QUIC: Rename SSL_set_initial_peer_addr to SSL_set1_initial_peer_addr

Fixes #21701

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(M

QUIC: Rename SSL_set_initial_peer_addr to SSL_set1_initial_peer_addr

Fixes #21701

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21814)

show more ...

Add a -trace option to quicserver to enable tracing of the communication

Trace output of the communication with the client is dumped to stderr if
the -trace options is supplied

Add a -trace option to quicserver to enable tracing of the communication

Trace output of the communication with the client is dumped to stderr if
the -trace options is supplied

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)

show more ...

Add the ability to set SSL_trace as the msg_callback in tserver

This is useful for debugging purposes. The standard SSL_trace msgcallback
can be used with tserver.

Reviewed-by:

Add the ability to set SSL_trace as the msg_callback in tserver

This is useful for debugging purposes. The standard SSL_trace msgcallback
can be used with tserver.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)

show more ...

Fixed default value of the "ess_cert_id_alg" option in man openssl-ts(1)

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org

Fixed default value of the "ess_cert_id_alg" option in man openssl-ts(1)

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21805)

show more ...

Change the TLS handshake keys early if we're not doing early data

We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early da

Change the TLS handshake keys early if we're not doing early data

We change the client TLS handshake keys as late as possible so that we
don't disturb the keys if we are writing early data. However for QUIC we
want to do this as early as possible (after ServerHello). Since we will
never do TLS early data with QUIC we just do it as early as possible if
early data is not being used.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21810)

show more ...

doc: add the migration guide to the new guide series

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/opens

doc: add the migration guide to the new guide series

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21807)

show more ...

Update CHANGES.md and NEWS.md for the upcoming 3.2 release

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.c

Update CHANGES.md and NEWS.md for the upcoming 3.2 release

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21802)

show more ...

quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/open

quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)

show more ...

ossl_quic_tx_packetiser_generate(): Always report if packets were sent

Even in case of later failure we need to flush
the previous packets.

Reviewed-by: Hugo Landau <hlandau@ope

ossl_quic_tx_packetiser_generate(): Always report if packets were sent

Even in case of later failure we need to flush
the previous packets.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)

show more ...

QUIC: Miscellaneous error handling updates

Raise errors when appropriate.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged

QUIC: Miscellaneous error handling updates

Raise errors when appropriate.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)

show more ...

QUIC: Add ERR_raise() calls for EVP call failures

This improves tracking where the failure was triggered.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswel

QUIC: Add ERR_raise() calls for EVP call failures

This improves tracking where the failure was triggered.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)

show more ...

Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()

This was already resolved by https://github.com/openssl/openssl/pull/21547

Reviewed-by: Hugo Landau <hlandau@openssl

Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()

This was already resolved by https://github.com/openssl/openssl/pull/21547

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)

show more ...

Fix a leak in ossl_encode_ctx_setup_for_pkey

Make sure we free the stack of names we allocated in an error path.

Found by the reproducible error patch in #21668

Reviewed-by

Fix a leak in ossl_encode_ctx_setup_for_pkey

Make sure we free the stack of names we allocated in an error path.

Found by the reproducible error patch in #21668

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/21796)

show more ...

qtest: Use fake time on both client and server

And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau

qtest: Use fake time on both client and server

And use QTEST_FLAG_FAKE_TIME with test_ssl_trace().

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)

show more ...

qtest: Run both client and server during connect

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/o

qtest: Run both client and server during connect

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)

show more ...

QUIC: Update ping deadline when we receive a packet

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openss

QUIC: Update ping deadline when we receive a packet

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)

show more ...

quic_trace.c: Fix typo in traces

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/2171

quic_trace.c: Fix typo in traces

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)

show more ...

Update the ssltraceref.txt

Also adds saving the new trace to ssltraceref-new.txt in
test-runs which can be handy when the trace changes and
needs to be updated.

Reviewed-by:

Update the ssltraceref.txt

Also adds saving the new trace to ssltraceref-new.txt in
test-runs which can be handy when the trace changes and
needs to be updated.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)

show more ...

QUIC: Do not discard the INITIAL el too early

RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.

On client we discard INITIAL e

QUIC: Do not discard the INITIAL el too early

RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.

On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)

show more ...

Updates documentation of RC4_CHAR and RC4_INT: Should not be used for new configuration targets

Fixes: #21358

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Re

Updates documentation of RC4_CHAR and RC4_INT: Should not be used for new configuration targets

Fixes: #21358

CLA: trivial

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21391)

show more ...

Test that a thread blocking in SSL_read_ex() will wake up on FIN

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://githu

Test that a thread blocking in SSL_read_ex() will wake up on FIN

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)

show more ...

Handle the case where the read buffer is empty but we have received FIN

In some cases where a FIN has been received but with no data quic_read_actual
was failing to raise SSL_ERROR_ZERO_

Handle the case where the read buffer is empty but we have received FIN

In some cases where a FIN has been received but with no data quic_read_actual
was failing to raise SSL_ERROR_ZERO_RETURN. This meant that we could end up
blocking in SSL_read(_ex) for too long.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)

show more ...

ssl_get_min_max_version(): Remove unused variable single

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged fr

ssl_get_min_max_version(): Remove unused variable single

CLA: trivial

Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21768)

show more ...

ossl_x509_store_ctx_get_by_subject(): Check return value of X509_STORE_lock()

Fixes Coverity 1539148

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hland

ossl_x509_store_ctx_get_by_subject(): Check return value of X509_STORE_lock()

Fixes Coverity 1539148

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)

show more ...

cmp_genm.c: Remove superfluous store_ctx != 0 check

This really cannot be ever called with NULL store_ctx
and the check confuses Coverity.

Fixes Coverity 1538865

Review

cmp_genm.c: Remove superfluous store_ctx != 0 check

This really cannot be ever called with NULL store_ctx
and the check confuses Coverity.

Fixes Coverity 1538865

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21755)

show more ...