Serverinfo #1
Closed
Serverinfo #1
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 6 commits
May 12, 2013 18:55
Author
|
Fixed the above nits, and removed ifdefs for OPENSSL_NO_SERVERINFO. Regarding the FIXME in ssl_rsa.c: it would be possible to do extra checking for known types, like SignedCertificateTimestamps, but you could probably do that more easily than me. Note that OPENSSL_NO_TLSEXT doesn't actually compile (not the fault of this patch), and the 5878 authz code is still left in. These things should probably change, I'd be happy to work on them after this gets in. |
apps/s_client.c
Outdated
Contributor
There was a problem hiding this comment.
|in| should be const.
You assume USHRT_MAX is 65535.
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Dec 31, 2024
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #26269)
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #26269)
(cherry picked from commit e63e889)
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #26269)
(cherry picked from commit e63e889)
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #26269)
(cherry picked from commit e63e889)
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #26269)
(cherry picked from commit e63e889)
openssl-machine
pushed a commit
that referenced
this pull request
Jan 6, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from #26269)
(cherry picked from commit e63e889)
bernd-edlinger
added a commit
to bernd-edlinger/openssl
that referenced
this pull request
Jan 8, 2025
Here the undefined value "npa" was passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#26269)
(cherry picked from commit e63e889)
simo5
pushed a commit
to simo5/openssl
that referenced
this pull request
Feb 13, 2025
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection 5.5 "PKCS openssl#1" says: "For RSASSA-PSS […] the length (in bytes) of the salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of the hash function output block (in bytes)." It is not exactly clear from this text whether hLen refers to the message digest or the hash function used for the mask generation function MGF1. PKCS#1 v2.1 suggests it is the former: | Typical salt lengths in octets are hLen (the length of the output of | the hash function Hash) and 0. In both cases the security of | RSASSA-PSS can be closely related to the hardness of inverting RSAVP1. | Bellare and Rogaway [4] give a tight lower bound for the security of | the original RSA-PSS scheme, which corresponds roughly to the former | case, while Coron [12] gives a lower bound for the related Full Domain | Hashing scheme, which corresponds roughly to the latter case. In [13] | Coron provides a general treatment with various salt lengths ranging | from 0 to hLen; see [27] for discussion. See also [31], which adapts | the security proofs in [4][13] to address the differences between the | original and the present version of RSA-PSS as listed in Note 1 above. Since OpenSSL defaults to creating signatures with the maximum salt length, blocking the use of longer salts would probably lead to significant problems in practice. Instead, introduce an explicit indicator that can be obtained from the EVP_PKEY_CTX object using EVP_PKEY_CTX_get_params() with the OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR parameter. We also add indicator for RSA_NO_PADDING here to avoid patch-over-patch. Dmitry Belyavskiy <dbelyavs@redhat.com> Signed-off-by: Clemens Lang <cllang@redhat.com> From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
simo5
pushed a commit
to simo5/openssl
that referenced
this pull request
Feb 14, 2025
FIPS 186-4 section 5 "The RSA Digital Signature Algorithm", subsection 5.5 "PKCS openssl#1" says: "For RSASSA-PSS […] the length (in bytes) of the salt (sLen) shall satisfy 0 ≤ sLen ≤ hLen, where hLen is the length of the hash function output block (in bytes)." It is not exactly clear from this text whether hLen refers to the message digest or the hash function used for the mask generation function MGF1. PKCS#1 v2.1 suggests it is the former: | Typical salt lengths in octets are hLen (the length of the output of | the hash function Hash) and 0. In both cases the security of | RSASSA-PSS can be closely related to the hardness of inverting RSAVP1. | Bellare and Rogaway [4] give a tight lower bound for the security of | the original RSA-PSS scheme, which corresponds roughly to the former | case, while Coron [12] gives a lower bound for the related Full Domain | Hashing scheme, which corresponds roughly to the latter case. In [13] | Coron provides a general treatment with various salt lengths ranging | from 0 to hLen; see [27] for discussion. See also [31], which adapts | the security proofs in [4][13] to address the differences between the | original and the present version of RSA-PSS as listed in Note 1 above. Since OpenSSL defaults to creating signatures with the maximum salt length, blocking the use of longer salts would probably lead to significant problems in practice. Instead, introduce an explicit indicator that can be obtained from the EVP_PKEY_CTX object using EVP_PKEY_CTX_get_params() with the OSSL_SIGNATURE_PARAM_REDHAT_FIPS_INDICATOR parameter. We also add indicator for RSA_NO_PADDING here to avoid patch-over-patch. Dmitry Belyavskiy <dbelyavs@redhat.com> Signed-off-by: Clemens Lang <cllang@redhat.com> From-dist-git-commit: 4334bc837fbc64d14890fdc51679a80770d498ce
Closed
Sashan
pushed a commit
to Sashan/openssl
that referenced
this pull request
Apr 23, 2025
Here the undefined value "npa" passed to a function
WPACKET_sub_memcpy_u16(pkt, npa, npalen).
