drop! Make OS Zoo on pull request to test

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/

drop! Make OS Zoo on pull request to test

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)

show more ...

The canonical localhost IPv6 address is [::1] not [::]

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https:

The canonical localhost IPv6 address is [::1] not [::]

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/21825)

show more ...

Always use uint8_t for TLS record type

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pul

Always use uint8_t for TLS record type

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)

show more ...

drop! Make failing tests run on pull request to test

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/opens

drop! Make failing tests run on pull request to test

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)

show more ...

ch_init(): Add braces to appease older clang compilers

They produce a warning `suggest braces around initialization of subobject`
otherwise.

Add -Wno-missing-braces to silence o

ch_init(): Add braces to appease older clang compilers

They produce a warning `suggest braces around initialization of subobject`
otherwise.

Add -Wno-missing-braces to silence old clang compilers

And drop unnecessary braces in zeroing initializers.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)

show more ...

quic_tls.c: Fix wrong format string when raising error

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/ope

quic_tls.c: Fix wrong format string when raising error

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)

show more ...

Avoid issues with endianness when type is used in SSL_trace()

The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL

Avoid issues with endianness when type is used in SSL_trace()

The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)

show more ...

Add a link to the multi-stream QUIC client tutorial from the introduction

We've added a new page to the guide so we should add a link to it.

Reviewed-by: Tomas Mraz <tomas@openssl.o

Add a link to the multi-stream QUIC client tutorial from the introduction

We've added a new page to the guide so we should add a link to it.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Update demos/tutorial to distinguish between stream and connection errors

We can use SSL_get_stream_read_state() to distinguish these cases.

Reviewed-by: Tomas Mraz <tomas@openssl.o

Update demos/tutorial to distinguish between stream and connection errors

We can use SSL_get_stream_read_state() to distinguish these cases.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Clarify SSL_accept_stream/SSL_new_stream behaviour with a default stream

Explain what happens if you call those functions and there is no default
stream present yet.

Reviewed-by

Clarify SSL_accept_stream/SSL_new_stream behaviour with a default stream

Explain what happens if you call those functions and there is no default
stream present yet.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Add some additional comments to the demos

Add some additional explanation for some code lines in the demos that did
not have a comment.

Reviewed-by: Tomas Mraz <tomas@openssl.or

Add some additional comments to the demos

Add some additional explanation for some code lines in the demos that did
not have a comment.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Provide introduction/tutorial page for QUIC multi-stream

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/op

Provide introduction/tutorial page for QUIC multi-stream

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Update quicserver to be able to handle multiple streams

We extend quicserver so that it can handle multiple requests with an
HTTP request on each one. If a uni-directional stream comes i

Update quicserver to be able to handle multiple streams

We extend quicserver so that it can handle multiple requests with an
HTTP request on each one. If a uni-directional stream comes in we create
a uni-directional stream for the response

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Add a QUIC multi-stream client demo

Demonstrate how to use the QUIC multi-stream APIs with a simple blocking
client.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by:

Add a QUIC multi-stream client demo

Demonstrate how to use the QUIC multi-stream APIs with a simple blocking
client.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Add an initial guide page for writing a multi-stream QUIC client

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://githu

Add an initial guide page for writing a multi-stream QUIC client

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Update some links within the guide to not use crypto(7)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/ope

Update some links within the guide to not use crypto(7)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Update the desciption of shutdown in the QUIC client blocking tutorial

Give a better description of the shutdown process in QUIC.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Rev

Update the desciption of shutdown in the QUIC client blocking tutorial

Give a better description of the shutdown process in QUIC.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21765)

show more ...

Test that we send multiple datagrams in one go if appropriate

If we have enough data for more than one datagram then we should send more
than one datagram

Reviewed-by: Hugo Land

Test that we send multiple datagrams in one go if appropriate

If we have enough data for more than one datagram then we should send more
than one datagram

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)

show more ...

Don't keep creating CONNECTION_CLOSE frames

If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than o

Don't keep creating CONNECTION_CLOSE frames

If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)

show more ...

Keep sending datagrams while we have data to send

If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.

Keep sending datagrams while we have data to send

If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)

show more ...

Allow RSA-PSS also in EVP_PKEY_assign() and EVP_PKEY_can_sign()

Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign()
and detect_foreign_key() which is called

Allow RSA-PSS also in EVP_PKEY_assign() and EVP_PKEY_can_sign()

Treat keys with EVP_PKEY_RSA_PSS the same as EVP_PKEY_RSA in EVP_PKEY_can_sign()
and detect_foreign_key() which is called by EVP_PKEY_assign().

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21819)

show more ...

ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS

The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.

Signed-off-by: Ingo Fr

ctrl_params_translate: Allow get_rsa_payload_x() also for RSA-PSS

The get_rsa_payload_x() functions should also allow to get the payload
for RSA-PSS keys.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)

show more ...

ctrl_params_translate: Allow RSA controls also for RSA-PSS

Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.

Signed-off-by: Ingo Fran

ctrl_params_translate: Allow RSA controls also for RSA-PSS

Controls 'rsa_keygen_pubexp' and 'rsa_keygen_primes' should also be allowed
for RSA-PSS keys.

Signed-off-by: Ingo Franzki <ifranzki@linux.ibm.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21818)

show more ...

doc: Avoid usage of non-existing constant

CLA: trivial

Fixes: #21809

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com

doc: Avoid usage of non-existing constant

CLA: trivial

Fixes: #21809

Signed-off-by: Jakub Jelen <jjelen@redhat.com>

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21817)

show more ...

Optimize SM2 on aarch64

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merge

Optimize SM2 on aarch64

Signed-off-by: Xu Yizhou <xuyizhou1@huawei.com>

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20754)

show more ...