ssl_lib: added pointer SSL and SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@open

ssl_lib: added pointer SSL and SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22470)

show more ...

ssl_lib: added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

ssl_lib: added pointer SSL_CONNECTION check to NULL before dereferencing it in ossl_ctrl_internal()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22470)

show more ...

Fix potential NULL deref in ssl_old_test.c

Fix #22367

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlanda

Fix potential NULL deref in ssl_old_test.c

Fix #22367

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22383)

show more ...

aes-gcm-avx512.pl: fix non-reproducibility issue

Replace the random suffix with a counter, to make the
build reproducible.

Fixes #20954

Reviewed-by: Richard Levitte <le

aes-gcm-avx512.pl: fix non-reproducibility issue

Replace the random suffix with a counter, to make the
build reproducible.

Fixes #20954

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22415)

show more ...

bn: Properly error out if aliasing return value with modulus

Test case amended from code initially written by Bernd Edlinger.

Fixes #21110

Reviewed-by: Dmitry Belyavskiy <b

bn: Properly error out if aliasing return value with modulus

Test case amended from code initially written by Bernd Edlinger.

Fixes #21110

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22421)

show more ...

doc: change "certifictes" to "certificates"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landa

doc: change "certifictes" to "certificates"

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22446)

show more ...

Link libatomic on riscv32

GCC toolchains on linux are not able to build libcrypto without linking
to libatomic as it does not have all needed atomics implemented as
intrinsics

Link libatomic on riscv32

GCC toolchains on linux are not able to build libcrypto without linking
to libatomic as it does not have all needed atomics implemented as
intrinsics

Fixes errors like

| ld: ./libcrypto.so: undefined reference to `__atomic_is_lock_free'

CLA: trivial
Signed-off-by: Khem Raj <raj.khem@gmail.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22460)

show more ...

return 0 if an error occurred

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from h

return 0 if an error occurred

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22504)

(cherry picked from commit f0d88b4d070426493749cfd6b657e42dc3c2f5dd)

show more ...

Preemptively reflect the changes in #22480

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merge

Preemptively reflect the changes in #22480

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22487)

show more ...

BIO: Document BIO_sendmmsg and BIO_recvmmsg callbacks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

BIO: Document BIO_sendmmsg and BIO_recvmmsg callbacks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22487)

show more ...

Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN

BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initia

Blake2b: Use OSSL_DIGEST_PARAM_SIZE as settable instead of XOFLEN

BLAKE2 is not really an extensible output function unlike SHAKE
as the digest size must be set during the context initialization.
Thus it makes no sense to use OSSL_DIGEST_PARAM_XOFLEN.

We also need to adjust EVP_DigestFinal_ex() to query the
OSSL_DIGEST_PARAM_SIZE as gettable ctx param for the size.

Fixes #22488

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22491)

show more ...

QUIC CHANNEL: Handle ping deadlines differently

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/opens

QUIC CHANNEL: Handle ping deadlines differently

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)

show more ...

QUIC CHANNEL: Tweak crypto buffer sizes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

QUIC CHANNEL: Tweak crypto buffer sizes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)

show more ...

QUIC CHANNEL: Correct timeout calculation for ACKs

ACKs are not restricted by CC so do not consider CC when determining
when we will emit an ACK.

Reviewed-by: Tomas Mraz <tomas@

QUIC CHANNEL: Correct timeout calculation for ACKs

ACKs are not restricted by CC so do not consider CC when determining
when we will emit an ACK.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)

show more ...

QUIC TLS: Ensure QUIC_TLS is ticked between each processed RX packet

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

QUIC TLS: Ensure QUIC_TLS is ticked between each processed RX packet

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)

show more ...

QUIC: Test connection with large client and server cert chains

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github

QUIC: Test connection with large client and server cert chains

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22476)

show more ...

fuzz-checker.yml: Revert inadvertent change from fac61ea

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.c

fuzz-checker.yml: Revert inadvertent change from fac61ea

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22501)

show more ...

Avoid using gets as an argument name in a prototype

This otherwise breaks compilation of applications using ssl.h on MingW.

Fixes #22296

Reviewed-by: Richard Levitte <levit

Avoid using gets as an argument name in a prototype

This otherwise breaks compilation of applications using ssl.h on MingW.

Fixes #22296

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22316)

show more ...

quic: documentation and demo nits

The code for the quic demos (from the openssl guide) is presented as
modifications of tls-client-block.c. Make it so that the quic code
better matc

quic: documentation and demo nits

The code for the quic demos (from the openssl guide) is presented as
modifications of tls-client-block.c. Make it so that the quic code
better matches the tls code (drop unneeded assignments to "ret", use
the same comment on SSL_connect(), add the same printf() statement).

Also fix some minor typos.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22483)

show more ...

QUIC MULTISTREAM TEST: Output connection closure reason info on failure

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Le

QUIC MULTISTREAM TEST: Output connection closure reason info on failure

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22485)

show more ...

QUIC APL: Add support for querying frame type causing closure

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <lev

QUIC APL: Add support for querying frame type causing closure

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22485)

show more ...

Don't wait in select if we have data to write

In s_client, when using quic, if we have data from the user to write then we shouldn't
hang in "select" waiting for something to happen.

Don't wait in select if we have data to write

In s_client, when using quic, if we have data from the user to write then we shouldn't
hang in "select" waiting for something to happen.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22480)

show more ...

Make s_client -quic -debug work

The callback that makes -debug print the data sent/received needed extending
for the new QUIC callback codes.

Reviewed-by: Tomas Mraz <tomas@open

Make s_client -quic -debug work

The callback that makes -debug print the data sent/received needed extending
for the new QUIC callback codes.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22480)

show more ...

quic_multistream_test: Output info about connection close reason

In case the connection close error code is unexpected
print out the reason to help with diagnostics.

Reviewed-by

quic_multistream_test: Output info about connection close reason

In case the connection close error code is unexpected
print out the reason to help with diagnostics.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22474)

show more ...

sslapitest: add cast to avoid compiler error

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.or

sslapitest: add cast to avoid compiler error

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22500)

show more ...