However the value is not really used, because "npalen" is zero,
but the call statememt itself is considered an invalid operation
by the new sanitizer.
The original sanitizer error report was:
==49175==WARNING: MemorySanitizer: use-of-uninitialized-value
#0 0x55a276b29d6f in tls_construct_stoc_next_proto_neg /home/runner/work/openssl/openssl/ssl/statem/extensions_srvr.c:1518:21
openssl#1 0x55a276b15d7d in tls_construct_extensions /home/runner/work/openssl/openssl/ssl/statem/extensions.c:909:15
openssl#2 0x55a276b513dc in tls_construct_server_hello /home/runner/work/openssl/openssl/ssl/statem/statem_srvr.c:2471:10
openssl#3 0x55a276b2e160 in write_state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:896:26
openssl#4 0x55a276b2e160 in state_machine /home/runner/work/openssl/openssl/ssl/statem/statem.c:490:21
openssl#5 0x55a276b2f562 in ossl_statem_accept /home/runner/work/openssl/openssl/ssl/statem/statem.c:309:12
openssl#6 0x55a276a9f867 in SSL_do_handshake /home/runner/work/openssl/openssl/ssl/ssl_lib.c:4890:19
openssl#7 0x55a276a9f605 in SSL_accept /home/runner/work/openssl/openssl/ssl/ssl_lib.c:2169:12
openssl#8 0x55a276a3d4db in create_bare_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1281:24
openssl#9 0x55a276a3d7cb in create_ssl_connection /home/runner/work/openssl/openssl/test/helpers/ssltestlib.c:1350:10
openssl#10 0x55a276a64c0b in test_npn /home/runner/work/openssl/openssl/test/sslapitest.c:12266:14
openssl#11 0x55a276b9fc20 in run_tests /home/runner/work/openssl/openssl/test/testutil/driver.c:377:21
openssl#12 0x55a276ba0b10 in main /home/runner/work/openssl/openssl/test/testutil/main.c:31:15
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from openssl#26269)
npajkovsky
pushed a commit
to npajkovsky/openssl
that referenced
this pull request
Jul 29, 2025
the self_test_digest_sig() test fails when EC PCT is enabled because ossl_ec_key_pairwise_check() consumes entropy when generator * priv_key = pub_key is calculated in EC_POINT_mul(). #0 RAND_priv_bytes_ex openssl#1 bnrand openssl#2 BN_priv_rand_ex openssl#3 ec_GF2m_simple_ladder_pre openssl#4 ec_point_ladder_pre openssl#5 ossl_ec_scalar_mul_ladder openssl#6 ec_GF2m_simple_points_mul openssl#7 EC_POINT_mul openssl#8 ossl_ec_key_pairwise_check which led to the different signature then expected in the ecdsa_prime_expected_sig. Moving set_kat_drbg() after the EVP_PKEY_fromdata() fixed the problem. Fixes openssl/project#1302 Signed-off-by: Nikola Pajkovsky <nikolap@openssl.org>
andrewkdinh
added a commit
to andrewkdinh/openssl
that referenced
this pull request
Aug 5, 2025
openssl-machine
pushed a commit
that referenced
this pull request
Aug 9, 2025
