openssl

Commit Graph

Author	SHA1	Message	Date
Alexandr Nedvedicky	d777deffba	- adding a missing file Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023)	2025-07-27 04:48:28 -04:00
sashan	a43b926fd2	- fix RFC reference and indentation Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023)	2025-07-27 04:48:28 -04:00
Sashan	b083613476	Update ssl/quic/quic_ackm.c Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023)	2025-07-27 04:48:28 -04:00
Sashan	4a3c954a0c	Update ssl/quic/quic_ackm.c Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023)	2025-07-27 04:48:28 -04:00
sashan	cdbfacead0	ACK manager must avoid infinite probe time when waiting handshake confirmation According to RFC 9002, section 6.2.2.1 the client the client must keep PTO (probe time out) armed if it has not seen HANDSHAKE_DONE quic message from server. Not following RFC spec here may cause the QUIC session to stale during TLS handshake. Fixes openssl/project#1266 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023)	2025-07-27 04:48:28 -04:00
Alexandr Nedvedicky	e6c20588ef	QUIC receiver may accidentally ACK packet it fails to process we set ok to -1 as we enter ossl_quic_handle_frames(). If we set ok to 0 here we effectively assume successful processing of all frames found in packet. We do this just before we return from function: ``` 1479 1480 /* Now that special cases are out of the way, parse frames / 1481 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len) 1482 \|\| !depack_process_frames(ch, &pkt, qpacket, 1483 enc_level, 1484 qpacket->time, 1485 &ackm_data)) 1486 goto end; 1487 1488 ok = 1; 1489 end: 1490 / 1491 * ASSUMPTION: If this function is called at all, \|qpacket\| is 1492 * a legitimate packet, even if its contents aren't. 1493 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as 1494 * \|ackm_data\| has at least been initialized. 1495 */ 1496 if (ok >= 0) 1497 ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); 1498 1499 return ok > 0; ``` if the call to `depack_process_frames()` at line 1492 fails, because barticualr frame in packet is corrupted/invalid we take a branch to `end:` goto target. In this case we must avoid the call to `ossl_ackm_on_rx_packet()`. Packet with malformed/invalid frame must not be accepted. See RFC 9000 section 13.1: Once the packet has been fully processed, a receiver acknowledges receipt by sending one or more ACK frames containing the packet number of the received packet. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28002)	2025-07-10 12:05:44 +02:00
Andrew Dinh	74a0ec3c08	Add stream type flags to SSL_accept_stream Introduces SSL_ACCEPT_STREAM_UNI and SSL_ACCEPT_STREAM_BIDI flags to SSL_accept_stream, allowing callers to specify whether to accept only unidirectional or bidirectional streams. Returns the first of its type from the queue Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27883)	2025-07-02 20:55:24 -04:00
Tomas Mraz	abdbad370c	libssl: Silence warnings on Win64 builds Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27806)	2025-07-02 17:26:26 +02:00
Alexis Goodfellow	52dba1c098	Begin incorporating stdbool usage when json encoding Run-checker daily / run-checker (-DSSL3_ALIGN_PAYLOAD=4) (push) Has been cancelled Details Run-checker daily / run-checker (386) (push) Has been cancelled Details Run-checker daily / run-checker (enable-crypto-mdebug) (push) Has been cancelled Details Run-checker daily / run-checker (enable-crypto-mdebug-backtrace) (push) Has been cancelled Details Run-checker daily / run-checker (enable-demos) (push) Has been cancelled Details Run-checker daily / run-checker (enable-ec_nistp_64_gcc_128) (push) Has been cancelled Details Run-checker daily / run-checker (enable-egd) (push) Has been cancelled Details Run-checker daily / run-checker (enable-fips enable-acvp-tests) (push) Has been cancelled Details Run-checker daily / run-checker (enable-fips no-des no-dsa no-ec2m) (push) Has been cancelled Details Run-checker daily / run-checker (enable-fips no-tls1_3) (push) Has been cancelled Details Run-checker daily / run-checker (enable-fips) (push) Has been cancelled Details Run-checker daily / run-checker (enable-h3demo) (push) Has been cancelled Details Run-checker daily / run-checker (enable-heartbeats) (push) Has been cancelled Details Run-checker daily / run-checker (enable-hqinterop) (push) Has been cancelled Details Run-checker daily / run-checker (enable-md2) (push) Has been cancelled Details Run-checker daily / run-checker (enable-rc5) (push) Has been cancelled Details Run-checker daily / run-checker (enable-ssl3) (push) Has been cancelled Details Run-checker daily / run-checker (enable-ssl3-method) (push) Has been cancelled Details Run-checker daily / run-checker (enable-sslkeylog) (push) Has been cancelled Details Run-checker daily / run-checker (enable-tfo) (push) Has been cancelled Details Run-checker daily / run-checker (enable-trace) (push) Has been cancelled Details Run-checker daily / run-checker (enable-unit-test) (push) Has been cancelled Details Run-checker daily / run-checker (enable-zlib-dynamic) (push) Has been cancelled Details Run-checker daily / run-checker (no-afalgeng) (push) Has been cancelled Details Run-checker daily / run-checker (no-apps) (push) Has been cancelled Details Run-checker daily / run-checker (no-aria) (push) Has been cancelled Details Run-checker daily / run-checker (no-asan) (push) Has been cancelled Details Run-checker daily / run-checker (no-asm) (push) Has been cancelled Details Run-checker daily / run-checker (no-async) (push) Has been cancelled Details Run-checker daily / run-checker (no-atexit) (push) Has been cancelled Details Run-checker daily / run-checker (no-autoalginit) (push) Has been cancelled Details Run-checker daily / run-checker (no-autoerrinit) (push) Has been cancelled Details Run-checker daily / run-checker (no-autoload-config) (push) Has been cancelled Details Run-checker daily / run-checker (no-bf) (push) Has been cancelled Details Run-checker daily / run-checker (no-blake2) (push) Has been cancelled Details Run-checker daily / run-checker (no-buildtest-c++) (push) Has been cancelled Details Run-checker daily / run-checker (no-bulk) (push) Has been cancelled Details Run-checker daily / run-checker (no-cached-fetch) (push) Has been cancelled Details Run-checker daily / run-checker (no-camellia) (push) Has been cancelled Details