summaryrefslogtreecommitdiff
path: root/util
Commit message (Collapse)AuthorAgeFilesLines
* QUIC APL: De-publicise SSL_attach_stream/SSL_detach_streamHugo Landau2023-05-121-2/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: Rename SSL_set_incoming_stream_reject_policyHugo Landau2023-05-122-4/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC MSST: Add documentation for new APIsHugo Landau2023-05-121-0/+19
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Add SSL_stream_reset and status query APIsHugo Landau2023-05-121-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: SSL_accept_stream, SSL_get_accept_queue_lenHugo Landau2023-05-121-0/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)Hugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_set_default_stream_mode, default XSO refactorHugo Landau2023-05-121-0/+4
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get_stream_typeHugo Landau2023-05-121-0/+2
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get0_connectionHugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Refactor stream-related code into QUIC_XSO objectHugo Landau2023-05-121-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* fips: setup the FIPS provider in pendantic mode for testingPauli2023-04-211-1/+8
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20762)
* Added a macro OSSL_DISPATCH_END as marker of the end of OSSL_DISPATCH arraysIrak Rigia2023-04-211-0/+1
| | | | | | | | | | | Also updated the corresponding documentations. Fixes #20710 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20745)
* Make sure we can query the SSL object for version info when using QUICMatt Caswell2023-04-041-0/+2
| | | | | | | | | | | | We have the existing functions SSL_version(), SSL_get_version() and SSL_is_dtls(). We extend the first two to return something sensible when using QUIC. We additionally provide the new functions SSL_is_tls() and SSL_is_quic() to provide a mechanism to figure out what protocol we are using. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20650)
* RFC7250 (RPK) supportTodd Short2023-03-283-0/+19
| | | | | | | | | | | | | | Add support for the RFC7250 certificate-type extensions. Alows the use of only private keys for connection (i.e. certs not needed). Add APIs Add unit tests Add documentation Add s_client/s_server support Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18185)
* CMP add: fix -reqin option, which requires adding ↵Dr. David von Oheimb2023-03-251-0/+1
| | | | | | | | | OSSL_CMP_MSG_update_recipNonce() Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20204)
* QUIC: Add support for datagram injectionHugo Landau2023-03-221-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20451)
* Fix how util/wrap.pl is used in OpenSSL::Util::fixup_cmd()Richard Levitte2023-03-081-19/+38
| | | | | | | | | The mechanism was pretty tentative and wasn't well tested for diverse situations. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20415)
* Fix util/wrap.pl.in for VMS usageRichard Levitte2023-03-084-71/+27
| | | | | | | | | | | In the name of consistency, make sure that this same script is used across more platforms, in this case VMS. This removes the need for util/local_shlib.com.in and util/unlocal_shlib.com.in, which were under-used anyway. Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20415)
* Add "make help" optionTodd Short2023-03-061-0/+25
| | | | | | | | Based on kubernetes controller Makefile help. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20407)
* util/find-doc-nits: improve error diagnostics on missing man section numbers ↵Dr. David von Oheimb2023-02-241-6/+10
| | | | | | | | | in links Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20369)
* New function EC_GROUP_to_params to convert an EC_GROUP to an array of ↵Oliver Mihatsch2023-02-081-0/+1
| | | | | | | | | OSSL_PARAM. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/20205)
* check-format.pl: fix statistics on whitespace and nesting issuesDr. David von Oheimb2023-02-081-3/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19796)
* check-format.pl: fix detection of '#ifdef __cplusplus'Dr. David von Oheimb2023-02-081-1/+1
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19796)
* check-format.pl: fix detection of function body startDr. David von Oheimb2023-02-081-3/+3
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19796)
* Fix typo in Ordinals.pm from PR #14074Viktor Dukhovni2023-02-021-1/+1
| | | | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20201)
* Implement BIO_s_dgram_mem() reusing the BIO_s_dgram_pair() codeTomas Mraz2023-01-271-1/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20012)
* QUIC Front End I/O API: Add support for signalling and detecting end-of-streamHugo Landau2023-01-271-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_exHugo Landau2023-01-271-0/+1
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19897)
* add OSSL_TRACE_STRING(), OSSL_TRACE_STRING_MAX, and OSSL_trace_string()Dr. David von Oheimb2023-01-261-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/18704)
* Adding a separated build settings for BSD flavorsDavid Carlier2023-01-201-0/+3
| | | | | | | | | to avoid inheriting Linux's linker flags (ie -Wl,-z,defs) now targetting OpenBSD. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/13393)
* PKCS12 - Add additional libctx and propq support.slontis2023-01-162-2/+3
| | | | | | | | | | | | | | | | | Fixes #19718 Fixes #19716 Added PKCS12_SAFEBAG_get1_cert_ex(), PKCS12_SAFEBAG_get1_crl_ex() and ASN1_item_unpack_ex(). parse_bag and parse_bags now use the libctx/propq stored in the P7_CTX. PKCS12_free() needed to be manually constructed in order to free the propq. pkcs12_api_test.c changed so that it actually tests the libctx, propq. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19942)
