Commit Graph

33112 Commits

Author SHA1 Message Date
Matt Caswell
b09e246aba Properly handling stream/crypto frames while tracing
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:33 +01:00
Matt Caswell
8aff8f89f7 Enable tracing of datagrams we have sent
Extend the tracing capability to also trace when we have a datagram to the
peer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:33 +01:00
Matt Caswell
e8528c95a0 Enable tracing of packets that have been sent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:33 +01:00
Matt Caswell
45454cccf8 Extend tracing of frames to transmitted frames
Previously we were only doing tracing of frames received from the peer.
Now we do that for transmitted frames as well.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:33 +01:00
Matt Caswell
70f0ea280a Support trace for QUIC Frames
Extend the existing QUIC tracing capability for frames.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:33 +01:00
Matt Caswell
2a35a1bec0 Support trace for QUIC Packets
We enable SSL_trace support for when we receive QUIC Packets. This is
called after header protection is removed, but before the packet is
decrypted.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:27 +01:00
Matt Caswell
45aac10717 Support trace for QUIC datagrams
Extend SSL_trace so that it knows how to dump information about the
receipt of a QUIC datagram.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:27 +01:00
Matt Caswell
63dfde87c4 Add initial QUIC support for the msg_callback
At this stage we just support msg_callback on receipt of a datagram.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20914)
2023-05-24 12:18:27 +01:00
Hugo Landau
6dea91f56d Resolve a djgpp function name conflict
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:55 +01:00
Hugo Landau
a2c61e4143 Add note about Windows LONG
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:55 +01:00
Hugo Landau
2fa9044298 Make testutil text output functions thread safe (tsan)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:55 +01:00
Hugo Landau
45b7c7e06e QUIC APL: Unlock mutex before freeing (clang tsan error)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:55 +01:00
Hugo Landau
abbbc06a94 Remove an unused variable (clang 16 warning)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:55 +01:00
Hugo Landau
5cccc0afdb QUIC: Add to threads sanitizer CI
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:54 +01:00
Hugo Landau
2b5427027b QUIC Glossary: Add QCTX
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:54 +01:00
Hugo Landau
d4cb369f2d Add no-threads build to CI
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:54 +01:00
Hugo Landau
629b408c12 QUIC: Fix bugs where threading is disabled
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:54 +01:00
Hugo Landau
1a0de4c1ee QUIC TSERVER: Use a random port in the tserver test
Fixes nondeterministic failures where BIO_bind would fail on some
platforms.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
7ba8f79a0f QUIC MSMT: macOS robustness fixes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
faa3a180ef QUIC APL: Make SSL_get_error per-stream, error raising refactor
This refactors the error raising code in the APL to automatically raise
errors in the correct SSL object, either a QCSO or QSSO depending on the
circumstances. The QCTX structure's responsibilities are expanded to
facilitate this. This further drives towards a unified mechanism for
generic dispatch precondition checking and error raising.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
0554f723c1 QUIC MSMT TESTS: Add tests to exercise MAX_STREAMS
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
dea57ecf3d QUIC RXDP: Ensure all stream-related frames autocreate a stream
RFC requirement.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
3dde3435ab QUIC FC: Correct operation of stream count mode
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
e8142d2ce8 QUIC QSM: Correct the logic for determining stream count limits
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
5915a900af QUIC QSM: Allow QSM to know if we are in the server role
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
fca44cfc1c QUIC MSMT: Stress tests, support for repeating test opoerations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
274bb489cb QUIC MSMT: Add a basic multithreading test
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
a350db7318 QUIC MSMT: Revise tests to support multithreading
Alsoo rename OPK_C_ACCEPT_STREAM to reflect its current behaviour.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Hugo Landau
1df479a9f9 QUIC TSERVER: Allow detection of new incoming streams
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
2023-05-24 10:34:47 +01:00
Richard Levitte
bc89c9f977 Drop the last reference of SHLIB_EXT
SHLIB_EXT is a variable that exists on OpenSSL build file templates before
version 3.0, for which much of the logic for figuring out file names and
such was moved to the 'platform' set of routines.

