openssl

mirror of https://github.com/openssl/openssl.git synced 2025-03-07 19:38:33 +08:00

Author	SHA1	Message	Date
Dmitry Belyavskiy	98283a61f5	Enable some disabled __owurs Fixes #15902 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15905)	2023-02-07 11:56:27 -05:00
Hugo Landau	7880536fe1	Fix GENERAL_NAME_cmp for x400Address (master) CVE-2023-0286 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>	2023-02-07 17:05:10 +01:00
Tomas Mraz	604247bf75	Do not create DSA keys without parameters by decoder Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>	2023-02-07 17:05:10 +01:00
slontis	bcec03c33c	Fix NULL deference when validating FFC public key. Fixes CVE-2023-0217 When attempting to do a BN_Copy of params->p there was no NULL check. Since BN_copy does not check for NULL this is a NULL reference. As an aside BN_cmp() does do a NULL check, so there are other checks that fail because a NULL is passed. A more general check for NULL params has been added for both FFC public and private key validation instead. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>	2023-02-07 17:05:10 +01:00
Dmitry Belyavskiy	b1892d21f8	Fix Timing Oracle in RSA decryption A timing based side channel exists in the OpenSSL RSA Decryption implementation which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve a successful decryption an attacker would have to be able to send a very large number of trial messages for decryption. The vulnerability affects all RSA padding modes: PKCS#1 v1.5, RSA-OEAP and RSASVE. Patch written by Dmitry Belyavsky and Hubert Kario CVE-2022-4304 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>	2023-02-07 17:05:10 +01:00
Xu Yizhou	c007203b94	SM4 AESE optimization for ARMv8 Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19914)	2023-02-02 10:16:47 +11:00
Hugo Landau	2477e99f10	QUIC Probes Support: Minor tweaks Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)	2023-01-30 09:44:59 +01:00
Hugo Landau	e2212b20bc	QUIC ACKM: Rework probe reporting to allow use for bookkeeping Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)	2023-01-30 09:44:59 +01:00
Hugo Landau	8ca3baa9bd	QUIC ACKM: Clarify probe types Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19925)	2023-01-30 09:42:29 +01:00
Tomas Mraz	3a857b9532	Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() code Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)	2023-01-27 16:11:38 +01:00
Hugo Landau	1d40b151e2	QUIC FIN Support: Various fixes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)	2023-01-27 14:19:15 +00:00
Hugo Landau	a9979965bf	QUIC Front End I/O API: Add support for signalling and detecting end-of-stream Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)	2023-01-27 14:19:15 +00:00
Hugo Landau	e8043229ea	QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)	2023-01-27 14:19:14 +00:00
Dr. David von Oheimb	0243e82147	add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)	2023-01-26 09:16:51 +01:00
Matt Caswell	4e3a55fd14	Add QUIC-TLS server support Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	c28f1a8bb9	Remove the old Dummy Handshake code Now that we have a real TLS handshake we no longer need the dummy handshake implementation and it can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	2723d705b5	Replace use of the Dummy Handshake Layer with the real one We start using the QUIC TLS implementation rather than the dummy one. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	19863d497d	Add an initial QUIC-TLS implementation Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	3f9175c7a4	Extend the new_record_layer function Add the ability to pass the main secret and length, as well as the digest used for the KDF. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	bea8d70498	Add support for setting a custom TLS Record Layer This is just an internal API for now. Something like this will be made public API at some point - but it is likely to be based on the provider interface rather that a direct setting of a METHOD like we do for now. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	e5103dfc12	Remove an unneeded OSSL_RECORD_METHOD function The reset() function was never called so it can be removed. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Matt Caswell	ca20f61fd7	Move recordmethod.h to be an "internal" header Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)	2023-01-24 17:16:29 +00:00
Dr. David von Oheimb	7e0013d973	X509{,_CRL,_REVOKED}_{set,sign}*(): fix 'modified' field and return values Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19271)	2023-01-24 15:16:25 +01:00
Hugo Landau	091f532e0e	QUIC Test Server: Minor fixups Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)	2023-01-19 13:17:49 +00:00
Hugo Landau	51a168b804	QUIC Test Server Implementation Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)	2023-01-19 13:17:40 +00:00
Hugo Landau	3c567a52c2	QUIC CHANNEL: Transport params: Offer reason text and add server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)	2023-01-19 13:17:39 +00:00
Hugo Landau	4e392f601d	QUIC QRX: (Server support) Add support for manual URXE injection Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)	2023-01-19 13:17:39 +00:00
Hugo Landau	93e9b6cc4e	QUIC DEMUX: (Server support) Add support for default handler Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19734)	2023-01-19 13:17:39 +00:00
slontis	fe2a7341b5	PKCS12 - Add additional libctx and propq support. Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)	2023-01-16 17:17:31 +01:00
Hugo Landau	b639475a94	QUIC API: Rename want_net_read and want_net_write Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:38 +00:00
Hugo Landau	0550829f53	QUIC QTX: Handle network errors explicitly Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:37 +00:00
Hugo Landau	66eab5e08e	QUIC DEMUX: Handle network errors explicitly Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:37 +00:00
Hugo Landau	692df8d344	QUIC BIO Poll Descriptors: simplify custom interface Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:36 +00:00
Hugo Landau	05f97354bb	QUIC TXP: Fix bug in send stream handling, cleanup Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:22 +00:00
Hugo Landau	81b6b43c4a	QUIC: Minor comment and editorial fixes Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:22 +00:00
Hugo Landau	8a1a6d6d9e	QUIC Front End I/O API: Wire up SSL_CTX ctrls and remove unneeded functions Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:19 +00:00
Hugo Landau	d1ac77b1a5	QUIC Front-End I/O API: Ensure BIOs are reffed and freed correctly Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:17 +00:00
Hugo Landau	d7668ff213	QUIC DEMUX: Allow MTU to vary over time and autodetect MTU Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:17 +00:00
Hugo Landau	6292519cd8	QUIC: Enable building with QUIC support disabled Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:16 +00:00
Hugo Landau	22d53c8883	QUIC Front-End I/O API Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:15 +00:00
Hugo Landau	8c94cf38a2	internal/sockets.h: Add support for testing EINTR portably Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:15 +00:00
Hugo Landau	198d97c14e	QUIC: Add miscellaneous QUIC constants Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:15 +00:00
Hugo Landau	cbe7f586ad	QUIC Stream Mapper: CSM-related changes, stream limits handling Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:15 +00:00
Hugo Landau	3a37c9235d	QUIC: Complete the implementation of the RX depacketiser in terms of QUIC_CHANNEL Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:14 +00:00
Hugo Landau	f538b42155	QUIC_CHANNEL: Implementation Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:14 +00:00
Hugo Landau	69523214ee	QUIC: Add QUIC reactor Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:14 +00:00
Hugo Landau	68801bcb76	Add BIO poll descriptors Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:14 +00:00
Hugo Landau	4ed9e0a1e3	QUIC ACKM: Add function to get PTO Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:14 +00:00
Hugo Landau	a64d82485d	QUIC Transport Parameters: Add CID encoder/decoder, make ID optional Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:13 +00:00
Hugo Landau	7d7a8d4165	Remove duplicate declaration Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)	2023-01-13 13:20:13 +00:00

1 2 3 4 5 ...

3357 Commits