mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,564 Commits 34 Branches 385 Tags 429 MiB
2462e431ff
Commit Graph

34564 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Matt Caswell
2462e431ff Improve the documentation on TLS record compression 
TLS record compression is off by default. Even if you switch it on, it
cannot be used at security level 2 which is the default in OpenSSL 3.2 and
above. Update the docs to point this out.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23104)
 2023-12-22 09:00:19 +00:00
Dr. David von Oheimb
1d61a03794 crypto/cmp: fix clash of OSSL_CMP_CERTREQID_NONE with error result of ossl_cmp_asn1_get_int() 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Rajeev Ranjan
b14ec830f5 cmp_server.c,apps/lib/cmp_mock_srv.c: move polling state checks to cmp_server.c 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Dr. David von Oheimb
bedffe1731 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Rajeev Ranjan
192bfec487 crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 22:53:35 +01:00
Neil Horman
682fd21afb Detect and prevent recursive config parsing 
If a malformed config file is provided such as the following:

openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
 = provider_sect

The config parsing library will crash overflowing the stack, as it
recursively parses the same provider_sect ad nauseum.

Prevent this by maintaing a list of visited nodes as we recurse through
referenced sections, and erroring out in the event we visit any given
section node more than once.

Note, adding the test for this revealed that our diagnostic code
inadvertently pops recorded errors off the error stack because
provider_conf_load returns success even in the event that a
configuration parse failed. The call path to provider_conf_load has been
updated in this commit to address that shortcoming, allowing recorded
errors to be visibile to calling applications.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22898)
 2023-12-21 13:38:31 -05:00
Neil Horman
506ff20662 Make the activate setting more intuitive 
Currently, a provider is activated from our config file using the
activate parameter.  However, the presence of the config parameter is
sufficient to trigger activation, leading to a counterintuitive
situation in which setting "activate = 0" still activates the provider

Make activation more intuitive by requiring that activate be set to one
of yes|true|1 to trigger activation.  Any other value, as well as
omitting the parameter entirely, prevents activation (and also maintains
backward compatibility.

It seems a bit heavyweight to create a test specifically to validate the
plurality of these settings.  Instead, modify the exiting openssl config
files in the test directory to use variants of these settings, and
augment the default.cnf file to include a provider section that is
explicitly disabled

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22906)
 2023-12-21 09:22:40 -05:00
Neil Horman
5528bfbc64 Use GH action commands to group/collapse filtered output 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22678)
 2023-12-21 09:05:42 -05:00
Neil Horman
d1093fa92c augment test/run_tests.pl to filter indirect leaks 
When verbosity isn't set to 1 or higher, suppress indirect leaks (i.e.
only print direct leaks) to make output more human-readable.  Setting
V=1 on make test produces all leaks (direct and indirect)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22678)
 2023-12-21 09:05:42 -05:00
Hugo Landau
d59c3febdc QUIC: Move CID generation to quic_types.c 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
fdd60dacc4 Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
04c561ce4b QUIC PORT: Add explicit cast to get_time wrapper 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
f41ab29c78 QUIC: Add more glossary entries 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
33ca076372 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
b71046b4a4 Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
22739cc3ac QUIC APL, TSERVER: Start using a QUIC_ENGINE object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
53f78eb721 QUIC ENGINE: Add unused QUIC_ENGINE object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
3e4b8e8c53 QUIC CHANNEL: Remove obsolete SRT definitions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
f61a37d17b QUIC PORT: Add missing copyright header 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
f26024ac93 Update fuzz corpora 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
3051339887 QUIC PORT: Fix BIO_dgram usage under Winsock due to bind requirement 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
ff3a26b24f QUIC Refactor: Fix ANSI - struct definition duplications 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
99655cb91d MARKER: End of Phase 4: Finalization & SRT Handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
4df4add22d QUIC PORT: Allow errors to be tracked at port level 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
f12ea1f1e0 QUIC MULTISTREAM TEST: Make error tests non-mutating and restore error code test 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
499aacdc82 QUIC MULTISTREAM TEST: add OP_POP_ERR 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
5304d56335 ERR: Add ERR_pop() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
0225d42bce QUIC PORT: Formalise states of a port 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
963cf3a49a QUIC PORT: Resolve TODOs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
6d76d13e54 QUIC DEMUX: Remove obsolete SRT handling code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
29fbdfafaf QUIC CHANNEL, LCIDM: Factor duplicate CID generation function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
4760116f5a QUIC CHANNEL: Finish cleanup of LCIDM integration 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
5f86ae32c2 QUIC CHANNEL: Finish moving SRT handling to SRTM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
cbf4b68333 MARKER: End of Phase 3: Legacy Cleanup 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
da15093a31 QUIC DEMUX: Remove legacy routing code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
ef95d8ddca QUIC QRX: Remove legacy DEMUX-QRX routing code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
56f9828382 QUIC QRL TEST: Remove dependency on legacy DEMUX-QRX routing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
5d49f9ef9a QUIC TXP TEST: Remove dependency on legacy DEMUX-QRX routing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
08c7caebbe QUIC DEMUX, QRX: Add deprecation notices for future handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
52dfe6f1c1 QUIC CHANNEL: Phase out use of QRX-DEMUX routing in favour of PORT-LCIDM routing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
cce6fccd4e QUIC CHANNEL: Keep a reference to our LCIDM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
0df897321d QUIC PORT: Enable injection of incoming URXEs into a channel via default handler rather than DEMUX routing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
d743afe7e8 QUIC DEMUX: Allow parsed DCID to be learnt in default packet handler 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
bbae4bb325 QUIC PORT: Create a LCIDM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
6107619899 QUIC PORT: Partially move stateless reset handling to port 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
a4be37b8ce QUIC PORT: Add SRTM wiring 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
073e5bc781 QUIC CHANNEL: Remove legacy calls for functionality moved to QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
a96f48995e MARKER: End of Phase 2: Transfer of Responsibilities Done, Legacy Compat Retained 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
632b0c7e8c QUIC PORT, CHANNEL: Move ticking code into QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
4ed6b48d9d QUIC PORT, CHANNEL: Move DEMUX and default packet handling out of CHANNEL 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00