Run-checker daily / run-checker (no-capieng) (push) Has been cancelled Details Run-checker daily / run-checker (no-cast) (push) Has been cancelled Details Run-checker daily / run-checker (no-chacha) (push) Has been cancelled Details Run-checker daily / run-checker (no-cmac) (push) Has been cancelled Details Run-checker daily / run-checker (no-comp) (push) Has been cancelled Details Run-checker daily / run-checker (no-ct) (push) Has been cancelled Details Run-checker daily / run-checker (no-deprecated) (push) Has been cancelled Details Run-checker daily / run-checker (no-des) (push) Has been cancelled Details Run-checker daily / run-checker (no-docs) (push) Has been cancelled Details Run-checker daily / run-checker (no-dsa) (push) Has been cancelled Details Run-checker daily / run-checker (no-dtls1) (push) Has been cancelled Details Run-checker daily / run-checker (no-dtls1-method) (push) Has been cancelled Details Run-checker daily / run-checker (no-dtls1_2) (push) Has been cancelled Details Run-checker daily / run-checker (no-dtls1_2-method) (push) Has been cancelled Details Run-checker daily / run-checker (no-ecdh) (push) Has been cancelled Details Run-checker daily / run-checker (no-ecdsa) (push) Has been cancelled Details Run-checker daily / run-checker (no-engine) (push) Has been cancelled Details Run-checker daily / run-checker (no-gost) (push) Has been cancelled Details Run-checker daily / run-checker (no-hw) (push) Has been cancelled Details Run-checker daily / run-checker (no-hw-padlock) (push) Has been cancelled Details Run-checker daily / run-checker (no-idea) (push) Has been cancelled Details Run-checker daily / run-checker (no-makedepend) (push) Has been cancelled Details Run-checker daily / run-checker (no-md4) (push) Has been cancelled Details Run-checker daily / run-checker (no-mdc2) (push) Has been cancelled Details Run-checker daily / run-checker (no-msan) (push) Has been cancelled Details Run-checker daily / run-checker (no-multiblock) (push) Has been cancelled Details Run-checker daily / run-checker (no-nextprotoneg) (push) Has been cancelled Details Run-checker daily / run-checker (no-ocb) (push) Has been cancelled Details Run-checker daily / run-checker (no-padlockeng) (push) Has been cancelled Details Run-checker daily / run-checker (no-pic) (push) Has been cancelled Details Run-checker daily / run-checker (no-poly1305) (push) Has been cancelled Details Run-checker daily / run-checker (no-posix-io) (push) Has been cancelled Details Run-checker daily / run-checker (no-psk) (push) Has been cancelled Details Run-checker daily / run-checker (no-rc2) (push) Has been cancelled Details Run-checker daily / run-checker (no-rdrand) (push) Has been cancelled Details Run-checker daily / run-checker (no-rfc3779) (push) Has been cancelled Details Run-checker daily / run-checker (no-ripemd) (push) Has been cancelled Details Run-checker daily / run-checker (no-rmd160) (push) Has been cancelled Details Run-checker daily / run-checker (no-scrypt) (push) Has been cancelled Details Run-checker daily / run-checker (no-secure-memory) (push) Has been cancelled Details Run-checker daily / run-checker (no-seed) (push) Has been cancelled Details Run-checker daily / run-checker (no-shared) (push) Has been cancelled Details Run-checker daily / run-checker (no-siphash) (push) Has been cancelled Details Run-checker daily / run-checker (no-siv) (push) Has been cancelled Details Run-checker daily / run-checker (no-sm2) (push) Has been cancelled Details Run-checker daily / run-checker (no-sm2-precomp) (push) Has been cancelled Details Run-checker daily / run-checker (no-sm3) (push) Has been cancelled Details Run-checker daily / run-checker (no-sm4) (push) Has been cancelled Details Run-checker daily / run-checker (no-sock) (push) Has been cancelled Details Run-checker daily / run-checker (no-sse2) (push) Has been cancelled Details Run-checker daily / run-checker (no-ssl) (push) Has been cancelled Details Run-checker daily / run-checker (no-static-engine no-shared) (push) Has been cancelled Details Run-checker daily / run-checker (no-tests) (push) Has been cancelled Details Run-checker daily / run-checker (no-tls1) (push) Has been cancelled Details Run-checker daily / run-checker (no-tls1-method) (push) Has been cancelled Details Run-checker daily / run-checker (no-tls1_1) (push) Has been cancelled Details Run-checker daily / run-checker (no-tls1_1-method) (push) Has been cancelled Details Run-checker daily / run-checker (no-tls1_2-method) (push) Has been cancelled Details Run-checker daily / run-checker (no-ubsan) (push) Has been cancelled Details Run-checker daily / run-checker (no-ui-console) (push) Has been cancelled Details Run-checker daily / run-checker (no-uplink) (push) Has been cancelled Details Run-checker daily / run-checker (no-weak-ssl-ciphers) (push) Has been cancelled Details Run-checker daily / run-checker (no-whirlpool) (push) Has been cancelled Details Run-checker daily / run-checker-sctp (push) Has been cancelled Details Run-checker daily / enable_brotli_dynamic (push) Has been cancelled Details Run-checker daily / enable_zstd_dynamic (push) Has been cancelled Details Run-checker daily / enable_brotli_and_zstd_dynamic (push) Has been cancelled Details Run-checker daily / enable_brotli_and_asan_ubsan (push) Has been cancelled Details Run-checker daily / enable_zstd_and_asan_ubsan (push) Has been cancelled Details Run-checker daily / enable_tfo (macos-13) (push) Has been cancelled Details Run-checker daily / enable_tfo (macos-14) (push) Has been cancelled Details Run-checker daily / enable_tfo (ubuntu-latest) (push) Has been cancelled Details Run-checker daily / enable_buildtest (push) Has been cancelled Details Run-checker daily / memory_sanitizer_slh_dsa (push) Has been cancelled Details Build openssl interop container from master / update_quay_container (push) Has been cancelled Details OS Zoo CI / alpine (clang, edge) (push) Has been cancelled Details OS Zoo CI / alpine (clang, latest) (push) Has been cancelled Details OS Zoo CI / alpine (gcc, edge) (push) Has been cancelled Details OS Zoo CI / alpine (gcc, latest) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/centos:8 install:sed -i 's/mirrorlist/#mirrorlist/g' /etc/yum.repos.d/CentOS-* && \ sed -i 's\|#baseurl=http://mirror.centos.org\|baseurl=http://vault.centos.org\|g' /etc/yum.repos.d/CentOS-* && \ dnf install -y gcc make… (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/debian:10 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/debian:11 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/debian:12 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/fedora:38 install:dnf install -y gcc make perl-core]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/fedora:39 install:dnf install -y gcc make perl-core]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/rockylinux:8 install:dnf install -y gcc make perl-core]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/rockylinux:9 install:dnf install -y gcc make perl-core]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/ubuntu:20.04 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled Details OS Zoo CI / linux (map[image:docker.io/library/ubuntu:22.04 install:apt-get update && apt-get install -y gcc make perl]) (push) Has been cancelled Details OS Zoo CI / macos (macos-13) (push) Has been cancelled Details OS Zoo CI / macos (macos-14) (push) Has been cancelled Details OS Zoo CI / macos (macos-15) (push) Has been cancelled Details OS Zoo CI / windows (windows-2022) (push) Has been cancelled Details OS Zoo CI / windows (windows-2025) (push) Has been cancelled Details OS Zoo CI / linux-arm64 (push) Has been cancelled Details OS Zoo CI / linux-ppc64le (push) Has been cancelled Details OS Zoo CI / linux-s390x (push) Has been cancelled Details OS Zoo CI / linux-riscv64 (push) Has been cancelled Details OS Zoo CI / freebsd-x86_64 (push) Has been cancelled Details Interoperability tests with GnuTLS and NSS / test (gnutls) (push) Has been cancelled Details Interoperability tests with GnuTLS and NSS / test (nss) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.0, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.0, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.0, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.0, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.0, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.0, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.2, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.2, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.2, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.2, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.2, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.2, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.3, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.3, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.3, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.3, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.3, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.3, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.4, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.4, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.4, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.4, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.4, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.4, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.5, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.5, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.5, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.5, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.5, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-3.5, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-master, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-master, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-master, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-master, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-master, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (branch-master, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.0, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.8, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.0.9, branch-master) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.0) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.2) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.3) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.4) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-3.5) (push) Has been cancelled Details Provider compatibility across versions / cross-testing (openssl-3.1.2, branch-master) (push) Has been cancelled Details Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Kurt Roeckx <kurt@roeckx.be> (Merged from https://github.com/openssl/openssl/pull/27812)	2025-06-13 11:26:46 -04:00
Andrew Dinh	9bad2b86e8	Reset qtls->local_transport_params_consumed to 0 on SSL_clear() GitHub CI / check_update (push) Waiting to run Details GitHub CI / check_docs (push) Waiting to run Details GitHub CI / check-c99 (push) Waiting to run Details GitHub CI / basic_gcc (push) Waiting to run Details GitHub CI / basic_clang (push) Waiting to run Details GitHub CI / linux-arm64 (push) Waiting to run Details GitHub CI / freebsd-x86_64 (push) Waiting to run Details GitHub CI / minimal (push) Waiting to run Details GitHub CI / no-deprecated (push) Waiting to run Details GitHub CI / no-shared-ubuntu (push) Waiting to run Details GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details GitHub CI / non-caching (push) Waiting to run Details GitHub CI / address_ub_sanitizer (push) Waiting to run Details GitHub CI / fuzz_tests (push) Waiting to run Details GitHub CI / memory_sanitizer (push) Waiting to run Details GitHub CI / threads_sanitizer (push) Waiting to run Details GitHub CI / enable_non-default_options (push) Waiting to run Details GitHub CI / full_featured (push) Waiting to run Details GitHub CI / no-legacy (push) Waiting to run Details GitHub CI / legacy (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details GitHub CI / external-tests-misc (push) Waiting to run Details GitHub CI / external-tests-oqs-provider (push) Waiting to run Details GitHub CI / external-tests-pkcs11-provider (push) Waiting to run Details GitHub CI / external-tests-pyca (3.9) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details CIFuzz / Fuzzing (push) Waiting to run Details Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details Run-checker CI / run-checker (no-cms) (push) Waiting to run Details Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details Run-checker CI / run-checker (no-dh) (push) Waiting