summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* APPS: replace awkward and error-prone pattern by calls to new ↵Dr. David von Oheimb2023-05-259-154/+86
| | | | | | | | | app_conf_try_string() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* APPS/ca: remove spurious errors when certain config file entries are not ↵Dr. David von Oheimb2023-05-251-11/+22
| | | | | | | | | provided Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20971)
* Create internal/ssl.hMatt Caswell2023-05-243-6/+21
| | | | | | | | | | We create the internal/ssl.h header file and move the typedef for ossl_msg_cb. This is needed by both the QUIC code (which generally doesn't include ssl_local.h) and the rest of libssl. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Rename msg_callback_s to msg_callback_ssl for greater clarityMatt Caswell2023-05-2410-25/+26
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Use the %llu format specifier for uint64_tMatt Caswell2023-05-241-30/+47
| | | | | | | | | We change to use %llu when printing uint64_t types for consistency with what we've done elsewhere. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Create setter functions for the msg_callback and msg_callback_argMatt Caswell2023-05-2411-90/+132
| | | | | | | | | | We create setter functions for the msg_callback and msg_callback_arg so that these values can be properly propagated to the QRX/QTX/TXP even after the channel has been created. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Add a test for the new QUIC tracing capabilityMatt Caswell2023-05-243-4/+412
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Fix an SSL_trace bugMatt Caswell2023-05-241-4/+9
| | | | | | | | | Ensure that SSL_trace can print certificate data even with a non-default libctx. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Update the msg_callback documentationMatt Caswell2023-05-242-7/+48
| | | | | | | | | | We provide information about the new QUIC support related to the msg_callback. We also document SSL_trace() which was previously missing from the man pages. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Add more trace details for the remaining frame typesMatt Caswell2023-05-241-35/+95
| | | | | | | | | | Prior to this commit we were just printing the fact that we had received or sent a frame of a particular type. We now provide more details about those frames. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Properly handling stream/crypto frames while tracingMatt Caswell2023-05-246-33/+50
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Enable tracing of datagrams we have sentMatt Caswell2023-05-241-1/+7
| | | | | | | | | Extend the tracing capability to also trace when we have a datagram to the peer. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Enable tracing of packets that have been sentMatt Caswell2023-05-2412-23/+57
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Extend tracing of frames to transmitted framesMatt Caswell2023-05-243-0/+32
| | | | | | | | | Previously we were only doing tracing of frames received from the peer. Now we do that for transmitted frames as well. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Support trace for QUIC FramesMatt Caswell2023-05-244-5/+467
| | | | | | | | Extend the existing QUIC tracing capability for frames. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Support trace for QUIC PacketsMatt Caswell2023-05-243-1/+109
| | | | | | | | | | We enable SSL_trace support for when we receive QUIC Packets. This is called after header protection is removed, but before the packet is decrypted. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Support trace for QUIC datagramsMatt Caswell2023-05-245-5/+58
| | | | | | | | | Extend SSL_trace so that it knows how to dump information about the receipt of a QUIC datagram. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Add initial QUIC support for the msg_callbackMatt Caswell2023-05-2411-37/+99
| | | | | | | | At this stage we just support msg_callback on receipt of a datagram. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20914)
* Resolve a djgpp function name conflictHugo Landau2023-05-241-18/+18
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* Add note about Windows LONGHugo Landau2023-05-241-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* Make testutil text output functions thread safe (tsan)Hugo Landau2023-05-241-8/+85
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC APL: Unlock mutex before freeing (clang tsan error)Hugo Landau2023-05-241-1/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* Remove an unused variable (clang 16 warning)Hugo Landau2023-05-241-4/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC: Add to threads sanitizer CIHugo Landau2023-05-241-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC Glossary: Add QCTXHugo Landau2023-05-241-0/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* Add no-threads build to CIHugo Landau2023-05-242-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC: Fix bugs where threading is disabledHugo Landau2023-05-2413-3/+113
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC TSERVER: Use a random port in the tserver testHugo Landau2023-05-241-3/+1
| | | | | | | | | Fixes nondeterministic failures where BIO_bind would fail on some platforms. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC MSMT: macOS robustness fixesHugo Landau2023-05-241-4/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC APL: Make SSL_get_error per-stream, error raising refactorHugo Landau2023-05-242-113/+145
