diff options
Diffstat (limited to 'include')
| -rw-r--r-- | include/crypto/slh_dsa.h | 2 | ||||
| -rw-r--r-- | include/internal/quic_record_rx.h | 11 | ||||
| -rw-r--r-- | include/openssl/crypto.h.in | 8 | ||||
| -rw-r--r-- | include/openssl/opensslv.h.in | 9 | ||||
| -rw-r--r-- | include/openssl/proverr.h | 1 | ||||
| -rw-r--r-- | include/openssl/self_test.h | 1 |
6 files changed, 21 insertions, 11 deletions
diff --git a/include/crypto/slh_dsa.h b/include/crypto/slh_dsa.h index cf1e21215f9e..75b928638309 100644 --- a/include/crypto/slh_dsa.h +++ b/include/crypto/slh_dsa.h @@ -23,9 +23,11 @@ typedef struct slh_dsa_hash_ctx_st SLH_DSA_HASH_CTX; typedef struct slh_dsa_key_st SLH_DSA_KEY; +__owur OSSL_LIB_CTX *ossl_slh_dsa_key_get0_libctx(const SLH_DSA_KEY *key); __owur SLH_DSA_KEY *ossl_slh_dsa_key_new(OSSL_LIB_CTX *libctx, const char *propq, const char *alg); void ossl_slh_dsa_key_free(SLH_DSA_KEY *key); +void ossl_slh_dsa_key_reset(SLH_DSA_KEY *key); __owur SLH_DSA_KEY *ossl_slh_dsa_key_dup(const SLH_DSA_KEY *src, int selection); __owur int ossl_slh_dsa_key_equal(const SLH_DSA_KEY *key1, const SLH_DSA_KEY *key2, int selection); diff --git a/include/internal/quic_record_rx.h b/include/internal/quic_record_rx.h index 8e0cd6a2c927..24143f91f2f3 100644 --- a/include/internal/quic_record_rx.h +++ b/include/internal/quic_record_rx.h @@ -168,6 +168,17 @@ int ossl_qrx_provide_secret(OSSL_QRX *qrx, size_t secret_len); /* + * Utility function to update the pn space from a src to a dst qrx. + * Occasionally we use a temporary qrx to do packet validation on quic frames + * that are not yet associated with a channel, and in the event a validation is + * successful AND we allocate a new qrx for the newly created channel, we need + * to migrate the largest_pn values recorded in the tmp qrx to the channel qrx. + * If we don't then PN decoding fails in cases where the initial PN is a large value. + * This function does that migration for us + */ +void ossl_qrx_update_pn_space(OSSL_QRX *src, OSSL_QRX *dst); + +/* * Informs the QRX that it can now discard key material for a given EL. The QRX * will no longer be able to process incoming packets received at that * encryption level. This function is idempotent and succeeds if the EL has diff --git a/include/openssl/crypto.h.in b/include/openssl/crypto.h.in index e0ace5e5a064..c98f5215d54b 100644 --- a/include/openssl/crypto.h.in +++ b/include/openssl/crypto.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1995-2024 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1995-2025 The OpenSSL Project Authors. All Rights Reserved. * Copyright (c) 2002, Oracle and/or its affiliates. All rights reserved * * Licensed under the Apache License 2.0 (the "License"). You may not use @@ -335,9 +335,9 @@ OSSL_CRYPTO_ALLOC void *CRYPTO_zalloc(size_t num, const char *file, int line); OSSL_CRYPTO_ALLOC void *CRYPTO_aligned_alloc(size_t num, size_t align, void **freeptr, const char *file, int line); -OSSL_CRYPTO_ALLOC void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strdup(const char *str, const char *file, int line); -OSSL_CRYPTO_ALLOC char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); +void *CRYPTO_memdup(const void *str, size_t siz, const char *file, int line); +char *CRYPTO_strdup(const char *str, const char *file, int line); +char *CRYPTO_strndup(const char *str, size_t s, const char *file, int line); void CRYPTO_free(void *ptr, const char *file, int line); void CRYPTO_clear_free(void *ptr, size_t num, const char *file, int line); void *CRYPTO_realloc(void *addr, size_t num, const char *file, int line); diff --git a/include/openssl/opensslv.h.in b/include/openssl/opensslv.h.in index 3f47a2ac08f0..e547281ff527 100644 --- a/include/openssl/opensslv.h.in +++ b/include/openssl/opensslv.h.in @@ -1,7 +1,7 @@ /* * {- join("\n * ", @autowarntext) -} * - * Copyright 1999-2020 The OpenSSL Project Authors. All Rights Reserved. + * Copyright 1999-2025 The OpenSSL Project Authors. All Rights Reserved. * * Licensed under the Apache License 2.0 (the "License"). You may not use * this file except in compliance with the License. You can obtain a copy @@ -90,16 +90,11 @@ extern "C" { # define OPENSSL_VERSION_TEXT "OpenSSL {- "$config{full_version} $config{release_date}" -}" /* Synthesize OPENSSL_VERSION_NUMBER with the layout 0xMNN00PPSL */ -# ifdef OPENSSL_VERSION_PRE_RELEASE -# define _OPENSSL_VERSION_PRE_RELEASE 0x0L -# else -# define _OPENSSL_VERSION_PRE_RELEASE 0xfL -# endif # define OPENSSL_VERSION_NUMBER \ ( (OPENSSL_VERSION_MAJOR<<28) \ |(OPENSSL_VERSION_MINOR<<20) \ |(OPENSSL_VERSION_PATCH<<4) \ - |_OPENSSL_VERSION_PRE_RELEASE ) + |{- @config{prerelease} ? "0x0L" : "0xfL" -} ) # ifdef __cplusplus } diff --git a/include/openssl/proverr.h b/include/openssl/proverr.h index 0d61b733dc59..10bcd427800f 100644 --- a/include/openssl/proverr.h +++ b/include/openssl/proverr.h @@ -49,6 +49,7 @@ # define PROV_R_FINAL_CALL_OUT_OF_ORDER 237 # define PROV_R_FIPS_MODULE_CONDITIONAL_ERROR 227 # define PROV_R_FIPS_MODULE_ENTERING_ERROR_STATE 224 +# define PROV_R_FIPS_MODULE_IMPORT_PCT_ERROR 253 # define PROV_R_FIPS_MODULE_IN_ERROR_STATE 225 # define PROV_R_GENERATE_ERROR 191 # define PROV_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 165 diff --git a/include/openssl/self_test.h b/include/openssl/self_test.h index c4439cb28715..6c81cef4c300 100644 --- a/include/openssl/self_test.h +++ b/include/openssl/self_test.h @@ -31,6 +31,7 @@ extern "C" { # define OSSL_SELF_TEST_TYPE_CRNG "Continuous_RNG_Test" # define OSSL_SELF_TEST_TYPE_PCT "Conditional_PCT" # define OSSL_SELF_TEST_TYPE_PCT_KAT "Conditional_KAT" +# define OSSL_SELF_TEST_TYPE_PCT_IMPORT "Import_PCT" # define OSSL_SELF_TEST_TYPE_KAT_INTEGRITY "KAT_Integrity" # define OSSL_SELF_TEST_TYPE_KAT_CIPHER "KAT_Cipher" # define OSSL_SELF_TEST_TYPE_KAT_ASYM_CIPHER "KAT_AsymmetricCipher" |