But, it seems that one (now useless) reference remained on the VMS specific
descrip.mms.tmpl.  We replace it with an explicit '.EXE', which is the
default extension for shared libraries on VMS.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21007)
2023-05-24 06:18:59 +02:00
lan1120
b501df3cef Fix incorrect parameter verification in EVP_MD_CTX_get_params
Signed-off-by: lan1120 <lanming@huawei.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21022)
2023-05-24 10:02:09 +10:00
Richard Levitte
f925bfebbb doc/fingerprints.txt: Add the OpenSSL OMC PGP key fingerprint
We want to move to using this key for tarball and announcement signatures.
It won't happen immediately, though, as we must have it specified in the
latest update of each release branch, so people can verify properly.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21015)
2023-05-23 15:24:38 +02:00
Dmitry Belyavskiy
c5aa719502 If oaep_md is not initialized, correctly initialize it
Fixes #20993

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20994)
2023-05-23 15:10:09 +02:00
Tomas Mraz
ab17dd8fa3 Update the FIPS checksums
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
2023-05-22 15:14:31 +02:00
Tomas Mraz
c509c04022 fips.module.sources: Add missing cpuid and related .c sources for other architectures
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20949)
2023-05-22 15:14:31 +02:00
Yi Li
2c500578fc crypto/params: drop float for UEFI
Using floating point is not supported in UEFI and can cause build
problems, for example due to SSE being disabled and x64 calling
convention passing floats in SSE registers.

Avoid those problems by not compiling the related code for floating
point numbers.

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20992)
2023-05-22 07:45:10 +01:00
Dragan Zuvic
f3afe15fb7 Adding some selected MS OIDs for #19630 added ms-corp alias for OID 1.3.6.1.4.1.311
and changed hopefully all occurences for that OID

Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20986)
2023-05-22 07:43:00 +01:00
Nicky Mouha
56a51b5a1e Update hkdf.c to avoid potentially vulnerable code pattern
The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows.
It should be replaced by "if (a>c-b) a=c-b", which avoids the
potential overflow and is much easier to understand.

This pattern is the root cause of CVE-2022-37454, a buffer overflow
vulnerability in the "official" SHA-3 implementation.

It has been confirmed that the addition in
https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534
cannot overflow. So this is only a minor change proposal to avoid
a potentially vulnerable code pattern and to improve readability.
More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20990)
2023-05-19 12:42:08 +02:00
Richard Levitte
d500f04400 Add information on the 'ias' port for OpenVMS
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
2023-05-19 10:02:04 +10:00
Richard Levitte
d6175dcca7 Update VMS configurations
A native x86_64 C compiler has appeared.

We preserve the previous config target with a new name to indicate that it's
for cross compilation, at least for the time being.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20983)
2023-05-19 10:02:04 +10:00
Masatake YAMATO
859521e579 util/ctags.sh: a script for generating tags file with expanding macros
This script requires Universal Ctags 6.0.0 or newer.

Usage:

	./util/ctags.sh [...options passed to ctags...]

Fixing #10251

Running the script in "tags" make target is suggested by
Dmitry Belyavskiy <beldmit@gmail.com>.

The falling back action for running older ctags if u-ctags 6 is not
available is suggested
by Dr. Matthias St. Pierre <matthias.st.pierre@ncp-e.com>.

Signed-off-by: Masatake YAMATO <yamato@redhat.com>

Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20960)
2023-05-18 13:29:43 +02:00
Marco Abbadini
26cf0767a7 pkcs12: Fix macsaltlen parameter type
It expects an integer so change it from non-argument type to positive integer type.

Fixes #20969

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20979)
2023-05-18 13:25:28 +02:00
Tomas Mraz
95d3c148ca Initial design for error handling in QUIC
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20857)
2023-05-18 13:24:05 +02:00
Marc Brooks
831ef53472 Add support for --version and synonyms
Just like --help is explicitly supported, we should support --version.
This will greatly ease people adopting openssl.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20936)
2023-05-18 17:18:10 +10:00
Tomas Mraz
219db5e43c quic_newcid_test: Add negative test case
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:22 +01:00
Tomas Mraz
80b9eca279 Add test for handling NEW_CONNECTION_ID frame
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
bbc9754026 quic_tserver: Add possibility to change the connection id
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
c301149ad4 Fix test cases using NEW_CONNECTION_ID frame
seq_id must be >= retire_prior_to.

Add negative testcase.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
eff046524b Add minimal handling of NEW_CONNECTION_ID frames
We actively use only the latest DCID received. And retire only
DCIDs requested by the peer to be retired.

Also changed the active_conn_id_limit to 2 as the minimum value allowed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:18 +01:00
Tomas Mraz
dbca844cb3 quic_txp_test.c: Cleanup use of WPACKET
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
2023-05-17 14:04:17 +01:00