Revert "Give BIO_s_mem() the ability to support datagrams"

This reverts commit 5a4ba72f00f9b336a4d65abff822699ceb9617c6.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by

Revert "Give BIO_s_mem() the ability to support datagrams"

This reverts commit 5a4ba72f00f9b336a4d65abff822699ceb9617c6.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20012)

show more ...

QUIC FIN Support: Documentation fixups

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/1

QUIC FIN Support: Documentation fixups

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

QUIC FIN Support: Various fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

QUIC TSERVER: Fix probable nondeterminism in some OS network stacks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://gith

QUIC TSERVER: Fix probable nondeterminism in some OS network stacks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

QUIC: Add documentation for stream and connection shutdown functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

QUIC: Add documentation for stream and connection shutdown functions

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

QUIC Test Server: Exercise end-of-stream condition on read and write

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

QUIC Test Server: Exercise end-of-stream condition on read and write

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

QUIC Front End I/O API: Add support for signalling and detecting end-of-stream

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from h

QUIC Front End I/O API: Add support for signalling and detecting end-of-stream

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

QUIC TXP: Fix handling of FIN stream chunks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/p

QUIC TXP: Fix handling of FIN stream chunks

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.

QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

Add notes about ignoring initialization failures on contexts

Fixes #20130

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Me

Add notes about ignoring initialization failures on contexts

Fixes #20130

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20136)

show more ...

Document that the RSA e value is mandatory when importing.

The lab tried doing a RSA decryption primitive using just n (using p, q) and d.

This failed for 2 reasons:
(1) e is re

Document that the RSA e value is mandatory when importing.

The lab tried doing a RSA decryption primitive using just n (using p, q) and d.

This failed for 2 reasons:
(1) e is required when importing
(2) Internally e is used for blinding.

Note n and e can be calculated using:
n = pq
e = (1/d) mod (p-1)(q-1)

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20133)

show more ...

Fix Coverity 1520485: logically dead code

The check is unnecessary as the condition is already checked
before the switch statement.

Reviewed-by: Hugo Landau <hlandau@openssl.org

Fix Coverity 1520485: logically dead code

The check is unnecessary as the condition is already checked
before the switch statement.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20121)

show more ...

Revert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"

This reverts commit e787c57c538d0922004e49a10be0d403af773272.

The current CI host system is Ubuntu 22.04, which

Revert "CI: cross-compile: riscv: Add RV64 machine with Zb* and Zk*"

This reverts commit e787c57c538d0922004e49a10be0d403af773272.

The current CI host system is Ubuntu 22.04, which ships with QEMU 6.2.
This QEMU release is too old for the required RISC-V extensions.
We would need at least QEMU 7.1 (Aug 2022) for this patch.

Let's revert the patch.

Signed-off-by: Christoph Müllner <christoph.muellner@vrull.eu>

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20139)

show more ...

Clarify the change of enc -S behavior in 3.0

Fixes #19730

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas

Clarify the change of enc -S behavior in 3.0

Fixes #19730

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19732)

show more ...

rename 90-test_traceapi.t to 90-test_trace_api.t for consistency

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb

rename 90-test_traceapi.t to 90-test_trace_api.t for consistency

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

show more ...

OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by

OSSL_HTTP_REQ_CTX_nbio(): use OSSL_TRACE_STRING() for msg body where it makes sense

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

show more ...

add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von

add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
(Merged from https://github.com/openssl/openssl/pull/18704)

show more ...

Fix incomplete checks for EVP_CIPHER_asn1_to_param

EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only

Fix incomplete checks for EVP_CIPHER_asn1_to_param

EVP_CIPHER_asn1_to_param() returns a value <= 0 in case of an error, and
a value greater than 0 in case of success. Two callsites only check for
< 0 instead of <= 0. The other callsites perform this check correctly.
Change the two callsites to <= 0. Additionally correctly handle a zero
return value from EVP_CIPHER_get_asn1_iv as success.

Fixes: #20116

CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/201213)

show more ...

Remove the user_ssl field

The user_ssl field in an SSL_CONNECTION is no longer used - so remove it.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas

Remove the user_ssl field

The user_ssl field in an SSL_CONNECTION is no longer used - so remove it.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Add QUIC-TLS server support

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

Remove the old Dummy Handshake code

Now that we have a real TLS handshake we no longer need the dummy handshake
implementation and it can be removed.

Reviewed-by: Hugo Landau <h

Remove the old Dummy Handshake code

Now that we have a real TLS handshake we no longer need the dummy handshake
implementation and it can be removed.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Add support for the msg_callback

Having support for the msg_callback will improve debug capabilities.

For record headers we "manufacture" dummy ones so that as far as the
callba

Add support for the msg_callback

Having support for the msg_callback will improve debug capabilities.

For record headers we "manufacture" dummy ones so that as far as the
callback is concerned we are doing "normal" TLS.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Replace use of the Dummy Handshake Layer with the real one

We start using the QUIC TLS implementation rather than the dummy one.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
R

Replace use of the Dummy Handshake Layer with the real one

We start using the QUIC TLS implementation rather than the dummy one.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Add an initial QUIC-TLS implementation

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull

Add an initial QUIC-TLS implementation

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

Add the ability to add a custom extension on an SSL object

Previously we could only do this at the SSL_CTX level. We add the ability
to also do this on an SSL - but only for internal cod

Add the ability to add a custom extension on an SSL object

Previously we could only do this at the SSL_CTX level. We add the ability
to also do this on an SSL - but only for internal code.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...