Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21883)
Matt Caswell [Wed, 30 Aug 2023 14:48:02 +0000 (15:48 +0100)]
Remove a redundant point mul from ossl_ec_key_public_check()
This code was added in error and is entirely redundant. It is also an
expensive operation (e.g. see #21833).
Fixes #21834
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21902)
Rohan McLure [Wed, 16 Aug 2023 06:52:47 +0000 (16:52 +1000)]
powerpc: ecc: Fix stack allocation secp384r1 asm
Assembly acceleration secp384r1 opts to not use any callee-save VSRs, as
VSX enabled systems make extensive use of renaming, and so writebacks in
felem_{mul,square}() can be reordered for best cache effects.
Remove stack allocations. This in turn fixes unmatched push/pops in
felem_{mul,square}().
Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21749)
Hugo Landau [Wed, 30 Aug 2023 09:32:53 +0000 (10:32 +0100)]
QUIC: Harden ring buffer against internal misuse
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21895)
Ingo Franzki [Wed, 30 Aug 2023 06:41:43 +0000 (08:41 +0200)]
OPENSSL_init_crypto load config into initial global default library context
OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG must load the configuration
into the initial global default library context, not the currently set default
library context.
OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG may be called within other
OpenSSL API functions, e.g. from within EVP_PKEY_CTX_new_xxx() when initializing
a pkey context, to perform implicit initialization, if it has not been
initialized yet. This implicit initialization may happen at a time when an
application has already create its own library context and made it the default
library context. So loading the config into the current default library context
would load it into the applications library context.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21897)
Tomas Mraz [Mon, 28 Aug 2023 16:49:02 +0000 (18:49 +0200)]
ecp_sm2p256-armv8.pl: Copy the argument handling from ecp_nistz256-armv8.pl
Popping the $output argument is more robust and it also needs to be
placed in double quotes to handle spaces in paths.
Fixes #21874
Fixes #21876
Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21877)
Add option for in-place cipher testing in evp_test
The command line option enables setting in-place
data processing for cipher testing in `evp_test`.
The `both` option argument runs both - in-place
and non-in-place testing.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21546)
Remove some entries which have been documented meanwhile.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21873)
Commit 77c30753cd replaced the convenience macros `DEPRECATEDIN_{major}_{minor}`
by `OSSL_DEPRECATEDIN_{major}_{minor}` but misspelled them in the comment.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21868)
Tomas Mraz [Mon, 28 Aug 2023 09:31:15 +0000 (11:31 +0200)]
Correct the fixed size handling for dgram_pair and dgram_mem
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21866)
Tomas Mraz [Tue, 29 Aug 2023 10:38:55 +0000 (12:38 +0200)]
Update Cloudflare Quiche to fix a build issue
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21885)
Tomas Mraz [Fri, 25 Aug 2023 12:24:07 +0000 (14:24 +0200)]
Raise the timeout in quic_client_test.c
Recently the Coveralls CI run started failing
because it times out in this test.
Outside of Coveralls it runs fine so assuming that
this is caused by slow execution under Coveralls.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21844)
Min Zhou [Fri, 25 Aug 2023 10:02:47 +0000 (18:02 +0800)]
Resolve assembler complains when including loongarch_arch.h
The assembler will complain when we include loongarch_arch.h in
an assembly file as following:
crypto/loongarch_arch.h: Assembler messages:
crypto/loongarch_arch.h:12: Fatal error: no match insn: extern unsigned int OPENSSL_loongarch_hwcap_P
So, the sentence of `extern unsigned int OPENSSL_loongarch_hwcap_P`
should be guarded with "#ifndef __ASSEMBLER__".
Fixes #21838.
Signed-off-by: Min Zhou <zhoumin@loongson.cn> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21839)
Matt Caswell [Fri, 25 Aug 2023 11:04:04 +0000 (12:04 +0100)]
Fix a bad merge in quic-multi-stream.c demo
The function SSL_set_initial_peer_addr() got renamed to
SSL_set1_initial_peer_addr(). The demo missed out on the rename when it
got rebased on top of it.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21842)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21843)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21843)
Tomas Mraz [Wed, 23 Aug 2023 21:02:46 +0000 (23:02 +0200)]
80-test_cmp_http.t: Skip IPv6 address test if IPv6 is unavailable
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
Tomas Mraz [Wed, 23 Aug 2023 20:25:23 +0000 (22:25 +0200)]
drop! Make OS Zoo on pull request to test
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
Tomas Mraz [Wed, 23 Aug 2023 20:24:45 +0000 (22:24 +0200)]
The canonical localhost IPv6 address is [::1] not [::]
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)
Tomas Mraz [Thu, 24 Aug 2023 08:34:53 +0000 (10:34 +0200)]
Always use uint8_t for TLS record type
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 17:59:27 +0000 (19:59 +0200)]
drop! Make failing tests run on pull request to test
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 17:57:00 +0000 (19:57 +0200)]
ch_init(): Add braces to appease older clang compilers
They produce a warning `suggest braces around initialization of subobject`
otherwise.
