QUIC SSL: Version setting restrictions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged

QUIC SSL: Version setting restrictions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL: Forbid pipeline-related operations

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(

QUIC SSL: Forbid pipeline-related operations

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL: SSL_set_fd for BIO_s_datagram

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merge

QUIC SSL: SSL_set_fd for BIO_s_datagram

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL: HelloRetryRequest

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https

QUIC SSL: HelloRetryRequest

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL: Buffer Management

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https

QUIC SSL: Buffer Management

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL: Prohibit early data functionailty

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(M

QUIC SSL: Prohibit early data functionailty

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL: Prohibit readahead-related functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

QUIC SSL: Prohibit readahead-related functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC: Implement SSL_has_pending

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from h

QUIC: Implement SSL_has_pending

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC: Implement SSL_rstate_string(_long)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merg

QUIC: Implement SSL_rstate_string(_long)

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC: Prohibit post-handshake auth

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged fro

QUIC: Prohibit post-handshake auth

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC: Control SSL option setting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from

QUIC: Control SSL option setting

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC: Forbid NPN

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.c

QUIC: Forbid NPN

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC: Forbid non-QUIC ciphers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from htt

QUIC: Forbid non-QUIC ciphers

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC TLS: Prohibit SRTP-related calls for QUIC TLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>

QUIC TLS: Prohibit SRTP-related calls for QUIC TLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC handshake

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by

QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC handshake

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

show more ...

fix memory allocation and reference counting issues

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/open

fix memory allocation and reference counting issues

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/21341)

show more ...

doc: update ref count doc in light of refactoring

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openss

doc: update ref count doc in light of refactoring

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
(Merged from https://github.com/openssl/openssl/pull/21341)

show more ...

80-test_ssl_new.t: Test 14-curves.cnf depends on enabled DH now

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://githu

80-test_ssl_new.t: Test 14-curves.cnf depends on enabled DH now

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21336)

show more ...

Reorganize runchecker jobs

Put jobs that are more likely to fail to on pull request CI.
To compensate move some less likely to fail jobs to on push and
daily CI jobs.

Review

Reorganize runchecker jobs

Put jobs that are more likely to fail to on pull request CI.
To compensate move some less likely to fail jobs to on push and
daily CI jobs.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21336)

show more ...

70-test_tls13hrr.t: Use P-521 instead of X25519 for invalid group test

Otherwise this testcase won't work with no-ecx.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by:

70-test_tls13hrr.t: Use P-521 instead of X25519 for invalid group test

Otherwise this testcase won't work with no-ecx.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21333)

show more ...

Document the effect of SSL_OP_CLEANSE_PLAINTEXT on send stream data

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://githu

Document the effect of SSL_OP_CLEANSE_PLAINTEXT on send stream data

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)

show more ...

Cleanse data in send and receive ring buffers on release

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/opens

Cleanse data in send and receive ring buffers on release

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)

show more ...

Cleanse also the send stream data with SSL_OP_CLEANSE_PLAINTEXT

QUIC differs from TLS in this regard because it buffers the
data to be sent. TLS just encrypts the data to send in place.

Cleanse also the send stream data with SSL_OP_CLEANSE_PLAINTEXT

QUIC differs from TLS in this regard because it buffers the
data to be sent. TLS just encrypts the data to send in place.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21311)

show more ...

Update .gitignore with LSP files

This does not provide files for LSP support, but ignores them so they
aren't accidentally checked in by developers.

LSP (Language Server Protoco

Update .gitignore with LSP files

This does not provide files for LSP support, but ignores them so they
aren't accidentally checked in by developers.

LSP (Language Server Protocol) is a tools that can be used with various
editors to make navigating source code easier. It is more advanced than
`cscope` and supports completion, for example.

A common LSP for C/C++ is `clangd`, and it creates a `.cache` directory
within the project to store data.

The tool `bear` can be used with `make` to assist `clangd` in
determining where the source code is (specifically headers). This is
critical as OpenSSL uses the `<>` form of `#include` rather than the
`""` form. The `<>` form will cause `clangd` to look in e.g.
`/usr/include` for header files, rather than `include/openssl`. The
`bear` tool will create `compile_commands.json` that `clangd` can use
to find include files.

Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21338)

show more ...

fips: use correct field names when generating fipsmodule.cnf

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/

fips: use correct field names when generating fipsmodule.cnf

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21327)

show more ...