QUIC APL: Better error reporting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)

QUIC CHANNEL: Only handle the first protocol error raised

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

QUIC CHANNEL: Only handle the first protocol error raised

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)

show more ...

BIO_s_connect: Add support for datagram mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/

BIO_s_connect: Add support for datagram mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)

show more ...

BIO_s_connect: Make internal functions static

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl

BIO_s_connect: Make internal functions static

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)

show more ...

QUIC TLS: Better error message when ALPN not used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/ope

QUIC TLS: Better error message when ALPN not used

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)

show more ...

Removed unnecessary brace in ktls_configure_crypto

CLA: trivial

Fixes #21498

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(

Removed unnecessary brace in ktls_configure_crypto

CLA: trivial

Fixes #21498

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21908)

show more ...

Update X509 fuzzer to verify a chain

It add supports for verifying that it's been signed by a CA, and
checks the CRL and OCSP status

Can find CVE-2022-4203 and CVE-2023-0286

Update X509 fuzzer to verify a chain

It add supports for verifying that it's been signed by a CA, and
checks the CRL and OCSP status

Can find CVE-2022-4203 and CVE-2023-0286

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20243)

show more ...

Add ED25519 Signature demo.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by:

Add ED25519 Signature demo.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21883)

show more ...

Remove a redundant point mul from ossl_ec_key_public_check()

This code was added in error and is entirely redundant. It is also an
expensive operation (e.g. see #21833).

Fixes #

Remove a redundant point mul from ossl_ec_key_public_check()

This code was added in error and is entirely redundant. It is also an
expensive operation (e.g. see #21833).

Fixes #21834

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21902)

show more ...

powerpc: ecc: Fix stack allocation secp384r1 asm

Assembly acceleration secp384r1 opts to not use any callee-save VSRs, as
VSX enabled systems make extensive use of renaming, and so write

powerpc: ecc: Fix stack allocation secp384r1 asm

Assembly acceleration secp384r1 opts to not use any callee-save VSRs, as
VSX enabled systems make extensive use of renaming, and so writebacks in
felem_{mul,square}() can be reordered for best cache effects.

Remove stack allocations. This in turn fixes unmatched push/pops in
felem_{mul,square}().

Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21749)

show more ...

ecc: Remove extraneous parentheses in secp384r1

Substitutions in the felem_reduce() method feature unecessary
parentheses, remove them.

Signed-off-by: Rohan McLure <rohan.mclure

ecc: Remove extraneous parentheses in secp384r1

Substitutions in the felem_reduce() method feature unecessary
parentheses, remove them.

Signed-off-by: Rohan McLure <rohan.mclure@linux.ibm.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21749)

show more ...

QUIC: Harden ring buffer against internal misuse

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>

QUIC: Harden ring buffer against internal misuse

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21895)

show more ...

OPENSSL_init_crypto load config into initial global default library context

OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG must load the configuration
into the initial global defaul

OPENSSL_init_crypto load config into initial global default library context

OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG must load the configuration
into the initial global default library context, not the currently set default
library context.

OPENSSL_init_crypto() with OPENSSL_INIT_LOAD_CONFIG may be called within other
OpenSSL API functions, e.g. from within EVP_PKEY_CTX_new_xxx() when initializing
a pkey context, to perform implicit initialization, if it has not been
initialized yet. This implicit initialization may happen at a time when an
application has already create its own library context and made it the default
library context. So loading the config into the current default library context
would load it into the applications library context.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21897)

show more ...

Add CHANGES.md entry for ess_cert_id_alg default change

The default was changed in 10536b7f5b07aab3dc9631e94a56258155a1d942

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed

Add CHANGES.md entry for ess_cert_id_alg default change

The default was changed in 10536b7f5b07aab3dc9631e94a56258155a1d942

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21845)

show more ...

ecp_sm2p256-armv8.pl: Copy the argument handling from ecp_nistz256-armv8.pl

Popping the $output argument is more robust and it also needs to be
placed in double quotes to handle spaces i

ecp_sm2p256-armv8.pl: Copy the argument handling from ecp_nistz256-armv8.pl

Popping the $output argument is more robust and it also needs to be
placed in double quotes to handle spaces in paths.

Fixes #21874
Fixes #21876

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21877)

show more ...

Design document of the run-time parameters activation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/o

Design document of the run-time parameters activation

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)

show more ...

OSSL_PROVIDER_load_ex tests

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)

OSSL_PROVIDER_load_ex

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21604)

Add option for in-place cipher testing in evp_test

The command line option enables setting in-place
data processing for cipher testing in `evp_test`.
The `both` option argument runs

Add option for in-place cipher testing in evp_test

The command line option enables setting in-place
data processing for cipher testing in `evp_test`.
The `both` option argument runs both - in-place
and non-in-place testing.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21546)

show more ...

man: update missingcrypto.txt file

Remove some entries which have been documented meanwhile.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.

man: update missingcrypto.txt file

Remove some entries which have been documented meanwhile.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21873)

show more ...

QUIC APL: Determine if an error is an I/O error dynamically

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/o

QUIC APL: Determine if an error is an I/O error dynamically

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21829)

show more ...

Fix misspelled deprecation macro name in comment

Commit 77c30753cd replaced the convenience macros `DEPRECATEDIN_{major}_{minor}`
by `OSSL_DEPRECATEDIN_{major}_{minor}` but misspelled th

Fix misspelled deprecation macro name in comment

Commit 77c30753cd replaced the convenience macros `DEPRECATEDIN_{major}_{minor}`
by `OSSL_DEPRECATEDIN_{major}_{minor}` but misspelled them in the comment.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21868)

show more ...

Correct the fixed size handling for dgram_pair and dgram_mem

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.c

Correct the fixed size handling for dgram_pair and dgram_mem

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21866)

show more ...

Minor fix during rebase

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)

Tweak documentation for WAIT_PEER

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)