| 2de7e1d6 | 19-Nov-2024 |
Neil Horman |
Fix SSL_write_[ex|ex2] on blocking quic streams
When writing to a blocking quic stream, we sometimes get duplicate
transmitted data. This occurs when a call to quic_write_blocking has t
Fix SSL_write_[ex|ex2] on blocking quic streams
When writing to a blocking quic stream, we sometimes get duplicate
transmitted data. This occurs when a call to quic_write_blocking has to
wait for space to become available in the ring buffer. When we do a
wait, the call sets *written to the value returned in args.total_written
as filled out by the calls to block_until_pred->quic_write_again.
However, the value there is based on the amount we requested, which is
only the remaining data that we didn't append in xso_sstream_write. So
if we call quic_write_blocking with a buffer of length X, and initially
append Y bytes, and write the remainig X-Y bytes via a block_until_pred
call, then *written will return with the value X-Y, even though we wrote
the full X bytes to the ring buffer.
Fix it by recording the initial amount appended into *written, and then
add the args.total_written value if we have to wait on more space
Fixes openssl/project#924
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26023)
show more ...
|
| 93bfe97c | 19-Nov-2024 |
Tomas Mraz |
sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start()
In case of memory allocation failure this
could happen.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Revi
sm2_sig_verify(): Do not call BN_CTX_end() without BN_CTX_start()
In case of memory allocation failure this
could happen.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25994)
show more ...
|
| 0c64b1ca | 16-Nov-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
add new keytype test for EVP_PKEY_Q_keygen
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
add new keytype test for EVP_PKEY_Q_keygen
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25972)
show more ...
|
| 47a80fd2 | 18-Nov-2024 |
Tomas Mraz |
pkeyutl.c: Avoid freeing pkey at multiple places
Also fixes a leak of pkey in error case for -verifyrecover.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dal
pkeyutl.c: Avoid freeing pkey at multiple places
Also fixes a leak of pkey in error case for -verifyrecover.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/25987)
show more ...
|
| 6f2c97d5 | 17-Nov-2024 |
spectre <137953859+Fare-spec@users.noreply.github.com> |
README.md: Fix typo. Change 'the are' to 'there are'
This pull request fixes a typo in the documentation.
The phrase "the are" has been corrected to "there are".
CLA: trivial
README.md: Fix typo. Change 'the are' to 'there are'
This pull request fixes a typo in the documentation.
The phrase "the are" has been corrected to "there are".
CLA: trivial
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25977)
show more ...
|
| 1a077b38 | 15-Nov-2024 |
Michael Baentsch <57787676+baentsch@users.noreply.github.com> |
s_cb.c: Move the negotiated group output
It needs to be always displayed not just with -brief.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openss
s_cb.c: Move the negotiated group output
It needs to be always displayed not just with -brief.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25959)
show more ...
|
| 4c41aa4b | 26-Oct-2024 |
wangcheng |
Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex.
1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_C
Add CTX copy function for EVP_MD to optimize the performance of EVP_MD_CTX_copy_ex.
1. Add OSSL_FUNC_digest_copyctx_fn function for EVP_MD, which is used to copy algctx from the old EVP_MD_CTX to the new one.
2. Add implementation of OSSL_FUNC_digest_copyctx_fn function for default providers.
3. Modify EVP_MD_CTX_copy_ex: When the fetched digest is the same in in and out contexts, use the copy function to copy the members in EVP_MD_CTX if the OSSL_FUNC_digest_copyctx_fn function exists. Otherwise, use the previous method to copy.
4. Add documentation for OSSL_FUNC_digest_copyctx function in doc/man7/provider-digest.pod.
5. Add testcase.
Fixes #25703
Signed-off-by: wangcheng <bangwangnj@163.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25726)
show more ...
|
| 9ca66fc2 | 09-Jul-2022 |
Dr. David von Oheimb |
x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1_issuer(), etc.