to run Details Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details Run-checker CI / run-checker (no-ec) (push) Waiting to run Details Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details Run-checker CI / run-checker (no-http) (push) Waiting to run Details Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-dsa) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-kem) (push) Waiting to run Details Run-checker CI / run-checker (no-quic) (push) Waiting to run Details Run-checker CI / run-checker (no-sock) (push) Waiting to run Details Run-checker CI / run-checker (no-ssl-trace) (push) Waiting to run Details Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-threads) (push) Waiting to run Details Run-checker CI / run-checker (no-tls) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details Run-checker CI / run-checker (no-ui) (push) Waiting to run Details Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details Run-checker merge / run-checker (no-dso) (push) Waiting to run Details Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details Run-checker merge / run-checker (no-err) (push) Waiting to run Details Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (no-module) (push) Waiting to run Details Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details Run-checker merge / run-checker (no-srp) (push) Waiting to run Details Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details Run-checker merge / run-checker (no-ts) (push) Waiting to run Details Run-checker merge / jitter (push) Waiting to run Details Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run Details Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details Windows GitHub CI / minimal (windows-2019) (push) Waiting to run Details Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details Windows Compression GitHub CI / zstd (push) Waiting to run Details Windows Compression GitHub CI / brotli (push) Waiting to run Details Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27656)	2025-06-03 18:29:21 +02:00
Norbert Pocs	258d3a695e	quic_tls.c: Precede double free on EVP_MD variable When external quic implementation is used, the variable is not used and double free happens whe the yield_secret_cb fails. Resolves: #27504 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27713)	2025-05-30 06:44:38 -04:00
Neil Horman	99ea6b3843	Add NULL check in ossl_quic_get_peer_token GitHub CI / check_update (push) Waiting to run Details GitHub CI / check_docs (push) Waiting to run Details GitHub CI / check-ansi (push) Waiting to run Details GitHub CI / basic_gcc (push) Waiting to run Details GitHub CI / basic_clang (push) Waiting to run Details GitHub CI / linux-arm64 (push) Waiting to run Details GitHub CI / freebsd-x86_64 (push) Waiting to run Details GitHub CI / minimal (push) Waiting to run Details GitHub CI / no-deprecated (push) Waiting to run Details GitHub CI / no-shared-ubuntu (push) Waiting to run Details GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details GitHub CI / non-caching (push) Waiting to run Details GitHub CI / address_ub_sanitizer (push) Waiting to run Details GitHub CI / fuzz_tests (push) Waiting to run Details GitHub CI / memory_sanitizer (push) Waiting to run Details GitHub CI / threads_sanitizer (push) Waiting to run Details GitHub CI / enable_non-default_options (push) Waiting to run Details GitHub CI / full_featured (push) Waiting to run Details GitHub CI / no-legacy (push) Waiting to run Details GitHub CI / legacy (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details GitHub CI / external-tests-misc (push) Waiting to run Details GitHub CI / external-tests-providers (push) Waiting to run Details GitHub CI / external-tests-pyca (3.9) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details CIFuzz / Fuzzing (push) Waiting to run Details Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details Run-checker CI / run-checker (no-cms) (push) Waiting to run Details Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details Run-checker CI / run-checker (no-dh) (push) Waiting to run Details Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details Run-checker CI / run-checker (no-ec) (push) Waiting to run Details Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details Run-checker CI / run-checker (no-http) (push) Waiting to run Details Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-dsa) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-kem) (push) Waiting to run Details Run-checker CI / run-checker (no-quic) (push) Waiting to run Details Run-checker CI / run-checker (no-sock) (push) Waiting to run Details Run-checker CI / run-checker (no-ssl-trace) (push) Waiting to run Details Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-threads) (push) Waiting to run Details Run-checker CI / run-checker (no-tls) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details Run-checker CI / run-checker (no-ui) (push) Waiting to run Details Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details Run-checker merge / run-checker (no-dso) (push) Waiting to run Details Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details Run-checker merge / run-checker (no-err) (push) Waiting to run Details Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (no-module) (push) Waiting to run Details Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details Run-checker merge / run-checker (no-srp) (push) Waiting to run Details Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details Run-checker merge / run-checker (no-ts) (push) Waiting to run Details Run-checker merge / jitter (push) Waiting to run Details Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run Details Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details Windows GitHub CI / minimal (windows-2019) (push) Waiting to run Details Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details Windows Compression GitHub CI / zstd (push) Waiting to run Details Windows Compression GitHub CI / brotli (push) Waiting to run Details If a peer address hasn't been set on a quic channel yet, we will not yield a token from our hashtable of available tokens. Fail the get_peer_token lookup in that event Fixes #27608 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27610)	2025-05-15 08:28:39 -04:00
