summaryrefslogtreecommitdiff
Commit message (Collapse)AuthorAgeFilesLines
...
* QUIC FIFD: Ensure QUIC_STREAM is updated after QUIC_SSTREAM lossHugo Landau2023-05-124-6/+46
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Fix locking in XSO code and fix testsHugo Landau2023-05-122-20/+37
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL, APL: Reject policy handlingHugo Landau2023-05-124-30/+107
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: SSL_accept_stream, SSL_get_accept_queue_lenHugo Landau2023-05-125-0/+161
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)Hugo Landau2023-05-126-0/+58
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_set_default_stream_mode, default XSO refactorHugo Landau2023-05-1210-56/+339
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get_stream_idHugo Landau2023-05-124-0/+29
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get_stream_typeHugo Landau2023-05-125-0/+53
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_is_connectionHugo Landau2023-05-122-0/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC DISPATCH/APL: Implement SSL_get0_connectionHugo Landau2023-05-125-0/+29
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Defer default XSO creationHugo Landau2023-05-122-25/+127
| | | | | | | | | | | | | | | | QUIC in single-stream mode could be used with a protocol where the server writes first or the client writes first. This determines whether the single stream would be client or server initiated, which affects the stream ID allocated to the stream. We should support both client-sends-first and server-sends-first application protocols. Thus, defer default XSO creation until the point in time at which we know whether a client-first or server-first application protocol is being used. We do this by taking whether SSL_read() or SSL_write() is called first as a cue. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC TSERVER: Add support for multiple streamsHugo Landau2023-05-125-35/+98
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL: Initialise state, FC credit for new streams correctlyHugo Landau2023-05-122-7/+91
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL: Handle incoming remotely-created streamsHugo Landau2023-05-126-14/+183
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Add stream creation APIsHugo Landau2023-05-126-3/+105
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Refactor stream-related code into QUIC_XSO objectHugo Landau2023-05-126-147/+274
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL: Handle any number of streamsHugo Landau2023-05-123-11/+77
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL: Store TPs for initial flow control in TX directionHugo Landau2023-05-122-13/+29
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL: Clarify role of RX TPs in preparation of storing TX TPsHugo Landau2023-05-122-6/+6
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC CHANNEL: Remove stream 0-specific codeHugo Landau2023-05-122-31/+0
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC APL: Create QUIC CHANNEL up front rather than deferring creationHugo Landau2023-05-121-60/+22
| | | | | | | | | | | | | | | | We switch to instantiating the QUIC_CHANNEL up front at QCSO instantiation time. This creates the QUIC_STREAM_MAP early and makes it easy for us to allocate streams prior to connection initiation. The role (client or server) is determined at QCSO allocation time and cannot be changed. SSL_set_connect/accept_state() are still modelled but their usage must be consistent with the chosen SSL_METHOD which dictates which role is being used. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC: Base client/server identity on SSL method, not ↵Hugo Landau2023-05-122-5/+14
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | SSL_set_connect/accept_state In QUIC, we have an architectural need (in future, when we implement 0-RTT, etc.) to be able to create streams before we start connecting. This requires we allocate a stream, including a stream ID, after creating a QCSO but prior to connecting. However stream IDs are dependent on whether the endpoint is in the client or server role, therefore we must know whether we are going to be a client or server before any pre-connection streams are created. Moreover, the originally defined QUIC_client_method() and QUIC_server_method() functions heavily implied the original plan was to have different SSL_METHODs for clients and servers. Up until now we had been relying on SSL_set_connect/accept_state() instead. Solve these problems by basing client/server identity on whether QUIC_server_method() is used (in future, when we support servers). This ensures that once a QCSO is created its client/server identity are fixed and cannot change, allowing pre-connection stream IDs, etc. to be allocated. Client/server uncertainty was the primary reason why QUIC_CHANNEL creation was deferred until connection time up until now, so this enables further refactoring to facilitate eager allocation of the QUIC_CHANNEL at QCSO allocation time. This is important as allocating a stream including its write buffers is hard without having the QUIC_CHANNEL (which owns the QUIC_STREAM_MAP) in existence. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC Dispatch: Update ssl_lib.c frontend to use new dispatch styleHugo Landau2023-05-121-96/+60