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merge
x509_vfy.c and x509_lu.c: refactor find_issuer(), X509_STORE_CTX_get1_issuer(), etc.
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18762)
show more ...
|
| 6a3d5b6e | 16-Oct-2024 |
Tomas Mraz |
os-zoo CI: Replace macos-12 run with macos-15
macos-12 runners will be removed in December.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.n
os-zoo CI: Replace macos-12 run with macos-15
macos-12 runners will be removed in December.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25715)
show more ...
|
| 63b67162 | 14-Oct-2024 |
Neil Horman |
Make ossl_trace_param_values an official api function
lots of people may want to print params to a buffer. Make it part of
our api
Reviewed-by: Matt Caswell <matt@openssl.org>
Make ossl_trace_param_values an official api function
lots of people may want to print params to a buffer. Make it part of
our api
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
| 4fec10ea | 06-Oct-2024 |
Neil Horman |
Add QUERY trace points
Adds trace messages for method store add/remove and fetch operations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.o
Add QUERY trace points
Adds trace messages for method store add/remove and fetch operations
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
| 3eed43f8 | 05-Oct-2024 |
Neil Horman |
Add a QUERY trace category
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630) |
| 11539fd7 | 05-Oct-2024 |
Neil Horman |
Add tracing messages to the provider api
Adds tracing messages to the
init/teardown/gettable_params/get_params/query/unquery operations for a
provider
Reviewed-by: Matt Casw
Add tracing messages to the provider api
Adds tracing messages to the
init/teardown/gettable_params/get_params/query/unquery operations for a
provider
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
| 193296ea | 04-Oct-2024 |
Neil Horman |
Adding a trace category for PROVIDER calls
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pu
Adding a trace category for PROVIDER calls
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25630)
show more ...
|
| 5c5b8d2d | 13-Nov-2024 |
Dmitry Misharov |
remove ternary from runs-on, security repo is hosted on github.com
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/
remove ternary from runs-on, security repo is hosted on github.com
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25939)
show more ...
|
| eaf4da97 | 11-Nov-2024 |
Alicja Kario |
man ECDSA_sign(3): fix wrong variable names
the parameters in the function definitions use `siglen` not `sig_len`,
this fixes the doc text.
Signed-off-by: Alicja Kario <hkario@r
man ECDSA_sign(3): fix wrong variable names
the parameters in the function definitions use `siglen` not `sig_len`,
this fixes the doc text.
Signed-off-by: Alicja Kario <hkario@redhat.com>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25927)
show more ...
|
| ef39dd05 | 07-Nov-2024 |
Andrew Dinh |
Change "a SSL" to "an SSL"
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25868) |
| 837f05fc | 11-Oct-2024 |
Tomas Mraz |
test_hashtable_multithread(): Stress it more
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/
test_hashtable_multithread(): Stress it more
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25669)
show more ...
|
| 9abd6ca6 | 11-Oct-2024 |
Tomas Mraz |
Use test_random() in hashtable mt test for reproducibility
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/op
Use test_random() in hashtable mt test for reproducibility
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Hugo Landau <hlandau@devever.net>
(Merged from https://github.com/openssl/openssl/pull/25669)
show more ...
|
| 577ec498 | 07-Oct-2024 |
Dr. David von Oheimb |
Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged
Fix doc and use of_X509v3_add_extensions() in case sk_X509_EXTENSION_num(exts) <= 0
Reviewed-by: Hugo Landau <hlandau@devever.net>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25631)
show more ...
|
| 15c6580a | 08-Nov-2024 |
Neil Horman |
Add test for SSL_stream_reset
Add a test to the quic_multistream test suite to reset a stream after
all data has been received by a given stream, ensuring that we don't
crash in the
Add test for SSL_stream_reset
Add a test to the quic_multistream test suite to reset a stream after
all data has been received by a given stream, ensuring that we don't
crash in the reset operation
Fixes #25410
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25910)
show more ...
|
| bbfffbca | 08-Nov-2024 |
Neil Horman |
Fix SSL_stream_reset for stream objects which have FIN bit set
When calling SSL_stream_reset on a QUIC stream object that has received
all data that is expected to be sent (i.e. when the
Fix SSL_stream_reset for stream objects which have FIN bit set
When calling SSL_stream_reset on a QUIC stream object that has received
all data that is expected to be sent (i.e. when the sender has sent a
STREAM frame with the FIN bit set), we encounter the following segfault:
Program received signal SIGSEGV, Segmentation fault.