Matt Caswell	d56f9b4d89	Fix memory management in port_make_channel GitHub CI / check_update (push) Waiting to run Details GitHub CI / check_docs (push) Waiting to run Details GitHub CI / check-ansi (push) Waiting to run Details GitHub CI / basic_gcc (push) Waiting to run Details GitHub CI / basic_clang (push) Waiting to run Details GitHub CI / linux-arm64 (push) Waiting to run Details GitHub CI / freebsd-x86_64 (push) Waiting to run Details GitHub CI / minimal (push) Waiting to run Details GitHub CI / no-deprecated (push) Waiting to run Details GitHub CI / no-shared-ubuntu (push) Waiting to run Details GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details GitHub CI / non-caching (push) Waiting to run Details GitHub CI / address_ub_sanitizer (push) Waiting to run Details GitHub CI / fuzz_tests (push) Waiting to run Details GitHub CI / memory_sanitizer (push) Waiting to run Details GitHub CI / threads_sanitizer (push) Waiting to run Details GitHub CI / enable_non-default_options (push) Waiting to run Details GitHub CI / full_featured (push) Waiting to run Details GitHub CI / no-legacy (push) Waiting to run Details GitHub CI / legacy (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details GitHub CI / external-tests-misc (push) Waiting to run Details GitHub CI / external-tests-providers (push) Waiting to run Details GitHub CI / external-tests-pyca (3.9) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details CIFuzz / Fuzzing (push) Waiting to run Details Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details Run-checker CI / run-checker (no-cms) (push) Waiting to run Details Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details Run-checker CI / run-checker (no-dh) (push) Waiting to run Details Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details Run-checker CI / run-checker (no-ec) (push) Waiting to run Details Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details Run-checker CI / run-checker (no-http) (push) Waiting to run Details Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-dsa) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-kem) (push) Waiting to run Details Run-checker CI / run-checker (no-quic) (push) Waiting to run Details Run-checker CI / run-checker (no-sock) (push) Waiting to run Details Run-checker CI / run-checker (no-ssl-trace) (push) Waiting to run Details Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-threads) (push) Waiting to run Details Run-checker CI / run-checker (no-tls) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details Run-checker CI / run-checker (no-ui) (push) Waiting to run Details Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details Run-checker merge / run-checker (no-dso) (push) Waiting to run Details Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details Run-checker merge / run-checker (no-err) (push) Waiting to run Details Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (no-module) (push) Waiting to run Details Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details Run-checker merge / run-checker (no-srp) (push) Waiting to run Details Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details Run-checker merge / run-checker (no-ts) (push) Waiting to run Details Run-checker merge / jitter (push) Waiting to run Details Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run Details Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details Windows GitHub CI / minimal (windows-2019) (push) Waiting to run Details Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details Windows Compression GitHub CI / zstd (push) Waiting to run Details Windows Compression GitHub CI / brotli (push) Waiting to run Details Also make port_new_handshake_layer processing clearer. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27562)	2025-05-07 15:08:21 +02:00
sashan	0e41862899	ossl_json_f64() seems to be unused, remove it to avoid libm dependency Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27434)	2025-04-29 19:38:27 +02:00
Matt Caswell	cb5bb8916f	Fix errors on SSL_accept() and SSL_get_error() Calling SSL_accept() was raising two errors on the stack if you passed the wrong object type. Similarly SSL_get_error() was adding an error to the stack if the wrong object type was passed and returning the wrong result. We also ensure SSL_set_accept_state() and SSL_set_connect_state() don't raise spurious errors since these are void functions. Fixes #27347 Fixes #27348 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27351)	2025-04-24 20:10:44 +02:00
Matt Caswell	38bf6f3036	Fix SSL_accept() If you have a QUIC server SSL connection object, you should be able to call SSL_accept() on it. Fixes #27282 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27283)	2025-04-14 08:52:18 +01:00
Matt Caswell	4efd1a2682	Prevent SSL_poll from reporting a stream as writeable if it isn't The CWM might prevent a stream from being writeable. We should not report a stream as writeable if there is no credit. Fixes #27312 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27319)	2025-04-11 07:57:54 +01:00
Samson S. Kolge	5341e271d9	Fix SSL_new() with QUIC_server_method and improve formatting (Fixes #27255 ) Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27264)	2025-04-05 09:06:24 -04:00
Andrew Ioanoviciu	50f945117c	port_init(): Security hardening for token key GitHub CI / check_update (push) Waiting to run Details GitHub CI / check_docs (push) Waiting to run Details GitHub CI / check-ansi (push) Waiting to run Details GitHub CI / basic_gcc (push) Waiting to run Details GitHub CI / basic_clang (push) Waiting to run Details GitHub CI / linux-arm64 (push) Waiting to run Details GitHub CI / freebsd-x86_64 (push) Waiting to run Details GitHub CI / minimal (push) Waiting to run Details GitHub CI / no-deprecated (push) Waiting to run Details GitHub CI / no-shared-ubuntu (push) Waiting to run Details GitHub CI / no-shared-macos (macos-13) (push) Waiting to run Details GitHub CI / no-shared-macos (macos-14) (push) Waiting to run Details GitHub CI / non-caching (push) Waiting to run Details GitHub CI / address_ub_sanitizer (push) Waiting to run Details GitHub CI / fuzz_tests (push) Waiting to run Details GitHub CI / memory_sanitizer (push) Waiting to run Details GitHub CI / threads_sanitizer (push) Waiting to run Details GitHub CI / enable_non-default_options (push) Waiting to run Details GitHub CI / full_featured (push) Waiting to run Details GitHub CI / no-legacy (push) Waiting