mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-12 13:36:28 +08:00
Code Issues Packages Projects Releases Wiki Activity
34,619 Commits 34 Branches 385 Tags 429 MiB
63f77f0454
Commit Graph

3734 Commits

Author SHA1 Message Date
Hugo Landau
63f77f0454 QUIC RCIDM: Add RCIDM 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
 2024-01-11 11:14:18 +01:00
Tomas Mraz
493ad484e9 Disable build of HWAES on PPC Macs 
Fixes #22818

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)
 2024-01-11 11:08:31 +01:00
Neil Horman
f3be536686 Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 
It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata.  Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1

Fixes #21826

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)
 2024-01-09 12:03:32 +01:00
Tomas Mraz
d7e707cb49 Allow duplicate CMS attributes 
Fixes regression introduced with https://github.com/openssl/openssl/pull/21505

Fixes #22266

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23029)
 2024-01-03 12:41:31 +01:00
Dimitri Papadopoulos
164a541b93 Fix new typos found by codespell 
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23133)
 2023-12-29 10:12:05 +01:00
Dr. David von Oheimb
bedffe1731 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Rajeev Ranjan
192bfec487 crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 22:53:35 +01:00
Neil Horman
682fd21afb Detect and prevent recursive config parsing 
If a malformed config file is provided such as the following:

openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
 = provider_sect

The config parsing library will crash overflowing the stack, as it
recursively parses the same provider_sect ad nauseum.

Prevent this by maintaing a list of visited nodes as we recurse through
referenced sections, and erroring out in the event we visit any given
section node more than once.

Note, adding the test for this revealed that our diagnostic code
inadvertently pops recorded errors off the error stack because
provider_conf_load returns success even in the event that a
configuration parse failed. The call path to provider_conf_load has been
updated in this commit to address that shortcoming, allowing recorded
errors to be visibile to calling applications.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22898)
 2023-12-21 13:38:31 -05:00
Hugo Landau
fdd60dacc4 Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
33ca076372 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
22739cc3ac QUIC APL, TSERVER: Start using a QUIC_ENGINE object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
53f78eb721 QUIC ENGINE: Add unused QUIC_ENGINE object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
ff3a26b24f QUIC Refactor: Fix ANSI - struct definition duplications 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
4df4add22d QUIC PORT: Allow errors to be tracked at port level 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
5304d56335 ERR: Add ERR_pop() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
0225d42bce QUIC PORT: Formalise states of a port 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
6d76d13e54 QUIC DEMUX: Remove obsolete SRT handling code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau
29fbdfafaf QUIC CHANNEL, LCIDM: Factor duplicate CID generation function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
5f86ae32c2 QUIC CHANNEL: Finish moving SRT handling to SRTM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
da15093a31 QUIC DEMUX: Remove legacy routing code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
ef95d8ddca QUIC QRX: Remove legacy DEMUX-QRX routing code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
08c7caebbe QUIC DEMUX, QRX: Add deprecation notices for future handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau
cce6fccd4e QUIC CHANNEL: Keep a reference to our LCIDM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
0df897321d QUIC PORT: Enable injection of incoming URXEs into a channel via default handler rather than DEMUX routing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
d743afe7e8 QUIC DEMUX: Allow parsed DCID to be learnt in default packet handler 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
6107619899 QUIC PORT: Partially move stateless reset handling to port 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
073e5bc781 QUIC CHANNEL: Remove legacy calls for functionality moved to QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
632b0c7e8c QUIC PORT, CHANNEL: Move ticking code into QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
4ed6b48d9d QUIC PORT, CHANNEL: Move DEMUX and default packet handling out of CHANNEL 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
2d80e45901 QUIC PORT: Make QUIC_PORT responsible for creation of all channels 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
2954287041 QUIC PORT: Record a SSL_CTX for use when creating handshake layer objects 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
f98bc5c95b QUIC CHANNEL, PORT: Abstract time retrieval 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
34fa182e1d QUIC CHANNEL, TSERVER: Move to using libctx/propq/mutex/now_cb via QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
167e5f34c8 QUIC TSERVER: Provide a TSERVER's QUIC_CHANNEL with a currently unused QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
12ab8afceb QUIC CHANNEL: Keep a reference to a QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
154131da11 QUIC PORT: Add basic unwired QUIC_PORT object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
e801455446 QUIC CHANNEL: Consolidate forward object declarations in a single header 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
26624caf17 QUIC REACTOR: Add utility function for merging tick results 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
70a7e543a1 list.h: Add iterator macros 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau
3f0be2c206 list.h: Allow separation of declarations and function definitions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Dr. David von Oheimb
7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option 
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Neil Horman
5056133cc7 Avoid setting gen_type to -1 in dsa_gen_set_params 
gh_gen_type_common_set_params looks up a dsa contexts gen_type using
name2id, but if it returns error, we inadvertently set gctx->gen_type to
-1, which is an invalid value, which may lead to improper behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
        do_stuff
else {
        do_other_stuff
}

Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.

Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value

In leiu of testing this specific case, also add an ossl_assert in dsa_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
 2023-12-14 11:17:48 +01:00
Hugo Landau
e6cf72c525 QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau
1f2958536e QUIC LCIDM: Add debug calls 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau
766603a9a5 QUIC LCIDM: Correct documentation 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau
a35956b2f7 QUIC LCIDM: Enforce and document ODCID peculiarities 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau
8489a0a1f2 QUIC LCIDM: Add LCIDM 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
fisher.yu
cc82b09cbd Optimize AES-CTR for ARM Neoverse V1 and V2. 
Unroll AES-CTR loops to a maximum 12 blocks for ARM Neoverse V1 and
    V2, to fully utilize their AES pipeline resources.

    Improvement on ARM Neoverse V1.

    Package Size(Bytes)	16	32	64	128	256	1024
    Improvement(%)	3.93	-0.45	11.30	4.31	12.48	37.66
    Package Size(Bytes)	1500	8192	16384	61440	65536
    Improvement(%)	37.16	38.90	39.89	40.55	40.41

Change-Id: Ifb8fad9af22476259b9ba75132bc3d8010a7fdbd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22733)
 2023-11-29 18:10:31 +01:00
Hugo Landau
b0e9d03702
Only include winsock2.h for struct timeval if needed 
Fixes #22811

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
(Merged from https://github.com/openssl/openssl/pull/22813)

(cherry picked from commit ba58e9f1e2)
 2023-11-27 07:33:19 +00:00
Hugo Landau
2db3fdb457 QUIC SRT GEN: Add SRT generator 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
 2023-11-25 09:14:05 +00:00