root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
34,636 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

3736 Commits

Author SHA1 Message Date
Hugo Landau 9eabb30ab4 QUIC RCIDM: Minor updates 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
 2024-01-11 11:16:27 +01:00
Hugo Landau 9575b21851 QUIC RCIDM: Add counters to support RCID count enforcement 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
 2024-01-11 11:14:18 +01:00
Hugo Landau 63f77f0454 QUIC RCIDM: Add RCIDM 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23022)
 2024-01-11 11:14:18 +01:00
Tomas Mraz 493ad484e9 Disable build of HWAES on PPC Macs 
Fixes #22818

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22860)
 2024-01-11 11:08:31 +01:00
Neil Horman f3be536686 Augment RSA provider to generate CRT coefficients on EVP_PKEY_fromdata() 
It would be helpful to be able to generate RSA's dmp1/dmq1/iqmp values
when not provided in the param list to EVP_PKEY_fromdata.  Augment the
provider in ossl_rsa_fromdata to preform this generation iff:
a) At least p q n e and e are provided
b) the new parameter OSSL_PARAM_RSA_DERIVE_PQ is set to 1

Fixes #21826

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21875)
 2024-01-09 12:03:32 +01:00
Tomas Mraz d7e707cb49 Allow duplicate CMS attributes 
Fixes regression introduced with https://github.com/openssl/openssl/pull/21505

Fixes #22266

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23029)
 2024-01-03 12:41:31 +01:00
Dimitri Papadopoulos 164a541b93 Fix new typos found by codespell 
Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23133)
 2023-12-29 10:12:05 +01:00
Dr. David von Oheimb bedffe1731 crypto/cmp/,apps/lib/cmp_mock_srv.c: various improvements on delayed delivery 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 23:06:42 +01:00
Rajeev Ranjan 192bfec487 crypto/cmp/,apps/lib/cmp_mock_srv.c: add delayed delivery for all types of responses 
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20727)
 2023-12-21 22:53:35 +01:00
Neil Horman 682fd21afb Detect and prevent recursive config parsing 
If a malformed config file is provided such as the following:

openssl_conf = openssl_init
[openssl_init]
providers = provider_sect
[provider_sect]
 = provider_sect

The config parsing library will crash overflowing the stack, as it
recursively parses the same provider_sect ad nauseum.

Prevent this by maintaing a list of visited nodes as we recurse through
referenced sections, and erroring out in the event we visit any given
section node more than once.