0x00007ffff7f0bd28 in ossl_quic_sstream_get_final_size (qss=0x0, final_size=0x0) at ssl/quic/quic_sstream.c:273
273 if (!qss->have_final_size)
(gdb) bt
0) 0x00007ffff7f0bd28 in ossl_quic_sstream_get_final_size (qss=0x0, final_size=0x0) at ssl/quic/quic_sstream.c:273
1) 0x00007ffff7ef65bf in quic_validate_for_write (xso=0x5555555efcb0, err=0x7fffffffd5e0) at ssl/quic/quic_impl.c:2513
2) 0x00007ffff7ef8ae3 in ossl_quic_stream_reset (ssl=0x5555555efcb0, args=0x0, args_len=0) at ssl/quic/quic_impl.c:3657
3) 0x00007ffff7ebdaa6 in SSL_stream_reset (s=0x5555555efcb0, args=0x0, args_len=0) at ssl/ssl_lib.c:7635
4) 0x0000555555557527 in build_request_set (
req_list=0x55555555ebd0 "neil1.txt neil2.txt neil3.txt neil4.txt neil5.txt neil6.txt neil7.txt neil8.txt neil9.txt neil10.txt neil11.txt neil12.txt neil13.txt neil14.txt neil15.txt neil16.txt neil17.txt neil18.txt neil19.txt "..., ssl=0x5555555b6f80)
at demos/guide/quic-hq-interop.c:545
5) 0x00005555555587b2 in main (argc=4, argv=0x7fffffffe568) at demos/guide/quic-hq-interop.c:941
This occurs because:
1) When the stream FIN bit is set, the quic stack frees the underlying
stream structures immediately within the QUIC stack
and
2) when SSL_stream_reset is called, the call stack indicates we call
quic_validate_for_write, which attempts to access the
xso->stream->sstream QUIC_SSTREAM object, which was already freed in
(1)
The fix I think is pretty straightforward. On receipt of a STREAM frame
with a FIN bit set, the QUIC stack sets the QUIC_STREAM object state to
QUIC_SSTREAM_STATE_DATA_RECVD, which means we can use that state to
simply assert that the stream is valid for write, which allows it to be
reset properly.
Fixes #25410
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25910)
show more ...
|
| 21f6c3b4 | 22-Oct-2024 |
Tomas Mraz |
Adjustments for the on schedule workflows
Run them all after 02:00 UTC.
Add possibility to run them on workflow_dispatch.
Add branch 3.4 to the coveralls.yml.
Remove the branches
Adjustments for the on schedule workflows
Run them all after 02:00 UTC.
Add possibility to run them on workflow_dispatch.
Add branch 3.4 to the coveralls.yml.
Remove the branches from os-zoo.yml as it is
possible to run on them manually from workflow_dispatch.
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/25765)
show more ...
|
| 0abbd3e5 | 11-Nov-2024 |
Holger Dengler |
Fix memleaks in cmd_RecordPadding()
Free the internal copy of parameter `value` on each early
exit.
Fixes #25906
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Fix memleaks in cmd_RecordPadding()
Free the internal copy of parameter `value` on each early
exit.
Fixes #25906
Signed-off-by: Holger Dengler <dengler@linux.ibm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25926)
show more ...
|
| 1f7d2a28 | 12-Sep-2024 |
Jonathan M. Wilbur |
feat: define and use ossl_bio_print_hex
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pul
feat: define and use ossl_bio_print_hex
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25429)
show more ...
|