| | | | | | | | | | | This amends the dispatch code from ssl_lib.c to the QUIC API Personality Layer to use the new approach of dispatching using SSL object pointers rather than raw QUIC_CONNECTION pointers. This completes the said refactor. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC Dispatch: Add simple way to determine if SSL object is QUIC-relatedHugo Landau2023-05-121-0/+5
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC Dispatch: Refactor APL interface to use SSL pointers not QC pointersHugo Landau2023-05-122-218/+304
| | | | | | | | | | | | | | | | | | We now refactor the interface between ssl_lib.c frontend functions and the QUIC API Personality Layer so that the respective functions comprising the interface use SSL object pointers rather than raw QUIC_CONNECTION pointers. This is in preparation for stream support since once streams are supported, calls to e.g. ossl_quic_write() may be made on a QUIC_CONNECTION or a QUIC_XSO (that is, a stream object). Thus we take a uniform approach across all functions comprising the interface between the ssl_lib.c frontend and the QUIC API Personality Layer of using SSL pointers always. This provides a uniform approach and ensures that any function of the API personality layer can be easily adapted to support being called on a stream object in the future. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC Dispatch: Introduce the QUIC_XSO objectHugo Landau2023-05-124-14/+15
| | | | | | | | | | | | | | | | | | The QUIC_XSO (external stream object) is to a QUIC stream what a QUIC_CONNECTION is to a QUIC connection. Both are SSL objects. The QUIC_CONNECTION type is the internal representation of a QUIC connection SSL object (QCSO) and the QUIC_XSO type is the internal representation of a QUIC stream SSL object (QSSO) type. The name QUIC_XSO has been chosen to be distinct from the existing QUIC_STREAM type which is our existing internal stream type. QUIC_XSO is to a QUIC_STREAM what QUIC_CONNECTION is to a QUIC_CHANNEL; in other words, QUIC_CONNECTION and QUIC_XSO objects form part of the API personality layer, whereas QUIC_CHANNEL and QUIC_STREAM objects form part of the QUIC core and are distinct from the API personality layer. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* QUIC Dispatch: Enhance SSL object unwrapping functions (core)Hugo Landau2023-05-121-5/+88
| | | | | | | | | | | Uniform changes to all dispatch functions to use the new dispatch functionality follows this commit. Separated into a core commit and a commit containing the uniform pattern (monotonous) changes for ease of review. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20765)
* CMP client: fix checking new cert enrolled with oldcert and without private keyDr. David von Oheimb2023-05-128-36/+74
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* CMP client: fix error response on -csr without private key, also in docsDr. David von Oheimb2023-05-1210-21/+77
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* apps/openssl.cnf: fix reference to insta.ca.crtDr. David von Oheimb2023-05-122-4/+4
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com> (Merged from https://github.com/openssl/openssl/pull/20832)
* provider: return error if buf too small when getting ec pubkey paramYi Li2023-05-122-1/+23
| | | | | | | | | | | | | | | Fixes #20889 There was an incorrect value passed to EC_POINT_point2oct() for the buffer size of the param passed-in. Added testcases. Signed-off-by: Yi Li <yi1.li@intel.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20890)
* Fix typos found by codespellDimitri Papadopoulos2023-05-1214-28/+28
| | | | | | | | | | Fix only typos in doc/man* for inclusion in 3.* branches. Other typos have been fixed in a different commit. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20924)
* Clarify documentation of SSL_SESSION_dupWatson Ladd2023-05-121-2/+4
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20848)
* Clear ownership when duplicating sessionsWatson Ladd2023-05-122-2/+5
| | | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Todd Short <todd.short@me.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20848)
* ecp_nistp256.c: Fix exponent in commentJonas Lindstrøm2023-05-111-1/+1
| | | | | | | | CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20926)
* fix SSL_get_wbio may return rbio on quicihciah2023-05-111-1/+1
| | | | | | | | | CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20930)
* Fixed TLS1.3 handshake issue for legacy engine API.Yuan, Shuai2023-05-111-0/+4
| | | | | | | | Signed-off-by: Yuan, Shuai <shuai.yuan@intel.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20922)
* Fix a typo found by codespell in a variable nameDimitri Papadopoulos2023-05-111-5/+5
