for --version and synonyms
Just like --help is explicitly supported, we should support --version.
This will greatly ease people adopting openssl.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20936)
Tomas Mraz [Thu, 11 May 2023 12:08:25 +0000 (14:08 +0200)]
quic_newcid_test: Add negative test case
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
Tomas Mraz [Thu, 11 May 2023 11:50:21 +0000 (13:50 +0200)]
Add test for handling NEW_CONNECTION_ID frame
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
Tomas Mraz [Thu, 11 May 2023 11:49:51 +0000 (13:49 +0200)]
quic_tserver: Add possibility to change the connection id
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
Tomas Mraz [Fri, 5 May 2023 15:40:55 +0000 (17:40 +0200)]
Fix test cases using NEW_CONNECTION_ID frame
seq_id must be >= retire_prior_to.
Add negative testcase.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
Tomas Mraz [Fri, 5 May 2023 14:51:28 +0000 (16:51 +0200)]
Add minimal handling of NEW_CONNECTION_ID frames
We actively use only the latest DCID received. And retire only
DCIDs requested by the peer to be retired.
Also changed the active_conn_id_limit to 2 as the minimum value allowed.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
Tomas Mraz [Fri, 5 May 2023 14:46:42 +0000 (16:46 +0200)]
quic_txp_test.c: Cleanup use of WPACKET
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
Hugo Landau [Fri, 12 May 2023 14:05:19 +0000 (15:05 +0100)]
QUIC Documentation: update man(7) for multi-stream
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19899)
Hugo Landau [Tue, 13 Dec 2022 16:37:17 +0000 (16:37 +0000)]
QUIC man(7) Documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19899)
Bernd Edlinger [Sat, 13 May 2023 07:04:18 +0000 (09:04 +0200)]
Fix stack corruption in ui_read
This is an alternative to #20893
Additionally this fixes also a possible issue in UI_UTIL_read_pw:
When UI_new returns NULL, the result code would still be zero
as if UI_UTIL_read_pw succeeded, but the password buffer is left
uninitialized, with subsequent possible stack corruption or worse.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20957)
Yuan, Shuai [Wed, 10 May 2023 01:22:16 +0000 (21:22 -0400)]
Fixed EVP_PKEY_CTX_set_ec_paramgen_curve_nid() for SM2 in ENGINEs
The CTRL translation is missing for SM2 key types.
Fixes #20899
Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20900)
Hugo Landau [Thu, 11 May 2023 11:38:23 +0000 (12:38 +0100)]
QUIC: Documentation fix
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Tue, 9 May 2023 10:35:16 +0000 (11:35 +0100)]
QUIC APL: De-publicise SSL_attach_stream/SSL_detach_stream
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Mon, 8 May 2023 18:54:47 +0000 (19:54 +0100)]
QUIC: Fix CRYPTO_GET_REF
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Mon, 8 May 2023 18:52:45 +0000 (19:52 +0100)]
QUIC MSST: Rename SSL_set_incoming_stream_reject_policy
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Mon, 8 May 2023 18:46:25 +0000 (19:46 +0100)]
QUIC MSST: Revise SSL_get_conn_close_info API (char)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Mon, 8 May 2023 18:42:40 +0000 (19:42 +0100)]
QUIC MSST: Documentation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Tue, 2 May 2023 14:23:15 +0000 (15:23 +0100)]
QUIC MSST: Fix test on macOS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Tue, 2 May 2023 14:23:01 +0000 (15:23 +0100)]
QUIC MSST: Further documentation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Tue, 2 May 2023 07:29:43 +0000 (08:29 +0100)]
QUIC MSST: Clarify default XSO transitions
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Tue, 2 May 2023 07:29:29 +0000 (08:29 +0100)]
QUIC MSST: Documentation fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Thu, 27 Apr 2023 15:06:01 +0000 (16:06 +0100)]
QUIC APL: Fix a bug where avail could be used uninitialized
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Thu, 27 Apr 2023 14:54:12 +0000 (15:54 +0100)]
QUIC MSST: Test that SSL_free works in either order
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Hugo Landau [Thu, 27 Apr 2023 14:53:33 +0000 (15:53 +0100)]
QUIC APL: Handle reference for multiple streams counting correctly
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
projects / openssl.git / log