Recently the Coveralls CI run started failing
because it times out in this test.
Outside of Coveralls it runs fine so assuming that
this is caused by slow execution under Coveralls.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21844)
The assembler will complain when we include loongarch_arch.h in
an assembly file as following:
crypto/loongarch_arch.h: Assembler messages:
crypto/loongarch_arch.h:12: Fatal error: no match insn: extern unsigned int OPENSSL_loongarch_hwcap_P
So, the sentence of `extern unsigned int OPENSSL_loongarch_hwcap_P`
should be guarded with "#ifndef __ASSEMBLER__".
Fixes#21838.
Signed-off-by: Min Zhou <zhoumin@loongson.cn>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21839)
The function SSL_set_initial_peer_addr() got renamed to
SSL_set1_initial_peer_addr(). The demo missed out on the rename when it
got rebased on top of it.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21842)
This is used to calculate the TSA's public key certificate identifier.
The default algorithm is changed from sha1 to sha256.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21794)
They produce a warning `suggest braces around initialization of subobject`
otherwise.
Add -Wno-missing-braces to silence old clang compilers
And drop unnecessary braces in zeroing initializers.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
We've added a new page to the guide so we should add a link to it.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
We can use SSL_get_stream_read_state() to distinguish these cases.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Explain what happens if you call those functions and there is no default
stream present yet.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Add some additional explanation for some code lines in the demos that did
not have a comment.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
We extend quicserver so that it can handle multiple requests with an
HTTP request on each one. If a uni-directional stream comes in we create
a uni-directional stream for the response
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Demonstrate how to use the QUIC multi-stream APIs with a simple blocking
client.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
Give a better description of the shutdown process in QUIC.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)
If we have enough data for more than one datagram then we should send more
than one datagram
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign()
and detect_foreign_key() which is called by EVP_PKEY_assign().
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21819)
The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.
Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)
CLA: trivial
Fixes: #21809
Signed-off-by: Jakub Jelen <jjelen@redhat.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21817)
Trace output of the communication with the client is dumped to stderr if
the -trace options is supplied
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
This is useful for debugging purposes. The standard SSL_trace msgcallback
can be used with tserver.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early data. However for QUIC we
want to do this as early as possible (after ServerHello). Since we will
never do TLS early data with QUIC we just do it as early as possible if
early data is not being used.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21810)
Even in case of later failure we need to flush
the previous packets.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Raise errors when appropriate.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
This improves tracking where the failure was triggered.
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
Make sure we free the stack of names we allocated in an error path.
Found by the reproducible error patch in #21668
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21796)
And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
Tomas Mraz
Min Zhou
Matt Caswell
Hugo Landau
olszomal
Ingo Franzki
Jakub Jelen
Xu Yizhou
Matthias St. Pierre