mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
32,439 Commits 34 Branches 385 Tags 513 MiB
b1b06da2a3
Commit Graph

32439 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hugo Landau
b1b06da2a3 QUIC CHANNEL: Add basic server support for testing 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
3c567a52c2 QUIC CHANNEL: Transport params: Offer reason text and add server support 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
7f9d12495e QUIC TXP: Fix generation of CONNECTION_CLOSE 
CONNECTION_CLOSE frames can be generated on multiple ELs, so the TX
packetiser was generating it on multiple ELs simultaneously. This fixes
the CONNECTION_CLOSE generation logic so that the lowest non-dropped EL
is always used.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
af8b52cffe QUIC Front-End I/O API: Fix WANT_READ signalling for SSL_read 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
e30c502ae9 QUIC Front-End I/O API: Fix implementation of SSL_get_error 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
4e392f601d QUIC QRX: (Server support) Add support for manual URXE injection 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
b83cf3fcf1 QUIC DHS: (Server support) Add server state machine for DHS 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Hugo Landau
93e9b6cc4e QUIC DEMUX: (Server support) Add support for default handler 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:39 +00:00
Niels Dossche
53b5d6c30f Fix incorrect error return value in i2r_ADMISSION_SYNTAX() 
The other implementations of i2r return 0 in case of an error, but
i2r_ADMISSION_SYNTAX() returns -1. That means the check on i2r does not
catch the error. Change it to return 0 like the others do.

Fixes: #20066

CLA: trivial

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20068)
 2023-01-19 14:15:19 +01:00
Juergen Christ
f225fbf952 S390X: Fix Ed448ph 
CPACF does not support pre-hashing.  This was considered correctly for
Ed25519ph, but not for Ed448ph which lead to errors in the test_evp suite
(test vector 20 - pre-hashing without context string).  Fix this by using the
non-accelerated version of Ed448 also if no context string is provided, but
pre-hashing is performed.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20067)
 2023-01-19 14:08:36 +01:00
Juergen Christ
235ef96049 Fix potential NULL pointer dereference 
In EC key generation, if allocation of struct ec_gen_ctx fails, values
provided by parameters are copied into the context at represented by a NULL
pointer.  To fix this, prevent copy if allocation fails.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20055)
 2023-01-17 17:37:55 +01:00
north-16
ed77c14d91 Clarify documentation of X509_STORE_CTX_get_current_cert() 
CLA: trivial

Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20038)
 2023-01-17 12:43:36 +01:00
zhangzhilei
2fb5fa4686 remove unused macro in cast_local.h and des_local.h 
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20048)
 2023-01-17 12:41:11 +01:00
Tomas Mraz
3b1c0c8f3c pkey: Imply public check if -pubin is specified 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20044)
 2023-01-17 12:18:50 +01:00
slontis
fe2a7341b5 PKCS12 - Add additional libctx and propq support. 
Fixes #19718
Fixes #19716

Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and
ASN1_item_unpack_ex().

parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX.
PKCS12_free() needed to be manually constructed in order to free the propq.

pkcs12_api_test.c changed so that it actually tests the libctx, propq.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19942)
 2023-01-16 17:17:31 +01:00
Juergen Christ
76aa4f3ac0 s390x: Fix keccak xofs via CPACF 
CPACF does not directly support xofs.  Emulate this by using single block
operations on an empty input block.

Fixes: affc070aab ("s390x: Optimize kmac")

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19983)
 2023-01-16 17:07:47 +01:00
fangming.fang
cd7a8e96bb Fix big-endian issue in chacha20 SVE implementation on aarch64 
Fixes: #19902

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20028)
 2023-01-16 17:03:34 +01:00
dependabot[bot]
c4edfa220e Bump actions/setup-python from 4.4.0 to 4.5.0 
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 4.4.0 to 4.5.0.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v4.4.0...v4.5.0)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

CLA: trivial
Signed-off-by: dependabot[bot] <support@github.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20046)
 2023-01-16 16:25:38 +01:00
Dmitry Belyavskiy
ae61bd34e6 Documenting lack of error codes stability 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20019)
 2023-01-16 11:55:26 +01:00
Dr. David von Oheimb
60c3d732b7 CMP app: fix file output of certs and cert lists on non-existing cert(s) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20035)
 2023-01-16 08:32:52 +01:00
Bernd Edlinger
30667f5c30 Limit size of modulus for bn_mul_mont and BN_mod_exp_mont_consttime 
Otherwise the alloca can cause an exception.