to run Details GitHub CI / legacy (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-ubuntu (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-13) (push) Waiting to run Details GitHub CI / out-of-readonly-source-and-install-macos (macos-14) (push) Waiting to run Details GitHub CI / external-tests-misc (push) Waiting to run Details GitHub CI / external-tests-providers (push) Waiting to run Details GitHub CI / external-tests-pyca (3.9, 1.51.0) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-13 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-14 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-15 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-16 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:clang-17 distro:ubuntu-22.04 llvm-ppa-name:jammy]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-10 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-11 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-12 distro:ubuntu-22.04]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-13 distro:ubuntu-22.04 gcc-ppa-name:ubuntu-toolchain-r/test]) (push) Waiting to run Details Compiler Zoo CI / compiler (map[cc:gcc-9 distro:ubuntu-22.04]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:aarch64-linux-gnu fips:no libs:libc6-dev-arm64-cross target:linux-aarch64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:alpha-linux-gnu fips:no libs:libc6.1-dev-alpha-cross target:linux-alpha-gcc]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabi fips:no libs:libc6-dev-armel-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:arm-linux-gnueabihf fips:no libs:libc6-dev-armhf-cross target:linux-armv4 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu fips:no libs:libc6-dev-hppa-cross target:-static -O1 linux-generic32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:hppa-linux-gnu libs:libc6-dev-hppa-cross target:linux-generic32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:i386-pc-msdosdjgpp libs:libc-djgpp-dev libwatt-djgpp-dev djgpp-utils ppa:jwt27/djgpp-toolchain target:no-threads 386 DJGPP tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu fips:no libs:libc6-dev-m68k-cross target:-static -m68040 linux-latomic -Wno-stringop-overflow tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:m68k-linux-gnu libs:libc6-dev-m68k-cross target:-mcfv4e -mxgot linux-latomic -Wno-stringop-overflow no-quic tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu fips:no libs:libc6-dev-mips-cross target:-static linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips-linux-gnu libs:libc6-dev-mips-cross target:linux-mips32 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 fips:no libs:libc6-dev-mips64-cross target:-static linux64-mips64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mips64-linux-gnuabi64 libs:libc6-dev-mips64-cross target:linux64-mips64 tests:none]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:mipsel-linux-gnu fips:no libs:libc6-dev-mipsel-cross target:linux-mips32 tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:powerpc64le-linux-gnu fips:no libs:libc6-dev-ppc64el-cross target:linux-ppc64le]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:riscv64-linux-gnu fips:no libs:libc6-dev-riscv64-cross target:linux64-riscv64]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:s390x-linux-gnu fips:no libs:libc6-dev-s390x-cross target:linux64-s390x -Wno-stringop-overflow]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sh4-linux-gnu fips:no libs:libc6-dev-sh4-cross target:no-async linux-latomic tests:-test_includes -test_store -test_x509_store]) (push) Waiting to run Details Cross Compile / cross-compilation (map[arch:sparc64-linux-gnu libs:libc6-dev-sparc64-cross target:linux64-sparcv9 tests:none]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:afl-clang-fast config:enable-fuzz-afl no-module install:afl++ name:AFL]) (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function -fsanitize-coverage=trace-cmp -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION extra:enable-fips enable-ec_nistp_64_gcc_128 -fno-sanitize=alignment ena… (push) Waiting to run Details Fuzz-checker CI / fuzz-checker (map[cc:clang-18 config:enable-fuzz-libfuzzer enable-asan enable-ubsan -fno-sanitize=function install:libfuzzer-18-dev libs:--with-fuzzer-lib=/usr/lib/llvm-18/lib/libFuzzer.a --with-fuzzer-include=/usr/include/clang/18/include/fuzzer linke… (push) Waiting to run Details CIFuzz / Fuzzing (push) Waiting to run Details Run-checker CI / run-checker (enable-trace enable-fips) (push) Waiting to run Details Run-checker CI / run-checker (no-cmp) (push) Waiting to run Details Run-checker CI / run-checker (no-cms) (push) Waiting to run Details Run-checker CI / run-checker (no-default-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-dgram) (push) Waiting to run Details Run-checker CI / run-checker (no-dh) (push) Waiting to run Details Run-checker CI / run-checker (no-dtls) (push) Waiting to run Details Run-checker CI / run-checker (no-ec) (push) Waiting to run Details Run-checker CI / run-checker (no-ecx) (push) Waiting to run Details Run-checker CI / run-checker (no-http) (push) Waiting to run Details Run-checker CI / run-checker (no-legacy) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-dsa) (push) Waiting to run Details Run-checker CI / run-checker (no-ml-kem) (push) Waiting to run Details Run-checker CI / run-checker (no-quic) (push) Waiting to run Details Run-checker CI / run-checker (no-sock) (push) Waiting to run Details Run-checker CI / run-checker (no-ssl-trace) (push) Waiting to run Details Run-checker CI / run-checker (no-stdio) (push) Waiting to run Details Run-checker CI / run-checker (no-thread-pool) (push) Waiting to run Details Run-checker CI / run-checker (no-threads) (push) Waiting to run Details Run-checker CI / run-checker (no-tls) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_2) (push) Waiting to run Details Run-checker CI / run-checker (no-tls1_3) (push) Waiting to run Details Run-checker CI / run-checker (no-ui) (push) Waiting to run Details Run-checker merge / run-checker (enable-asan enable-ubsan no-shared no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-pie) (push) Waiting to run Details Run-checker merge / run-checker (enable-ubsan no-asm -DOPENSSL_SMALL_FOOTPRINT -fno-sanitize=function) (push) Waiting to run Details Run-checker merge / run-checker (enable-weak-ssl-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (enable-zlib) (push) Waiting to run Details Run-checker merge / run-checker (no-dso) (push) Waiting to run Details Run-checker merge / run-checker (no-dynamic-engine) (push) Waiting to run Details Run-checker merge / run-checker (no-ec2m enable-fips) (push) Waiting to run Details Run-checker merge / run-checker (no-engine no-shared) (push) Waiting to run Details Run-checker merge / run-checker (no-err) (push) Waiting to run Details Run-checker merge / run-checker (no-filenames) (push) Waiting to run Details Run-checker merge / run-checker (no-integrity-only-ciphers) (push) Waiting to run Details Run-checker merge / run-checker (no-module) (push) Waiting to run Details Run-checker merge / run-checker (no-ocsp) (push) Waiting to run Details Run-checker merge / run-checker (no-pinshared) (push) Waiting to run Details Run-checker merge / run-checker (no-srp) (push) Waiting to run Details Run-checker merge / run-checker (no-srtp) (push) Waiting to run Details Run-checker merge / run-checker (no-ts) (push) Waiting to run Details Run-checker merge / jitter (push) Waiting to run Details Run-checker merge / threads_sanitizer_atomic_fallback (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win32 config:--strict-warnings no-fips os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips no-thread-pool no-quic os:windows-2022]) (push) Waiting to run Details Windows GitHub CI / shared (map[arch:win64 config:enable-fips os:windows-2019]) (push) Waiting to run Details Windows GitHub CI / plain (windows-2022) (push) Waiting to run Details Windows GitHub CI / minimal (windows-2019) (push) Waiting to run Details Windows GitHub CI / cygwin (windows-2019, map[arch:win64 config:-DCMAKE_C_COMPILER=gcc --strict-warnings enable-demos no-fips]) (push) Waiting to run Details Windows Compression GitHub CI / zstd (push) Waiting to run Details Windows Compression GitHub CI / brotli (push) Waiting to run Details Trigger docs.openssl.org deployment / trigger (push) Has been cancelled Details Used RAND_priv_bytes_ex instead of RAND_bytes_ex to guarantee higher isolation for cryptographic keys. Replaced OPENSSL_free with OPENSSL_clear_free to wipe sensitive data and free it. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Yang <kaishen.yy@antfin.com> (Merged from https://github.com/openssl/openssl/pull/27029)	2025-03-27 10:44:09 +01:00
Bernd Edlinger	9f85a036e3	Try to fix reported qlog issues Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27089)	2025-03-24 20:20:14 +01:00
Tomas Mraz	83b11af017	qlog_event_helpers.c: Fix inverted condition We want to skip up to PACKET_remaining() and not "at least" PACKET_remaining() bytes. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27138)	2025-03-24 15:22:56 +01:00
Matt Caswell	207cd5bb97	Fix the use of CCM ciphersuites with QUIC TLS API Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091)	2025-03-20 11:24:26 +01:00
Matt Caswell	228a26fde4	Always use NULL BIOs when using the QUIC TLS API Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091)	2025-03-20 11:24:26 +01:00
Matt Caswell	4ad45969b0	Don't decrement the unreleased counter if we failed to release a record In a failure situation we may incorrectly decrement the amount of data released. Only decrement the counter if we successfully released. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091)	2025-03-20 11:24:26 +01:00
openssl-machine	0c679f5566	Copyright year updates Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-03-12 13:35:59 +00:00
Neil Horman	9a308a89a4	Orphan packets from qrx It may occur that the qrx we allocate in port_default_packet handler to do AEAD validation isn't the one the channel ultimately uses (like if we turn off address validation). In that event, we need to ensure that anything we have on that qrx isn't returned to its free list to avoid early freeing when we free the qrx at the end of port_default_packet_handler, while those frames are still pending on the channel qrx Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27004)	2025-03-09 18:44:53 +01:00
Neil Horman	8f74d8cee3	If our server channel creates its own qrx, set its initial secret With the addition of larger client hellos, stemming from the use of larger PQC key shares, it may happen that we get a client hello accross multiple datagrams. Normally this is not a problem as port_default_packet_handler allocates a qrx and initializes its initial secret immediately. But if server address validation is disabled, then the channel creates the qrx in port_bind_channel itself, without initial secrets. As a result, we validate the first datagram in port_default_packet_handler, but the subsequent datagrams containing the remaining client hello fragments fail decode. Fix it by ensuring that we add the initial secret in port_bind_channel if we don't give it a preconfigured qrx Fixes openssl/project#1131 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27006)	2025-03-07 21:56:34 -05:00
Andrew Dinh	442f1958e8	QUIC NULL checks - Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029 - Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030 - Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643141 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26916)	2025-02-27 10:23:38 -05:00
Alexandr Nedvedicky	395a83a617	Fix read out of buffer bounds when dealing with BIO_ADDR This issue was discoevered while I was testing SSL_new_from_listener() using a newly created unit test. It has turned out the QUIC stack at few places contain pattern as follows: foo(QUIC_WHATEVER q, BIO_ADDR a) { q->a = *a; } The problem is that derefencning a that way is risky. If the address `a` comes from BIO_lookup_ex() it may actually be shorter than sizeof(BIO_ADDR). Using BIO_ADDR_copy() is the right thing to do here. Fixes #26241 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26252)	2025-02-25 15:55:46 +01:00
Tomas Mraz	87b5aa737d	Rename fnv1a_hash() to ossl_fnv1a_hash() It is no longer static. Also add it to libssl only with quic enabled. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26882)	2025-02-25 15:45:42 +01:00