| | | | | | | | | | | The change is limited to a single C file. CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20912)
* restrict rsaBITS algorithm name check in speedMichael Baentsch2023-05-111-13/+19
| | | | | | Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20898)
* CMP app: fix deallocated host/port fields in APP_HTTP_TLS_INFODr. David von Oheimb2023-05-101-3/+9
| | | | | | | Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
* CMP app and app_http_tls_cb(): pick the right TLS hostname (also without port)Dr. David von Oheimb2023-05-102-3/+7
| | | | | | | | | Fixes #20031 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20034)
* Fix a typo found by codespell in a Makefile variableDimitri Papadopoulos2023-05-101-1/+1
| | | | | | | | | | | | I have no experience with building on Windows, so I don't know the effect of fixing this typo. I guess that this will fix a bug at worst. CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20911)
* DLTS → DTLSDimitri Papadopoulos2023-05-102-2/+2
| | | | | | | | | | | Fix a typo that is confusing for newcomers. CLA: trivial Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20909)
* Fix memory leak in engine_cleanup_add_first()Kovalev Vasiliy2023-05-091-2/+3
| | | | | | | | | Fixes #20870 Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20880)
* aes-gcm-armv8_64 asm support bigdianJerryDevis2023-05-091-206/+581
| | | | | | | | Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20489) (cherry picked from commit 32344a74b7ee2693a5bfda361c40ec60ab5be624)
* Fix stack use-after-free in QUICJuergen Christ2023-05-091-1/+1
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | When running test_quicapi on master on a Fedora 38 with santizier, a stack use-after-free is reported: ``` 75-test_quicapi.t .. ================================================================= ==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550 READ of size 8 at 0x03ffa22a2961 thread T0 #0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) #1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221 #2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813 #3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957 #4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290 #5 0x113d797 in read_state_machine ssl/statem/statem.c:712 #6 0x113d797 in state_machine ssl/statem/statem.c:478 #7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669 #8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717 #9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296 #10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79 #11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160 #12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273 #13 0x102b81d in test_quic_write_read test/quicapitest.c:54 #14 0x12035a9 in run_tests test/testutil/driver.c:370 #15 0x1013203 in main test/testutil/main.c:30 #16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e) #17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e) #18 0x101efb9 (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481) Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame #0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49 This frame has 1 object(s): [32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork (longjmp and C++ exceptions *are* supported) SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy Shadow bytes around the buggy address: 0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 =>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5 0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==28379==ABORTING ../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1 not ok 1 - running quicapitest ``` Fix this be making the protocols to select static constants and thereby moving them out of the stack frame of the callback function. Signed-off-by: Juergen Christ <jchrist@linux.ibm.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20904)
* Update the corpora submoduleMatt Caswell2023-05-081-0/+0
| | | | | | | | | | We update the corpora submodule to include a fuzz testcase for the conf timeout. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20839)
* Prevent a fuzzing timeout in the conf fuzzerMatt Caswell2023-05-081-0/+17
| | | | | | | | | | | | | The fuzzer was creating a config file with large numbers of includes which are expensive to process. However this should not cause a security issue, and should never happen in normal operation so we can ignore it. Fixes ossfuzz issue 57718. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20839)
* Don't attempt a QUIC connection without specifying ALPNMatt Caswell2023-05-081-0/+4
| | | | | | | | | ALPN is required for a successful QUIC connection, so do not allow the -quic option for s_client without -alpn Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
* Add some documentation for the new QUIC mode in s_clientMatt Caswell2023-05-082-0/+18
| | | | | | | | Also mentions the new FIN command in s_client advance mode Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20580)
View Lorry Controller Status