QUIC CHANNEL: Initialise state, FC credit for new streams correctly

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gith

QUIC CHANNEL: Initialise state, FC credit for new streams correctly

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC CHANNEL: Handle incoming remotely-created streams

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openss

QUIC CHANNEL: Handle incoming remotely-created streams

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC APL: Add stream creation APIs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

QUIC APL: Refactor stream-related code into QUIC_XSO object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

QUIC APL: Refactor stream-related code into QUIC_XSO object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC CHANNEL: Handle any number of streams

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pu

QUIC CHANNEL: Handle any number of streams

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC CHANNEL: Store TPs for initial flow control in TX direction

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.

QUIC CHANNEL: Store TPs for initial flow control in TX direction

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC CHANNEL: Clarify role of RX TPs in preparation of storing TX TPs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://gi

QUIC CHANNEL: Clarify role of RX TPs in preparation of storing TX TPs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC CHANNEL: Remove stream 0-specific code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/p

QUIC CHANNEL: Remove stream 0-specific code

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC APL: Create QUIC CHANNEL up front rather than deferring creation

We switch to instantiating the QUIC_CHANNEL up front at QCSO
instantiation time. This creates the QUIC_STREAM_MAP ea

QUIC APL: Create QUIC CHANNEL up front rather than deferring creation

We switch to instantiating the QUIC_CHANNEL up front at QCSO
instantiation time. This creates the QUIC_STREAM_MAP early and makes it
easy for us to allocate streams prior to connection initiation. The role
(client or server) is determined at QCSO allocation time and cannot be
changed.

SSL_set_connect/accept_state() are still modelled but their usage must
be consistent with the chosen SSL_METHOD which dictates which role is
being used.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC: Base client/server identity on SSL method, not SSL_set_connect/accept_state

In QUIC, we have an architectural need (in future, when we implement
0-RTT, etc.) to be able to create s

QUIC: Base client/server identity on SSL method, not SSL_set_connect/accept_state

In QUIC, we have an architectural need (in future, when we implement
0-RTT, etc.) to be able to create streams before we start connecting.
This requires we allocate a stream, including a stream ID, after
creating a QCSO but prior to connecting. However stream IDs are
dependent on whether the endpoint is in the client or server role,
therefore we must know whether we are going to be a client or server
before any pre-connection streams are created. Moreover, the originally
defined QUIC_client_method() and QUIC_server_method() functions heavily
implied the original plan was to have different SSL_METHODs for clients
and servers. Up until now we had been relying on
SSL_set_connect/accept_state() instead.

Solve these problems by basing client/server identity on whether
QUIC_server_method() is used (in future, when we support servers). This
ensures that once a QCSO is created its client/server identity are fixed
and cannot change, allowing pre-connection stream IDs, etc. to be
allocated.

Client/server uncertainty was the primary reason why QUIC_CHANNEL
creation was deferred until connection time up until now, so this
enables further refactoring to facilitate eager allocation of the
QUIC_CHANNEL at QCSO allocation time. This is important as allocating a
stream including its write buffers is hard without having the
QUIC_CHANNEL (which owns the QUIC_STREAM_MAP) in existence.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Update ssl_lib.c frontend to use new dispatch style

This amends the dispatch code from ssl_lib.c to the QUIC API Personality
Layer to use the new approach of dispatching u

QUIC Dispatch: Update ssl_lib.c frontend to use new dispatch style

This amends the dispatch code from ssl_lib.c to the QUIC API Personality
Layer to use the new approach of dispatching using SSL object pointers
rather than raw QUIC_CONNECTION pointers. This completes the said
refactor.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Add simple way to determine if SSL object is QUIC-related

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

QUIC Dispatch: Add simple way to determine if SSL object is QUIC-related

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Refactor APL interface to use SSL pointers not QC pointers

We now refactor the interface between ssl_lib.c frontend functions and
the QUIC API Personality Layer so that th