Alexandr Nedvedicky	96075a6a40	Fix AEAD validation of initial packets in port The interoperability tests disable client ip address validation done by RETRY packet. All tests done in CI take code path which sends a retry packet. The first initial packet sent by client uses a different initial encryption level keys to protect packet integrity. The keys are derived from DCID chosen by client. When server accepts connection on behalf of initial packet, the 'DCID' gets changed which means the initial level encryption keys are changing too. So when server skips sending a retry packet, it must forget the qrx which was used to validate initial packet sent by client. Forgetting qrx is not straightforward, we must salvage the unencrypted packets left there after they were validated. Those unencrypted packets must be injected to newly created channel. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26808)	2025-02-25 12:05:10 +01:00
Alexandr Nedvedicky	c14ae04613	Perform initial AEAD validation before creating a channel We let port to create qrx object and use it for packet validation. If packet validates, we then create channel and pass pre-created qrx to channel's constructor. Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26808)	2025-02-25 12:04:09 +01:00
Andrew Dinh	cec0659fa4	Coverity fixes Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643042 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643047 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643089 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643091 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643095 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26845)	2025-02-25 08:55:26 +01:00
Neil Horman	17d2fd0752	Use siphash to implement lcidm hash function Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26849)	2025-02-22 13:23:16 -05:00
Neil Horman	6a9a9480a7	Update LCIDM lookups to include hash keys In preparation for using siphash in our hash function Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26849)	2025-02-22 13:23:16 -05:00
Neil Horman	3e3942b42f	Add random hash key value to lcidm struct This is in preparation for using siphash to compute lcidm hash table values Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26849)	2025-02-22 13:23:16 -05:00
Andrew Dinh	704c3d3cd2	Various NULL checks Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643035 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643039 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643041 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643044 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643045 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643046 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26840)	2025-02-21 15:07:27 -05:00
Cheng Zhang	db2c54cc92	Added new API to enable 0-RTT for 3rd party QUIC stacks. Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26842)	2025-02-21 12:01:30 +01:00
Andrew Dinh	3820f2da7c	NULL checks for QUIC code Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643033 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643032 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643031 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26825)	2025-02-20 08:13:02 -05:00
Neil Horman	8b0fbe224a	Add ssl_unwrap.h to quic_tls_api.c Needed after the macro re-arranging performed on the quic-server branch Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26762)	2025-02-17 11:27:34 -05:00
Neil Horman	b360611ad6	Readd the inclusion of quic_record_util.h to quic_tls.c Some refactoring on master removed the inclusion of quic_local.h from ssl_local.h, which quic_tls.c needed on the server branch to pull in the QRL_SUITE_AES128GCM and simmilar definitions. Fix it by specifcially adding quic_record_util.h into quic_tls.c, as we only need a few defines from that header. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26762)	2025-02-17 11:27:34 -05:00
Neil Horman	473e6bcb2c	Fixup conflict between 3rd party quic-tls api and quic-server Build.info changes between quic-server and master occured here, resolve them. Can't do it as a fixup as the conficting changes have already been merged to master Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26762)	2025-02-17 11:27:34 -05:00
Alexandr Nedvedicky	9eee58cce4	Backout validation of initial packet done by port_default_packet_handler() QUIC interoperability tests discovered bugs in my earlier commit #59e7c2313be7cff. This change reverts everything out. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26748)	2025-02-17 11:27:34 -05:00
Alexandr Nedvedicky	c82c1dbbbb	Perform initial AEAD validation before creating a channel We let port to create qrx object and use it for packet validation. If packet validates, we then create channel and pass pre-created qrx to channel's constructor. Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26610)	2025-02-17 11:27:34 -05:00
Neil Horman	5177484f19	Fix ossl_quic_trace to fetch connection short conn id len ossl_quic_trace currently fails to get the connection id when parsing a short header. now that we have an api to get the known length, go ahead and use that to parse the header properly Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26592)	2025-02-17 11:27:34 -05:00
Neil Horman	5b808e1d80	Add api to fetch short conn id len from a given channel/tserver Need an api to fetch the configured conn id len for short headers, add that in here Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26592)	2025-02-17 11:27:34 -05:00
Neil Horman	7d5426c703	Move handling of connection close frames to QUIC FUTURE There is a corner case in handling connection close frames for which RFC guidance is unclear. Given that, move addressing it to QUIC FUTURE Fixes openssl/project#1075 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26593)	2025-02-17 11:27:34 -05:00
Neil Horman	3f06ebcfe3	Eliminate SSL_LISTENER_FLAG_NO_ACCEPT flag in QUIC We've not implemented it yet, and don't need it for MVP, so move the TODO's to QUIC FUTURE and remove the docs for it. Fixes openssl/project#1074 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26593)	2025-02-17 11:27:34 -05:00
Neil Horman	a6f3110318	Move EAGAIN handling of QUIC retry/verneg frames to QUIC FUTURE Fixes openssl/project#1072 Fixes openssl/project#1073 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26593)	2025-02-17 11:27:34 -05:00
Neil Horman	a08e9aec1d	Move implementation of RETIRE CONN ID frames to QUIC FUTURE Fixes openssl/project#1071 Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26593)	2025-02-17 11:27:34 -05:00

1 2 3 4 5 ...

856 Commits