mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,657 Commits 34 Branches 385 Tags 513 MiB
98d81174d3
Commit Graph

33657 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hugo Landau
de9564bdd7 QUIC: Fix multistream script 19 stochastic test failure 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
1d547f8fc4 Minor updates 2 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
96b7df60b3 Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
70cafc4479 QUIC: Multistream test fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
49a38dee0d QUIC: Correct minimal frame encoding test 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
7eebc3546f QUIC: test fixes for WPACKET use 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
bac3f4da55 make update 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
5ed3a435d5 QUIC QSM: Get rid of recv_fin_retired in favour of recv_state 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
b3695154b5 QUIC QSM: Update API documentation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:58 +10:00
Hugo Landau
08d4b7eb7d QUIC CONFORMANCE/APL: Handle FIN/reset retirement correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:58 +10:00
Hugo Landau
7c88302b01 QUIC Send Stream State: Transition to DATA_SENT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
c068f4d1e9 QUIC CONFORMANCE: Wire the DATA_SENT state 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
e0bd282517 QUIC APL: Validate receive stream state 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
abfe3d5128 QUIC APL: Validate send stream state 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
8a6a00e3b8 QUIC CONFORMANCE: Stop handling frames after termination 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
e26dc8e3d5 QUIC Conformance: Frame Handling Tests 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
3ffb7d104f QUIC CONFORMANCE: RFC 9000 s. 9.6 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
54bd1f24d4 QUIC CONFORMANCE: Validate preferred_addr transport parameter 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
f37befa048 QUIC CONFORMANCE: RFC 9000 s. 19.16: RETIRE_CONNECTION_ID frames 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
5cc73695df QUIC CONFORMANCE: RFC 9000 s. 19.15: NEW_CONNECTION_ID frames 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
6cdb672d0f QUIC RXDP: Make ACK eliciting definition more resilient and centralised 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
f80e61b61f QUIC CONFORMANCE: RFC 9000 s. 19.14: STREAMS_BLOCKED Frames 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
f084a8f761 QUIC CONFORMANCE: RFC 9000 s. 19.13: STREAM_DATA_BLOCKED Frames 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
b5b40c4e18 QUIC CONFORMANCE: RFC 9000 s. 19.7 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
283938fca5 RFC 9000 s. 19.8: Enforce maximum stream size 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
212616ed09 QUIC CONFORMANCE: RFC 9000 s. 17.2.5.1 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
fd0d593220 QUIC CONFORMANCE: RFC 9000 s. 17.2.2: Enforce no initial token from server 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
08cb9a8327 QUIC CONFORMANCE: Enforce packet header reserved bits 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
5b9452e037 QUIC WIRE: Allow encoding/decoding of reserved header bits 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
22f21fbdd6 QUIC CONFORMANCE: RFC 9000 s. 13.3: MAX_STREAM_DATA generation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
96fa10f36f QUIC CONFORMANCE: RFC 9000 s. 12.5: Application CONNECTION_CLOSE frame masking 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
8d2e353df4 QUIC CONFORMANCE: RFC 9000 s. 12.5: Ensure CFQ can not be used to send disallowed frame types in a given PN space 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
5a1b1d2be3 QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
dfe5e7fa98 QUIC CONFORMANCE: RFC 9000 s. 12.3: PN duplicate suppression 
Make sure PN duplicate suppression is side-channel safe by doing
the duplicate test after AEAD verification.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
85bbef270c QUIC ACKM: Clarify the role of is_inflight 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
6c1d0e2865 QUIC CONFORMANCE: Enforce minimal frame type encoding 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
0911cb4a07 QUIC CONFORMANCE: Packet handling fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
7e3fa44f24 QUIC CONFORMANCE: Handle RESET_STREAM final size correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
2cc0e2dddf QUIC CONFORMANCE: Validate RESET_STREAM final sizes correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
c407d5e568 QUIC: Note that we do not retransmit stream data for retransmitted streams 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
28d0e35cd6 QUIC QSM: Free unneeded stream buffers, calculate RESET_STREAM final size correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
418e122cd4 QUIC QSM: Model final sizes and handle STOP_SENDING correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
01715f2b41 QUIC CONFORMANCE: RFC 9000 s. 3.3: Stream States — Permitted Frame Types — STREAM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
2f018d14f0 QUIC QSM/STREAM: Refactor to use RFC stream states 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
ljuzwiuk
64b1d2fb06 Fix RSA OAEP set/get label for legacy engine 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
 2023-07-17 08:15:06 +10:00
ljuzwiuk
f1b7243cda Remove duplicated values 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21401)
 2023-07-17 08:15:06 +10:00
Matt Caswell
29f25a10e5 Test loading a PEM file from multiple threads 
The new decoder optimisation has some locking involved so we confirm that
reading a PEM file from multiple threads works as expected.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
 2023-07-17 08:12:06 +10:00
Matt Caswell
32d3c3abf3 Optimise PKEY decoders 
The most expensive part of using a PKEY decoder is the
OSSL_DECODER_CTX_new_for_pkey() call. This builds up all of the decoder
chains, which is a complex and time consuming operation. However, if no
new providers have been loaded/unloaded since the last time it was called
we can expect the same results for the same parameters. Note that this
operation takes place *before* we event parse the data for decoding so it
is not dependent on the parsed data at all.

We introduce a cache for OSSL_DECODER_CTX objects. If we have been called
with the same parameters then we just duplicate an existing
OSSL_DECODER_CTX. This should be significantly faster than creating a new
one every time.

Partially addressed the issue in #15199

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21426)
 2023-07-17 08:12:06 +10:00
Tomas Mraz
1e398bec53 Add CHANGES.md and NEWS.md entries for CVE-2023-2975 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
 2023-07-14 13:01:05 +02:00
Tomas Mraz
3993bb0c0c Add testcases for empty associated data entries with AES-SIV 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21384)
 2023-07-14 12:59:02 +02:00