QUIC Dispatch: Refactor APL interface to use SSL pointers not QC pointers

We now refactor the interface between ssl_lib.c frontend functions and
the QUIC API Personality Layer so that the respective functions
comprising the interface use SSL object pointers rather than raw
QUIC_CONNECTION pointers. This is in preparation for stream support
since once streams are supported, calls to e.g. ossl_quic_write() may be
made on a QUIC_CONNECTION or a QUIC_XSO (that is, a stream object). Thus
we take a uniform approach across all functions comprising the interface
between the ssl_lib.c frontend and the QUIC API Personality Layer of
using SSL pointers always. This provides a uniform approach and
ensures that any function of the API personality layer can be easily
adapted to support being called on a stream object in the future.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Introduce the QUIC_XSO object

The QUIC_XSO (external stream object) is to a QUIC stream what a
QUIC_CONNECTION is to a QUIC connection. Both are SSL objects. The
QUIC_

QUIC Dispatch: Introduce the QUIC_XSO object

The QUIC_XSO (external stream object) is to a QUIC stream what a
QUIC_CONNECTION is to a QUIC connection. Both are SSL objects. The
QUIC_CONNECTION type is the internal representation of a QUIC connection
SSL object (QCSO) and the QUIC_XSO type is the internal representation
of a QUIC stream SSL object (QSSO) type. The name QUIC_XSO has been
chosen to be distinct from the existing QUIC_STREAM type which is our
existing internal stream type. QUIC_XSO is to a QUIC_STREAM what
QUIC_CONNECTION is to a QUIC_CHANNEL; in other words, QUIC_CONNECTION
and QUIC_XSO objects form part of the API personality layer, whereas
QUIC_CHANNEL and QUIC_STREAM objects form part of the QUIC core and are
distinct from the API personality layer.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Enhance SSL object unwrapping functions (core)

Uniform changes to all dispatch functions to use the new dispatch
functionality follows this commit. Separated into a core c

QUIC Dispatch: Enhance SSL object unwrapping functions (core)

Uniform changes to all dispatch functions to use the new dispatch
functionality follows this commit. Separated into a core commit
and a commit containing the uniform pattern (monotonous) changes
for ease of review.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

CMP client: fix checking new cert enrolled with oldcert and without private key

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: D

CMP client: fix checking new cert enrolled with oldcert and without private key

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

show more ...

CMP client: fix error response on -csr without private key, also in docs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David vo

CMP client: fix error response on -csr without private key, also in docs

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

show more ...

apps/openssl.cnf: fix reference to insta.ca.crt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheim

apps/openssl.cnf: fix reference to insta.ca.crt

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/20832)

show more ...

provider: return error if buf too small when getting ec pubkey param

Fixes #20889

There was an incorrect value passed to EC_POINT_point2oct() for the
buffer size of the param pa

provider: return error if buf too small when getting ec pubkey param

Fixes #20889

There was an incorrect value passed to EC_POINT_point2oct() for the
buffer size of the param passed-in.

Added testcases.

Signed-off-by: Yi Li <yi1.li@intel.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20890)

show more ...

Fix typos found by codespell

Fix only typos in doc/man* for inclusion in 3.* branches.

Other typos have been fixed in a different commit.

Reviewed-by: Paul Dale <pauli@open

Fix typos found by codespell

Fix only typos in doc/man* for inclusion in 3.* branches.

Other typos have been fixed in a different commit.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20924)

show more ...

Clarify documentation of SSL_SESSION_dup

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Mer

Clarify documentation of SSL_SESSION_dup

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20848)

show more ...

Clear ownership when duplicating sessions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Me

Clear ownership when duplicating sessions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20848)

show more ...

ecp_nistp256.c: Fix exponent in comment

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.c

ecp_nistp256.c: Fix exponent in comment

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20926)

show more ...

fix SSL_get_wbio may return rbio on quic

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <toma

fix SSL_get_wbio may return rbio on quic

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20930)

show more ...

Fixed TLS1.3 handshake issue for legacy engine API.

Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas

Fixed TLS1.3 handshake issue for legacy engine API.

Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20922)

show more ...