- 25 10月, 2023 14 次提交
-
-
由 Matt Caswell 提交于
The callback that makes -debug print the data sent/received needed extending for the new QUIC callback codes. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22480)
-
由 Tomas Mraz 提交于
In case the connection close error code is unexpected print out the reason to help with diagnostics. Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22474)
-
由 Pauli 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22500)
-
由 Tomas Mraz 提交于
There were intermitten failures on the test occasionally and 1s initial limit might be too short. Fixes #22424 Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22475)
-
由 Clemens Lang 提交于
The code did not yet check that the length of the RSA key is positive and even. Signed-off-by: NClemens Lang <cllang@redhat.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22403)
-
由 Ingo Franzki 提交于
Setup the loopargs array for all jobs, not only for the very first one. It may fail with "Could not allocate 0 bytes for sig sign loop" and/or will cause the loop functions to fail silently, because they operate on a NULL PKEY context when "-async_jobs <n>" is specified. Signed-off-by: NIngo Franzki <ifranzki@linux.ibm.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NTodd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/22399)
-
由 Ingo Franzki 提交于
Free the PKEYs created for KEM and signature algorithms. Free the encrypt/decrypt PKEY contexts for RSA. Signed-off-by: NIngo Franzki <ifranzki@linux.ibm.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NTodd Short <todd.short@me.com> (Merged from https://github.com/openssl/openssl/pull/22399)
-
由 slontis 提交于
Adds a Makefile with all, clean, and test targets. This has only been added for demos that already contain Makefiles. For problematic tests that require inputs, the test target does nothing. (Note: Demos should be self contained and not require unknown external inputs. This PR does not attempt to fix this.) Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20546)
-
由 Matt Caswell 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22473)
-
由 Matt Caswell 提交于
If a retry occurs we need to reset s->rlayer.wnum so that next time around we remember how much data we already sent. Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22473)
-
由 Matt Caswell 提交于
If a URXE cannot be processed yet then we add it to the urx_deferred list. Later, when they can be processed, we requeue them in the urx_pending list. We must not reverse the order when doing so. We want to process the URXEs in the order that they were received. Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTodd Short <todd.short@me.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22452)
-
由 Hugo Landau 提交于
Reviewed-by: NMatthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22405)
-
由 Hugo Landau 提交于
-
由 Nate Karstens 提交于
Added notes to OPENSSL_INIT_set_config_filename and OPENSSL_INIT_set_config_appname explaining why strdup is used instead of OPENSSL_strdup. CLA: trivial Co-authored-by: NJean Apolo <jean.apolo@garmin.com> Signed-off-by: NJean Apolo <jean.apolo@garmin.com> Signed-off-by: NNate Karstens <nate.karstens@garmin.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/21742)
-
- 24 10月, 2023 6 次提交
-
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Pauli 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Pauli 提交于
evp_cipher_init_internal() takes a params array argument and this is processed late in the initialisation process for some ciphers (AEAD ones). This means that changing the IV length as a parameter will either truncate the IV (very bad if SP 800-38d section 8.2.1 is used) or grab extra uninitialised bytes. Truncation is very bad if SP 800-38d section 8.2.1 is being used to contruct a deterministic IV. This leads to an instant loss of confidentiality. Grabbing extra bytes isn't so serious, it will most likely result in a bad decryption. Problem reported by Tony Battersby of Cybernetics.com but earlier discovered and raised as issue #19822. Fixes CVE-2023-5363 Fixes #19822 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org>
-
由 Tomas Mraz 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22430)
-
由 Matthias St. Pierre 提交于
The 'rand_generate' method is not well suited for being used with weak entropy sources in the 'get_entropy' callback, because the caller needs to provide a preallocated buffer without knowing how much bytes are actually needed to collect the required entropy. Instead we use the 'rand_get_seed' and 'rand_clear_seed' methods which were exactly designed for this purpose: it's the callee who allocates and fills the buffer, and finally cleans it up again. The 'rand_get_seed' and 'rand_clear_seed' methods are currently optional for a provided random generator. We could fall back to using 'rand_generate' if those methods are not implemented. However, imo it would be better to simply make them an officially documented requirement for seed sources. Fixes #22332 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22394)
-
由 Richard Levitte 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22394)
-
- 23 10月, 2023 20 次提交
-
-
由 Tomas Mraz 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22472)
-
由 Tomas Mraz 提交于
Reviewed-by: NTodd Short <todd.short@me.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22443)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Have a new job just to run the fuzz tests with fuzzing build mode enabled. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We allow the fuzzer to influence the time between different packets using the fake time capability. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We need to call quic_free() to free the record layer to ensure than any BIO that was already set is also freed. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Some builds that weren't doing fuzzing were defining this which makes no sense and is not appropriate for non-fuzzing builds. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Add a test for the recently added function OSSL_ERR_STATE_save_to_mark(). We can just modify the existing test_save_restore() to add this in. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
When calling qrx_relocate_buffer, both the rxe and the pointer to the token may be changing locations. We have to use a temporary copy of the token pointer to avoid referencing the old location of the rxe. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We shouldn't ever have the case where the data flags indicate that err_data has been malloc'd, but the err_data field is NULL. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We ignore such a bad signature when fuzzing - it will never be correct. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We accept a bad original destination connection id in the transport params while we are fuzzing since this may change every time. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Handle retryable errors from SSL_read(). Also ensure the underlying BIO handles the destination address capability. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-