* QUIC API: Rename want_net_read and want_net_writeHugo Landau2023-01-131-2/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC CSM: Tweak docs for tick functions, add DTLSv1 docsHugo Landau2023-01-131-0/+2
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* QUIC: make updateHugo Landau2023-01-132-0/+11
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19703)
* Documentation for EVP_PKEY_CTX_get0_pkey() and EVP_PKEY_CTX_get0_peerkey().Nikhil Bisht2023-01-101-2/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19962)
* Write SSL_R alerts to error state to keep updated stringsTomas Mraz2023-01-051-1/+1
| | | | | | Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19950)
* BIO_s_dgram: add documentation and hazard warningsHugo Landau2022-12-153-9/+7
| | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19795)
* Move the description of the core types into their own pagesRichard Levitte2022-12-081-0/+5
| | | | | | | | | | This expands on some of the core type descriptions, and also makes it easier to find the documentation for each type, at least on Unix, with a simple call like "man OSSL_ALGORITHM". Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19842)
* Better sorting of util/other.symsRichard Levitte2022-12-081-5/+5
| | | | | | Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19842)
* Fix treatment of BUILD_METADATARichard Levitte2022-12-081-0/+1
| | | | | | | | | | | | According to documentation [^1], the BUILD_METADATA from VERSION.dat should be prefixed with a plus sign when used. It is given this treatment in Configure, but not in all other scripts that use VERSION.dat directly. This change fixes that. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/19815)
* Implement OSSL_PROVIDER_get0_default_search_path, add docs and tests.Patrick Mills2022-12-061-0/+1
| | | | | | Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19752)
* QUIC Connection State Machine Design DocumentHugo Landau2022-12-031-0/+1
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19452)
* Implements Hybrid Public Key Encryption (HPKE) as per RFC9180.Stephen Farrell2022-11-251-0/+20
| | | | | | | | | | | | | | | | | | | | | | | This supports all the modes, suites and export mechanisms defined in RFC9180 and should be relatively easily extensible if/as new suites are added. The APIs are based on the pseudo-code from the RFC, e.g. OSS_HPKE_encap() roughly maps to SetupBaseS(). External APIs are defined in include/openssl/hpke.h and documented in doc/man3/OSSL_HPKE_CTX_new.pod. Tests (test/hpke_test.c) include verifying a number of the test vectors from the RFC as well as round-tripping for all the modes and suites. We have demonstrated interoperability with other HPKE implementations via a fork [1] that implements TLS Encrypted ClientHello (ECH) which uses HPKE. @slontis provided huge help in getting this done and this makes extensive use of the KEM handling code from his PR#19068. [1] https://github.com/sftcd/openssl/tree/ECH-draft-13c Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/17172)
* add missing OSSL_CMP_CTX_reset_geninfo_ITAVs() functionDr. David von Oheimb2022-11-251-0/+1
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19216)
* CMP: add API functions OSSL_CMP_CTX_get0_libctx() and OSSL_CMP_CTX_get0_propq()Dr. David von Oheimb2022-11-231-0/+2
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19715)
* Improve FIPS RSA keygen performance.slontis2022-11-211-0/+1
| | | | | | | | | | | | | | | | | | | | | | | FIPS 186-4 has 5 different algorithms for key generation, and all of them rely on testing GCD(a,n) == 1 many times. Cachegrind was showing that during a RSA keygen operation, the function BN_gcd() was taking a considerable percentage of the total cycles. The default provider uses multiprime keygen, which seemed to be much faster. This is because it uses BN_mod_inverse() instead. For a 4096 bit key, the entropy of a key that was taking a long time to generate was recorded and fed back into subsequent runs. Roughly 40% of the cycle time was BN_gcd() with most of the remainder in the prime testing. Changing to use the inverse resulted in the cycle count being 96% in the prime testing. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19578)
* Add doc for EVP_ASYM_CIPHER-RSA and clean up OSSL_PROVIDER-FIPS.pod.slontis2022-11-181-37/+0
| | | | | | | | | Removed fields from missingcrypto.txt that are no longer missing. Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19692)
* ParseC.pm: gracefully handle DOS-style end-of-line in source filesDr. David von Oheimb2022-11-181-1/+1
| | | | | | | | | | | | | | | When header files happen to have \r\n at line end, prevent hick-ups like: Unmatched parentheses at include/openssl/asn1.h line 520 make[1]: *** [Makefile:4757: util/libcrypto.num] Error 255 make[1]: *** Waiting for unfinished jobs.... make: *** [Makefile:3387: build_sw] Error 2 Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/19686)
* Rename SSL3_RECORD to TLS_RL_RECORDMatt Caswell2022-11-141-1/+1
| | | | | | | | | The SSL3 prefix no longer seems appropriate. We choose TLS_RL_RECORD instead of TLS_RECORD because that type already exists elsewhere. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
* Rename SSL3_BUFFER to TLS_BUFFERMatt Caswell2022-11-141-1/+1
| | | | | | | | The SSL3 prefix no longer seems appropriate. Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/19586)
View Lorry Controller Status