Issue reported by Jiayi Lin.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
 2023-01-14 11:37:18 +01:00
Bernd Edlinger
92d306b32b Revert "Limit size of modulus for BN_mod_exp_mont_consttime()" 
This reverts commit 4378e3cd2a.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/20005)
 2023-01-14 11:37:18 +01:00
Hugo Landau
b639475a94 QUIC API: Rename want_net_read and want_net_write 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:38 +00:00
Hugo Landau
df15e990ff QUIC CHANNEL: Handle network errors as connection-fatal events 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:37 +00:00
Hugo Landau
0550829f53 QUIC QTX: Handle network errors explicitly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:37 +00:00
Hugo Landau
66eab5e08e QUIC DEMUX: Handle network errors explicitly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:37 +00:00
Hugo Landau
e6b653535f QUIC: Document how blocking mode is automatically turned off 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:36 +00:00
Hugo Landau
692df8d344 QUIC BIO Poll Descriptors: simplify custom interface 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:36 +00:00
Hugo Landau
8ccc567ef0 QUIC CSM: Tweak docs for tick functions, add DTLSv1 docs 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:36 +00:00
Hugo Landau
75b2920a21 QUIC CSM: Minor style fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:35 +00:00
Hugo Landau
19142ef124 QUIC Front End I/O API: Remove __owur from man pages 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:35 +00:00
Hugo Landau
9f0ade7c47 QUIC: Minor cleanup 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:35 +00:00
Hugo Landau
05f97354bb QUIC TXP: Fix bug in send stream handling, cleanup 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:22 +00:00
Hugo Landau
c41c7ee976 QUIC: Add TODO for CCM support 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:22 +00:00
Hugo Landau
3f0c310b80 QUIC Front-End I/O API: Determine read completion correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:22 +00:00
Hugo Landau
79534440c5 QUIC: Use ossl_assert 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:22 +00:00
Hugo Landau
2d2fd151d4 QUIC RXDP: Different error messages for stream conditions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:22 +00:00
Hugo Landau
81b6b43c4a QUIC: Minor comment and editorial fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:22 +00:00
Hugo Landau
b8a132d68f QUIC Front End I/O API: Minor doc fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:21 +00:00
Hugo Landau
dfc227bd24 QUIC Front End I/O API: Don't allow EPW to be enabled during AON 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:21 +00:00
Hugo Landau
0651e05474 QUIC: Back out version string change 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:21 +00:00
Hugo Landau
2fff884c86 QUIC: Documentation updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:21 +00:00
Hugo Landau
ca41f6b7e9 QUIC Front End I/O API: Tweaks to handshake processing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:21 +00:00
Hugo Landau
a1660c9422 QUIC Front End I/O API: Remove unnecessary code from SSL_get_tick_timeout 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:20 +00:00
Hugo Landau
e28f512f04 QUIC CHANNEL: Minor cleanups and bug fix 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:20 +00:00
Hugo Landau
d50e750e13 QUIC: Style fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:20 +00:00
Hugo Landau
8a1a6d6d9e QUIC Front End I/O API: Wire up SSL_CTX ctrls and remove unneeded functions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:19 +00:00
Hugo Landau
9bbc5b54b0 QUIC CHANNEL: Revise inaccurate comments 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:19 +00:00
Hugo Landau
c8b3fdc2e4 QUIC: Revise and add some TODO lines 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:19 +00:00
Hugo Landau
fbe2573d3b QUIC Front End I/O API: Correct implementation of SSL_tick, SSL_get_tick_timeout 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)
 2023-01-13 13:20:18 +00:00