summaryrefslogtreecommitdiff
path: root/include/openssl
Commit message (Collapse)AuthorAgeFilesLines
* QUIC APL: De-publicise SSL_attach_stream/SSL_detach_streamHugo Landau2023-05-121-3/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: Rename SSL_set_incoming_stream_reject_policyHugo Landau2023-05-121-4/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: Revise SSL_get_conn_close_info API (char)Hugo Landau2023-05-121-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: Minor fixes and cleanupsHugo Landau2023-05-121-2/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: make updateHugo Landau2023-05-121-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Add SSL_stream_reset and status query APIsHugo Landau2023-05-121-0/+32
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: SSL_accept_stream, SSL_get_accept_queue_lenHugo Landau2023-05-121-0/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)Hugo Landau2023-05-121-0/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_set_default_stream_mode, default XSO refactorHugo Landau2023-05-122-0/+10
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get_stream_idHugo Landau2023-05-121-0/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get_stream_typeHugo Landau2023-05-121-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_is_connectionHugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get0_connectionHugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Refactor stream-related code into QUIC_XSO objectHugo Landau2023-05-121-0/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb2023-05-121-1/+3
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* Added a macro OSSL_DISPATCH_END as marker of the end of OSSL_DISPATCH arraysIrak Rigia2023-04-211-0/+3
| | | | | | | | | | | Also updated the corresponding documentations. Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
* OSSL_CRMF_CERTTEMPLATE_get0_publicKey(): fix return type and docDr. David von Oheimb2023-04-181-1/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20736)
* Fix a HPKE API to put libctx, propq as last (optional parameters).slontis2023-04-141-3/+3
| | | | | | | | | This keeps the interface consistent with other HPKE API's. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20583)
* Make sure we can query the SSL object for version info when using QUICMatt Caswell2023-04-042-0/+6
| | | | | | | | | | | | We have the existing functions SSL_version(), SSL_get_version() and SSL_is_dtls(). We extend the first two to return something sensible when using QUIC. We additionally provide the new functions SSL_is_tls() and SSL_is_quic() to provide a mechanism to figure out what protocol we are using. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20650)
* fips: rework the option handling codePauli2023-03-292-1/+11
| | | | | | | | Add option for restricting digests available to DRBGs. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/20521)
* RFC7250 (RPK) supportTodd Short2023-03-284-19/+66
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb2023-03-251-0/+1
| | | | | | | | | OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
* QUIC: Add support for datagram injectionHugo Landau2023-03-221-0/+6
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20451)
* cmp: fix --strict-warnings windows buildsFdaSilvaYY2023-03-211-1/+1
| | | | | | | | | remove unneeded const qualifier to keep method declaration and definition in sync. Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20436)
* nit: tidy-up code, and fix a typo.FdaSilvaYY2023-03-211-2/+2
| | | | | | Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> (Merged from https://github.com/openssl/openssl/pull/20436)
* Provide better errors for some QUIC failuresMatt Caswell2023-03-201-1/+2
| | | | | | | | | For example if would be helpful if we got more useful information if the caller forgot to set the peer address. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20514)
* providers: add Argon2 KDFČestmír Kalina2023-03-172-1/+7
| | | | | | | | | | https://datatracker.ietf.org/doc/rfc9106/ Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
* proverr: add PROV_R_{INVALID_MEMORY_SIZE,INVALID_THREAD_POOL_SIZE}Čestmír Kalina2023-03-171-0/+2
| | | | | | | | Signed-off-by: Čestmír Kalina <ckalina@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/12256)
* Add a flag so finalised contexts are not reusedSimo Sorce2023-03-151-1/+2
| | | | | | | | | | | | | | The EVP layer should not rely on the underlying low level code to handle catching incorrect reuse of contexts. Add a flag to mark a context as finalised as needed and then catch and immediately error on Update/Final operations if called improperly. Signed-off-by: Simo Sorce <simo@redhat.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/20375)
* Add option to FIPS module to enforce EMS check during KDF TLS1_PRF.slontis2023-03-073-6/+16
| | | | | | | | Fixes #19989 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20241)
* Fix potential infinite loops in ECDSA signing.slontis2023-03-011-1/+2
| | | | | | | | | Similiar checks to the DSA code have been added for ECDSA also. This should not be a problem when using named groups. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20384)