Note, adding the test for this revealed that our diagnostic code
inadvertently pops recorded errors off the error stack because
provider_conf_load returns success even in the event that a
configuration parse failed. The call path to provider_conf_load has been
updated in this commit to address that shortcoming, allowing recorded
errors to be visibile to calling applications.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22898)
 2023-12-21 13:38:31 -05:00
Hugo Landau fdd60dacc4 Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 33ca076372 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 22739cc3ac QUIC APL, TSERVER: Start using a QUIC_ENGINE object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 53f78eb721 QUIC ENGINE: Add unused QUIC_ENGINE object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau ff3a26b24f QUIC Refactor: Fix ANSI - struct definition duplications 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 4df4add22d QUIC PORT: Allow errors to be tracked at port level 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 5304d56335 ERR: Add ERR_pop() 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 0225d42bce QUIC PORT: Formalise states of a port 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 6d76d13e54 QUIC DEMUX: Remove obsolete SRT handling code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:06 +00:00
Hugo Landau 29fbdfafaf QUIC CHANNEL, LCIDM: Factor duplicate CID generation function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau 5f86ae32c2 QUIC CHANNEL: Finish moving SRT handling to SRTM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau da15093a31 QUIC DEMUX: Remove legacy routing code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau ef95d8ddca QUIC QRX: Remove legacy DEMUX-QRX routing code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau 08c7caebbe QUIC DEMUX, QRX: Add deprecation notices for future handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:12:00 +00:00
Hugo Landau cce6fccd4e QUIC CHANNEL: Keep a reference to our LCIDM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 0df897321d QUIC PORT: Enable injection of incoming URXEs into a channel via default handler rather than DEMUX routing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau d743afe7e8 QUIC DEMUX: Allow parsed DCID to be learnt in default packet handler 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 6107619899 QUIC PORT: Partially move stateless reset handling to port 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 073e5bc781 QUIC CHANNEL: Remove legacy calls for functionality moved to QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 632b0c7e8c QUIC PORT, CHANNEL: Move ticking code into QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 4ed6b48d9d QUIC PORT, CHANNEL: Move DEMUX and default packet handling out of CHANNEL 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 2d80e45901 QUIC PORT: Make QUIC_PORT responsible for creation of all channels 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 2954287041 QUIC PORT: Record a SSL_CTX for use when creating handshake layer objects 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau f98bc5c95b QUIC CHANNEL, PORT: Abstract time retrieval 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 34fa182e1d QUIC CHANNEL, TSERVER: Move to using libctx/propq/mutex/now_cb via QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 167e5f34c8 QUIC TSERVER: Provide a TSERVER's QUIC_CHANNEL with a currently unused QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 12ab8afceb QUIC CHANNEL: Keep a reference to a QUIC_PORT 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 154131da11 QUIC PORT: Add basic unwired QUIC_PORT object 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau e801455446 QUIC CHANNEL: Consolidate forward object declarations in a single header 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 26624caf17 QUIC REACTOR: Add utility function for merging tick results 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 70a7e543a1 list.h: Add iterator macros 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Hugo Landau 3f0be2c206 list.h: Allow separation of declarations and function definitions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)
 2023-12-21 08:11:59 +00:00
Dr. David von Oheimb 7c6577ba9f CMP lib and app: add optional certProfile request message header and respective -profile option 
Also add missing getter functionss OSSL_CMP_{CTX,HDR}_get0_geninfo_ITAVs() to CMP API.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21281)
 2023-12-19 13:07:19 +01:00
Neil Horman 5056133cc7 Avoid setting gen_type to -1 in dsa_gen_set_params 
gh_gen_type_common_set_params looks up a dsa contexts gen_type using
name2id, but if it returns error, we inadvertently set gctx->gen_type to
-1, which is an invalid value, which may lead to improper behavior in
future calls, in the event that said future calls preform an operation
of the form;
if (gen_type == <VALID VALUE>) {
        do_stuff
else {
        do_other_stuff
}

Technically it is not correct to continue with the operations on the
gen context after failed parameters setting but this makes it more
predictable.

Fix it by assigning the result of a lookup to a stack variable, and only
update gctx->gen_value if the lookup returns a non-failing value

In leiu of testing this specific case, also add an ossl_assert in dsa_gen
to validate the gen_val input prior to continuing, should other code
points attempt to do the same thing

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22991)
 2023-12-14 11:17:48 +01:00
Hugo Landau e6cf72c525 QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau 1f2958536e QUIC LCIDM: Add debug calls 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau 766603a9a5 QUIC LCIDM: Correct documentation 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau a35956b2f7 QUIC LCIDM: Enforce and document ODCID peculiarities 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
Hugo Landau 8489a0a1f2 QUIC LCIDM: Add LCIDM 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
 2023-12-06 10:40:11 +00:00
fisher.yu cc82b09cbd Optimize AES-CTR for ARM Neoverse V1 and V2. 
Unroll AES-CTR loops to a maximum 12 blocks for ARM Neoverse V1 and
    V2, to fully utilize their AES pipeline resources.

    Improvement on ARM Neoverse V1.

    Package Size(Bytes)	16	32	64	128	256	1024
    Improvement(%)	3.93	-0.45	11.30	4.31	12.48	37.66
    Package Size(Bytes)	1500	8192	16384	61440	65536
    Improvement(%)	37.16	38.90	39.89	40.55	40.41

Change-Id: Ifb8fad9af22476259b9ba75132bc3d8010a7fdbd

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22733)
 2023-11-29 18:10:31 +01:00