- 23 10月, 2023 9 次提交
-
-
由 Matt Caswell 提交于
When calling qrx_relocate_buffer, both the rxe and the pointer to the token may be changing locations. We have to use a temporary copy of the token pointer to avoid referencing the old location of the rxe. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We shouldn't ever have the case where the data flags indicate that err_data has been malloc'd, but the err_data field is NULL. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We ignore such a bad signature when fuzzing - it will never be correct. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
We accept a bad original destination connection id in the transport params while we are fuzzing since this may change every time. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Handle retryable errors from SSL_read(). Also ensure the underlying BIO handles the destination address capability. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Matt Caswell 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
由 Kurt Roeckx 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22368)
-
- 20 10月, 2023 9 次提交
-
-
由 наб 提交于
Earlier today, it took me five manuals! to find what on earth the "Performance"/"EVP_MD_fetch(3)" crosslinks actually mean: EVP_sha1(3) crypto(7) EVP_MD_fetch(3) (but not there! don't read that!) OSSL_PROVIDER-default(7) EVP_MD-SHA1(7) If, instead, EVP_sha1(3) referenced EVP_MD-SHA1(7) at /all/, which it should do, since it's supposed to be what you're replacing it with, but it doesn't actually say that, maybe people would use it. I know I didn't because it's basically just deadass buried As found by git grep -l 'and should consider using' Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22420)
-
由 Matt Caswell 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22440)
-
由 Matt Caswell 提交于
struct timeval doesn't support nanosecs but OSSL_TIME does. We round up any nanosecs to ensure that a non-zero input always results in a non-zero output. This fixes a quic-client fuzzer hang. Fixes #22437 Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22440)
-
由 Hugo Landau 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22439)
-
由 Hugo Landau 提交于
Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22436)
-
由 Neil Horman 提交于
Creating JDK compatible pkcs12 files requires a bit more than just adding the Trusted Key Usage OID to a certbag in the pkcs12 file. Additionally the JDK currently requires that pkcs12 files setting this oid _not_ contain any additional keys, and in response will produce unpredictable results. This could be solved by implying --nokeys when the pkcs12 utility is run and the config option is set, but thatcould confuse users who didn't specify nokeys on the command line. As such, remove the config file setting for this feature, and replace it with a -jdktrust command line option, that is documented to assert nokeys when a users specifies the new command line option. Fixes #22215 Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22422)
-
由 Tomas Mraz 提交于
Return SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN with semantics similar to TLS connections. Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22408)
-
由 Tomas Mraz 提交于
The one in ch_rx_handle_packet() is a tuning thing -> QUIC FUTURE The one in ossl_quic_tserver_shutdown() is a server thing -> QUIC SERVER Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22408)
-
由 Matthias St. Pierre 提交于
The `get_user_{entropy,nonce}` callbacks were add recently to the dispatch table in commit 4cde7585. Instead of adding corresponding `cleanup_user_{entropy,nonce}` callbacks, the `cleanup_{entropy,nonce}` callbacks were reused. This can cause a problem in the case where the seed source is replaced by a provider: the buffer gets allocated by the provider but cleared by the core. Reviewed-by: NTomas Mraz <tomas@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22423)
-
- 19 10月, 2023 17 次提交
-
-
由 Matt Caswell 提交于
If the CC TX allowance is zero then we cannot send a PING frame at the moment, so do not take into account the ping deadline when calculating the tick deadline in that case. This avoids the hang found by the fuzzer mentioned in https://github.com/openssl/openssl/pull/22368#issuecomment-1765131727Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22410)
-
由 Matt Caswell 提交于
RFC 9000 s 17.2.5.2 says > After the client has received and processed an Initial or Retry packet > from the server, it MUST discard any subsequent Retry packets that it > receives. We were checking for multiple Retry packets, but not if we had already processed an Initial packet. Fixes the assertion failure noted in https://github.com/openssl/openssl/pull/22368#issuecomment-1765618884Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22411)
-
由 Tomas Mraz 提交于
Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22432)
-
由 Tomas Mraz 提交于
This is unnecessary and conceptualy wrong as headers from internal should not include headers from crypto Reviewed-by: NHugo Landau <hlandau@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22432)
-
由 Tomas Mraz 提交于
Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22318)
-
由 Tomas Mraz 提交于
Fixes #22306 Reviewed-by: NDavid von Oheimb <david.von.oheimb@siemens.com> Reviewed-by: NRichard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22318)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Hugo Landau 提交于
Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22369)
-
由 Neil Horman 提交于
Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22334)
-
由 Neil Horman 提交于
Its not required that crt params be available in an RSA key, so don't perform an error check on them Fixes #29135 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22334)
-
由 Neil Horman 提交于
Theres no reason we should gate ossl_rsa_todata on there being a minimum set of parameters. EVP_PKEY_todata makes no guarantees about the validity of a key, it only returns the parameters that are set in the requested key, whatever they may be. Remove the check. Fixes #21935 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22334)
-
由 Tomas Mraz 提交于
This makes them zeroes otherwise where NULLs actually mean the values aren't present. Fixes #21935 Reviewed-by: NRichard Levitte <levitte@openssl.org> Reviewed-by: NTom Cosgrove <tom.cosgrove@arm.com> (Merged from https://github.com/openssl/openssl/pull/22334)
-
- 18 10月, 2023 5 次提交
-
-
由 Neil Horman 提交于
external calls to OBJ_new_nid will fail on an attempt to lock the ossl_obj_nid_lock as it won't have been initalized yet. Bifurcate OBJ_new_nid into an external and internal variant, in which the former calls ossl_obj_write_lock (ensuring that the nid_lock is initalized), while OBJ_create (the sole internal caller) uses the latter to avoid having to drop and re-acquire the lock Fixes #22337 Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22350)
-
由 James Muir 提交于
Fixes #22225 In OBJ_nid2obj(), if the NID does not have an OID, then a pointer to the special "undefined" ASN1_OBJECT is returned. Check for the undefined-ASN1_OBJECT and return an error. Also, add a test for this in 80-test_cms.t. Testing: #!/bin/bash -x shopt -s expand_aliases alias openssl="LD_LIBRARY_PATH=~/git/openssl ~/git/openssl/apps/openssl" echo "This is a confidential message. It should be encrypted." > msg.txt ## this should fail b/c there is no OID for aes-256-ctr openssl cms -encrypt -in msg.txt -aes-256-ctr -out msg.txt.cms -recip demos/cms/signer.pem echo $? Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22392)
-
由 Pavel Stetsuk 提交于
CLA: trivial Reviewed-by: NPaul Dale <pauli@openssl.org> Reviewed-by: NMatt Caswell <matt@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22108)
-
由 Daiki Ueno 提交于
According to the manual page, EVP_PKEY_CTX_set0_rsa_oaep_label() should accept NULL as the label argument, though the function currently rejects it while setting the corresponding octet string parameter with OSSL_PARAM_construct_octet_string, which expects non-NULL input. This adds a workaround to the caller for backward compatibility. Signed-off-by: NDaiki Ueno <dueno@redhat.com> Reviewed-by: NDmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22397)
-
由 Dr. David von Oheimb 提交于
Reviewed-by: NViktor Dukhovni <viktor@openssl.org> Reviewed-by: NTomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/22390)
-