* Fix infinite loops in DSA sign code.slontis2023-03-011-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | Fixes #20268 Values such as q=1 or priv=0 caused infinite loops when calling DSA_sign() without these changes. There are other cases where bad domain parameters may have caused infinite loops where the retry counter has been added. The simpler case of priv=0 also hits this case. q=1 caused an infinite loop in the setup. The max retry value has been set to an arbitrary value of 8 (it is unlikely to ever do a single retry for valid values). The minimum q bits was set to an arbitrary value of 128 (160 is still used for legacy reasons when using 512 bit keys). Thanks @guidovranken for detecting this, and @davidben for his insightful analysis. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20384)
* Add OSSL_FUNC_keymgmt_im/export_types function that gets the provider contextIngo Franzki2023-02-241-0/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The provider functions OSSL_FUNC_keymgmt_import_types() and OSSL_FUNC_keymgmt_export_types() do not get the provider context passed. This makes it difficult for providers to implement these functions unless its a static implementation returning a truly constant OSSL_PARAM array. Some providers may have a need to return an OSSL_PARAM array that is dependent on the provider configuration, or anything else that is contained in its provider context. Add extended variants of these functions that get the provider context passed. The functions should still return a static and constant OSSL_PARAM array, but may use the provider context to select the array to return dependent on its context. The returned array must be constant at least until the provider is unloaded. Providers can implement only the original functions, or only the extended functions, or both. Implementing at least one of those functions is required if also the respective OSSL_FUNC_keymgmt_import() or OSSL_FUNC_keymgmt_export() function is implemented. If an extended function is available, it is called by evp_keymgmt_import_types() or evp_keymgmt_export_types(), otherwise the original function is called. This makes the code backward compatible. Existing providers will only implement the original functions, so these functions will continued to be called. Newer providers can choose to implement the extended functions, and thus can benefit from the provider context being passed to the implementation. Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20255)
* first cut at sigalg loadingMichael Baentsch2023-02-241-0/+15
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19312)
* New function EC_GROUP_to_params to convert an EC_GROUP to an array of ↵Oliver Mihatsch2023-02-081-0/+16
| | | | | | | | | OSSL_PARAM. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20205)
* Enable some disabled __owursDmitry Belyavskiy2023-02-071-13/+13
| | | | | | | | | Fixes #15902 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/15905)
* Fix GENERAL_NAME_cmp for x400Address (master)Hugo Landau2023-02-071-1/+1
| | | | | | | CVE-2023-0286 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
* Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() codeTomas Mraz2023-01-271-0/+3
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)
* QUIC FIN Support: Various fixesHugo Landau2023-01-271-2/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* QUIC Front End I/O API: Add support for signalling and detecting end-of-streamHugo Landau2023-01-271-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_exHugo Landau2023-01-271-0/+12
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()Dr. David von Oheimb2023-01-261-0/+8
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* Replace use of the Dummy Handshake Layer with the real oneMatt Caswell2023-01-241-0/+1
| | | | | | | | We start using the QUIC TLS implementation rather than the dummy one. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19748)
* PKCS12 - Add additional libctx and propq support.slontis2023-01-162-0/+4
| | | | | | | | | | | | | | | | | Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
* QUIC API: Rename want_net_read and want_net_writeHugo Landau2023-01-131-2/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC BIO Poll Descriptors: simplify custom interfaceHugo Landau2023-01-131-5/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC Front-End I/O APIHugo Landau2023-01-131-0/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Add BIO poll descriptorsHugo Landau2023-01-132-0/+25
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Support all five EdDSA instances from RFC 8032James Muir2023-01-131-0/+2
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes #6277 Description: Make each of the five EdDSA instances defined in RFC 8032 -- Ed25519, Ed25519ctx, Ed25519ph, Ed448, Ed448ph -- available via the EVP APIs. The desired EdDSA instance is specified via an OSSL_PARAM. All instances, except for Ed25519, allow context strings as input. Context strings are passed via an OSSL_PARAM. For Ed25519ctx, the context string must be nonempty. Ed25519, Ed25519ctx, Ed448 are PureEdDSA instances, which means that the full message (not a digest) must be passed to sign and verify operations. Ed25519ph, Ed448ph are HashEdDSA instances, which means that the input message is hashed before sign and verify. Testing: All 21 test vectors from RFC 8032 have been added to evppkey_ecx.txt (thanks to Shane Lontis for showing how to do that). Those 21 test vectors are exercised by evp_test.c and cover all five instances. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> (Merged from https://github.com/openssl/openssl/pull/19705)
* Avoid ifdefs in trace categoriesTomas Mraz2022-12-221-4/+2
| | | | | | | | | | | The trace code assumes all categories are present and the category numbers are equal to the index in the table. Fixes #19915 Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> (Merged from https://github.com/openssl/openssl/pull/19917)
View Lorry Controller Status