Commit Graph

33437 Commits

Author SHA1 Message Date
Tomas Mraz
5c3c8369f3 70-test_tls13hrr.t: Use P-521 instead of X25519 for invalid group test
Otherwise this testcase won't work with no-ecx.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21333)
2023-07-03 11:20:33 +02:00
Tomas Mraz
42926ca7f2 Document the effect of SSL_OP_CLEANSE_PLAINTEXT on send stream data
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)
2023-07-03 09:15:21 +10:00
Tomas Mraz
292c9df266 Cleanse data in send and receive ring buffers on release
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)
2023-07-03 09:15:13 +10:00
Tomas Mraz
6ba2edb714 Cleanse also the send stream data with SSL_OP_CLEANSE_PLAINTEXT
QUIC differs from TLS in this regard because it buffers the
data to be sent. TLS just encrypts the data to send in place.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)
2023-07-03 09:15:13 +10:00
Todd Short
9e87e4e8ac Update .gitignore with LSP files
This does not provide files for LSP support, but ignores them so they
aren't accidentally checked in by developers.

LSP (Language Server Protocol) is a tools that can be used with various
editors to make navigating source code easier. It is more advanced than
`cscope` and supports completion, for example.

A common LSP for C/C++ is `clangd`, and it creates a `.cache` directory
within the project to store data.

The tool `bear` can be used with `make` to assist `clangd` in
determining where the source code is (specifically headers). This is
critical as OpenSSL uses the `<>` form of `#include` rather than the
`""` form. The `<>` form will cause `clangd` to look in e.g.
`/usr/include` for header files, rather than `include/openssl`. The
`bear` tool will create `compile_commands.json` that `clangd` can use
to find include files.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21338)
2023-07-02 16:51:54 +10:00
Pauli
89111cbc32 fips: use correct field names when generating fipsmodule.cnf
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21327)
2023-07-02 16:45:01 +10:00
Pauli
6be83ac172 evp: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
a903a132a4 x509: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
7599d17d93 prov(legacy): update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
7d6ab12106 encoder: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
4eecc6aa5d quic: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
43a07d6dd4 tls: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
59a967030e test: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
2a1f467cb9 store: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
97937cfcd8 rsa: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
8752694bad provider: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
99b7beafd2 ecx: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
1353736b3e ec: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
420ad86a0e asn1: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
aaab365c5a dso: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
495e6d3b62 dsa: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
9015cbb6eb dh: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
a22d1966bb bio: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:25 +10:00
Pauli
e3620700a7 engine: update to structure based atomics
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:08 +10:00
Pauli
99fd5b2b10 refcnt: convert references counts to a structure
The structure includes the count and optionally a lock.
The count has the appropriate qualifiers.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21260)
2023-07-01 21:18:08 +10:00
Yi Li
500e479db1 conf/conf_sap.c: correct return of ossl_config_int() in UEFI system
FIX: https://github.com/openssl/openssl/issues/21299

ret in ossl_config_int() only used to check return value of
CONF_modules_load_file(), should set it to 1 if in UEFI system.

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21300)
2023-06-30 16:56:02 +02:00
Duncan Thomson
063cdca61a Fix OSSL_PROVIDER_try_load() retain_fallbacks doc
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21319)
2023-07-01 00:16:53 +10:00
Jakub Wilk
83f9d03e7c openssl-rsautl.pod: Add missing comma
CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21318)
2023-07-01 00:12:35 +10:00
Dimitri Papadopoulos
4409e1522f Fix new typo found by codespell in demo
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
2023-07-01 00:10:15 +10:00
Dimitri Papadopoulos
6a2b8269a8 Fix new typos found by codespell in documentation
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
2023-07-01 00:10:15 +10:00
Dimitri Papadopoulos
e8104bb87e Fix new typos found by codespell in man pages
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21322)
2023-07-01 00:10:15 +10:00
Sam James
5d16169964 CI: add GCC 13
Signed-off-by: Sam James <sam@gentoo.org>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20961)
2023-07-01 00:07:56 +10:00
Matt Caswell
55d3a6be6b Fix typos in s_client
There was some typos of OPENSS_NO_QUIC (should be OPENSSL_NO_QUIC) in
s_client

Fixes #21291

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21293)
2023-06-30 09:34:03 +10:00
Tomas Mraz
ed5c0dfdf4 hpke.h, thread.h: Add extern "C" for C++ inclusion
Fixes #21305

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21307)
2023-06-30 08:56:17 +10:00
Tomas Mraz
44957a4932 Do not use stitched AES-GCM implementation on PPC32
The implementation is not usable there at all.
Fixes #21301

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21312)

(cherry picked from commit b256d32915)
2023-06-30 08:31:49 +10:00
Jonathan M. Wilbur
58cd83f83c fix: add fuzz oids
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21232)
2023-06-29 09:29:56 +10:00
Jonathan M. Wilbur
bac2f6db06 feat: add missing pki / pmi object identifiers
Signed-off-by: Jonathan M. Wilbur <jonathan@wilbur.space>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21232)
2023-06-29 09:29:56 +10:00
Hugo Landau
0e1da9d7ec Fix multistream test script 18
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21310)
2023-06-28 15:04:06 +01:00
Jörg Sommer
33c09341bb openssl speed -multi -evp prints wrong algorithm name
When running `openssl speed -evp md5` the result shows `md5` as algorithm
name. But when adding the option `-multi 2` it gives `evp` as algorithm
name.

Signed-off-by: Jörg Sommer <joerg@jo-so.de>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21216)
2023-06-28 11:05:14 +02:00
Pauli
15821a48e5 design proposal: fast param location outline
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20940)
2023-06-28 17:15:08 +10:00
Matt Caswell
9f0cc5d09a Add a tutorial on writing a simple blocking QUIC client
This tutorial only covers a single stream client at this stage. A future
PR will cover adding multi-stream support.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
27195689a8 Before we do anything the ping deadline is infinite
Needed for tserver so that it the deadline isn't immediate before we've
accepted a connection.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
fb4a2bba71 Ensure SSL_connect() actually blocks if we are in blocking mode
Fix supplied by Hugo Landau.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
b49d9de0e6 The CC wake up deadline is now if we have TX allowance
If we have TX allowance then there is no need to wait if we have something
to send - the wake up deadline is immediate.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
23fe02e597 Add a non-blocking QUIC client demo
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Matt Caswell
37f27b91de Add a test quicserver utility
This QUIC server utility is intended for test purposes only and is expected
to be replaced in a future version of OpenSSL by s_server. At that point
it will be removed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
2023-06-28 09:53:22 +10:00
Vladimír Kotal
956b4c75dc add no-docs option
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21240)
2023-06-28 09:32:03 +10:00
Tomas Mraz
32d2b5fdd9 s390xcap.c: Avoid copying structure on initialization
This is problematic on old compilers. It also avoids duplicating
the read-only data.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21284)

(cherry picked from commit 0dee3b0421)
2023-06-28 08:31:07 +10:00
Hugo Landau
64aa8eaf12 Miscellaneous updates
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:41 +10:00
Hugo Landau
e4c2988dc5 Multi-Stream API
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19769)
2023-06-28 08:05:41 +10:00