Add -Wno-missing-braces to silence old clang compilers
And drop unnecessary braces in zeroing initializers.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 17:52:39 +0000 (19:52 +0200)]
quic_tls.c: Fix wrong format string when raising error
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Tomas Mraz [Wed, 23 Aug 2023 16:12:32 +0000 (18:12 +0200)]
Avoid issues with endianness when type is used in SSL_trace()
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
Matt Caswell [Mon, 14 Aug 2023 15:32:44 +0000 (16:32 +0100)]
Update quicserver to be able to handle multiple streams
We extend quicserver so that it can handle multiple requests with an
HTTP request on each one. If a uni-directional stream comes in we create
a uni-directional stream for the response
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Matt Caswell [Fri, 18 Aug 2023 10:55:50 +0000 (11:55 +0100)]
Don't keep creating CONNECTION_CLOSE frames
If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
Ingo Franzki [Wed, 23 Aug 2023 13:08:51 +0000 (15:08 +0200)]
Allow RSA-PSS also in EVP_PKEY_assign() and EVP_PKEY_can_sign()
Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign()
and detect_foreign_key() which is called by EVP_PKEY_assign().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21819)
Ingo Franzki [Wed, 23 Aug 2023 07:45:45 +0000 (09:45 +0200)]
ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS
The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Ingo Franzki [Wed, 23 Aug 2023 07:20:52 +0000 (09:20 +0200)]
ctrl_params_translate: Allow RSA controls also for RSA-PSS
Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Jakub Jelen [Wed, 23 Aug 2023 11:24:57 +0000 (13:24 +0200)]
doc: Avoid usage of non-existing constant
CLA: trivial
Fixes: #21809 Signed-off-by: Jakub Jelen <jjelen@redhat.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21817)
olszomal [Tue, 22 Aug 2023 08:20:07 +0000 (10:20 +0200)]
Fixed default value of the "ess_cert_id_alg" option in man openssl-ts(1)
CLA: trivial
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21805)
Matt Caswell [Tue, 22 Aug 2023 14:56:18 +0000 (15:56 +0100)]
Change the TLS handshake keys early if we're not doing early data
We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early data. However for QUIC we
want to do this as early as possible (after ServerHello). Since we will
never do TLS early data with QUIC we just do it as early as possible if
early data is not being used.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21810)
doc: add the migration guide to the new guide series
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21807)
Tomas Mraz [Mon, 21 Aug 2023 20:33:52 +0000 (22:33 +0200)]
Update CHANGES.md and NEWS.md for the upcoming 3.2 release
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21802)
Tomas Mraz [Fri, 18 Aug 2023 16:32:21 +0000 (18:32 +0200)]
quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Fri, 18 Aug 2023 15:08:18 +0000 (17:08 +0200)]
ossl_quic_tx_packetiser_generate(): Always report if packets were sent
Even in case of later failure we need to flush
the previous packets.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 15:32:49 +0000 (17:32 +0200)]
QUIC: Miscellaneous error handling updates
Raise errors when appropriate.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 14:28:41 +0000 (16:28 +0200)]
QUIC: Add ERR_raise() calls for EVP call failures
This improves tracking where the failure was triggered.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Wed, 9 Aug 2023 13:10:10 +0000 (15:10 +0200)]
Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()
This was already resolved by https://github.com/openssl/openssl/pull/21547
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Tomas Mraz [Thu, 17 Aug 2023 14:23:36 +0000 (16:23 +0200)]
qtest: Use fake time on both client and server
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Tue, 15 Aug 2023 18:53:32 +0000 (20:53 +0200)]
qtest: Run both client and server during connect
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Tue, 15 Aug 2023 18:15:53 +0000 (20:15 +0200)]
QUIC: Update ping deadline when we receive a packet
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 17:06:13 +0000 (19:06 +0200)]
quic_trace.c: Fix typo in traces
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 17:04:40 +0000 (19:04 +0200)]
Update the ssltraceref.txt
Also adds saving the new trace to ssltraceref-new.txt in
test-runs which can be handy when the trace changes and
needs to be updated.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz [Thu, 10 Aug 2023 16:07:49 +0000 (18:07 +0200)]
QUIC: Do not discard the INITIAL el too early
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.
On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Updates documentation of RC4_CHAR and RC4_INT: Should not be used for new configuration targets
Fixes: #21358
CLA: trivial
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21391)
Matt Caswell [Fri, 18 Aug 2023 14:57:41 +0000 (15:57 +0100)]
Handle the case where the read buffer is empty but we have received FIN
In some cases where a FIN has been received but with no data quic_read_actual
was failing to raise SSL_ERROR_ZERO_RETURN. This meant that we could end up
blocking in SSL_read(_ex) for too long.
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)
projects / thirdparty / openssl.git / log