| | | | | | | | | | | | This refactors the error raising code in the APL to automatically raise errors in the correct SSL object, either a QCSO or QSSO depending on the circumstances. The QCTX structure's responsibilities are expanded to facilitate this. This further drives towards a unified mechanism for generic dispatch precondition checking and error raising. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC MSMT TESTS: Add tests to exercise MAX_STREAMSHugo Landau2023-05-241-0/+87
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC RXDP: Ensure all stream-related frames autocreate a streamHugo Landau2023-05-241-147/+177
| | | | | | | | RFC requirement. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC FC: Correct operation of stream count modeHugo Landau2023-05-241-2/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC QSM: Correct the logic for determining stream count limitsHugo Landau2023-05-241-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC QSM: Allow QSM to know if we are in the server roleHugo Landau2023-05-244-5/+10
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC MSMT: Stress tests, support for repeating test opoerationsHugo Landau2023-05-241-11/+144
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC MSMT: Add a basic multithreading testHugo Landau2023-05-241-0/+77
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC MSMT: Revise tests to support multithreadingHugo Landau2023-05-241-58/+303
| | | | | | | | Alsoo rename OPK_C_ACCEPT_STREAM to reflect its current behaviour. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* QUIC TSERVER: Allow detection of new incoming streamsHugo Landau2023-05-242-0/+20
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20856)
* Drop the last reference of SHLIB_EXTRichard Levitte2023-05-241-1/+1
| | | | | | | | | | | | | | SHLIB_EXT is a variable that exists on OpenSSL build file templates before version 3.0, for which much of the logic for figuring out file names and such was moved to the 'platform' set of routines. But, it seems that one (now useless) reference remained on the VMS specific descrip.mms.tmpl. We replace it with an explicit '.EXE', which is the default extension for shared libraries on VMS. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21007)
* Fix incorrect parameter verification in EVP_MD_CTX_get_paramslan11202023-05-241-1/+1
| | | | | | | | Signed-off-by: lan1120 <lanming@huawei.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21022)
* doc/fingerprints.txt: Add the OpenSSL OMC PGP key fingerprintRichard Levitte2023-05-231-0/+3
| | | | | | | | | | | We want to move to using this key for tarball and announcement signatures. It won't happen immediately, though, as we must have it specified in the latest update of each release branch, so people can verify properly. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21015)
* If oaep_md is not initialized, correctly initialize itDmitry Belyavskiy2023-05-231-3/+5
| | | | | | | | | | Fixes #20993 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20994)
* Update the FIPS checksumsTomas Mraz2023-05-223-138/+174
| | | | | | | Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20949)
* fips.module.sources: Add missing cpuid and related .c sources for other ↵Tomas Mraz2023-05-221-1/+2
| | | | | | | | | architectures Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20949)
* crypto/params: drop float for UEFIYi Li2023-05-221-10/+30
| | | | | | | | | | | | | | | | Using floating point is not supported in UEFI and can cause build problems, for example due to SSE being disabled and x64 calling convention passing floats in SSE registers. Avoid those problems by not compiling the related code for floating point numbers. Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20992)
* Adding some selected MS OIDs for #19630 added ms-corp alias for OID ↵Dragan Zuvic2023-05-226-35/+91
| | | | | | | | | | | | | 1.3.6.1.4.1.311 and changed hopefully all occurences for that OID Signed-off-by: Dragan Zuvic <dragan.zuvic@mercedes-benz.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20986)
* Update hkdf.c to avoid potentially vulnerable code patternNicky Mouha2023-05-191-1/+1
| | | | | | | | | | | | | | | | | | | | | The expression "if (a+b>c) a=c-b" is incorrect if "a+b" overflows. It should be replaced by "if (a>c-b) a=c-b", which avoids the potential overflow and is much easier to understand. This pattern is the root cause of CVE-2022-37454, a buffer overflow vulnerability in the "official" SHA-3 implementation. It has been confirmed that the addition in https://github.com/openssl/openssl/blob/master/providers/implementations/kdfs/hkdf.c#L534 cannot overflow. So this is only a minor change proposal to avoid a potentially vulnerable code pattern and to improve readability. More information: https://github.com/github/codeql/pull/12036#issuecomment-1466056959 CLA: trivial Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20990)
* Add information on the 'ias' port for OpenVMSRichard Levitte2023-05-191-0/+17
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20983)
* Update VMS configurationsRichard Levitte2023-05-193-11/+13
| | | | | | | | | | | | A native x86_64 C compiler has appeared. We preserve the previous config target with a new name to indicate that it's for cross compilation, at least for the time being. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20983)
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-19 05:20:12 +0100