The new malloc failure test caught an asan error in this code: Direct leak of 40 byte(s) in 1 object(s) allocated from: 2025-08-07T03:22:20.3655117Z #0 0x7fb88d8fd9c7 in malloc ../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:69 2025-08-07T03:22:20.3655796Z #1 0x5584f0e4670a in CRYPTO_malloc crypto/mem.c:211 2025-08-07T03:22:20.3656291Z #2 0x5584f0e4679d in CRYPTO_zalloc crypto/mem.c:231 2025-08-07T03:22:20.3657040Z #3 0x5584f11c4c10 in EVP_RAND_CTX_new crypto/evp/evp_rand.c:353 2025-08-07T03:22:20.3657656Z #4 0x5584f0e93b27 in rand_new_drbg crypto/rand/rand_lib.c:666 2025-08-07T03:22:20.3658289Z #5 0x5584f0e949d0 in rand_get0_public crypto/rand/rand_lib.c:843 2025-08-07T03:22:20.3658914Z #6 0x5584f0e9305b in RAND_bytes_ex crypto/rand/rand_lib.c:490 2025-08-07T03:22:20.3659486Z #7 0x5584f0b2405f in SSL_CTX_new_ex ssl/ssl_lib.c:4191 2025-08-07T03:22:20.3660183Z #8 0x5584f0ae313c in create_ssl_ctx_pair test/helpers/ssltestlib.c:958 2025-08-07T03:22:20.3660871Z #9 0x5584f0adeaf6 in do_handshake test/handshake-memfail.c:56 2025-08-07T03:22:20.3661539Z #10 0x5584f0adee50 in test_alloc_failures test/handshake-memfail.c:125 2025-08-07T03:22:20.3662161Z #11 0x5584f0cd9da8 in run_tests test/testutil/driver.c:342 2025-08-07T03:22:20.3662664Z #12 0x5584f0cda9e5 in main test/testutil/main.c:31 2025-08-07T03:22:20.3663450Z #13 0x7fb88d42a1c9 (/lib/x86_64-linux-gnu/libc.so.6+0x2a1c9) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f) 2025-08-07T03:22:20.3664630Z #14 0x7fb88d42a28a in __libc_start_main (/lib/x86_64-linux-gnu/libc.so.6+0x2a28a) (BuildId: 282c2c16e7b6600b0b22ea0c99010d2795752b5f) 2025-08-07T03:22:20.3666608Z #15 0x5584f0ade864 in _start (/home/runner/work/openssl/openssl/test/handshake-memfail+0x22a864) (BuildId: 19659a44d8bed2c082918d25425f77e3a98df534) It occurs because when rand_get0_public/rand_get0_private sets an EVP_RAND_CTX object in its thread local storage, it neglects to check the return code of the operation, which may fail when the associated sparse array is expanded. fix it by checking the return code and failing the get0_[public|private] operation so the failure is graceful. Fixes openssl/project#1315 Reviewed-by: Paul Yang <paulyang.inf@gmail.com> Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from #28195)
Max-Deng-203
pushed a commit
to Max-Deng-203/openssl
that referenced
this pull request
Nov 23, 2025
Add cleanroom implementation of SP 800-232 to libcrypto
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This adds support callbacks for "custom" TLS Extensions, on both the Client and Server side. On top of that, it adds a notion of a "serverinfo" or "serverinfo file", which is a block of data containing TLS Extensions to be returned in response to ClientHello Extensions.
This can be used to implement Certificate Transparency's SignedCertificateTimestampList, as well as TACK's TackExtension. It could be used by any other proposal that want to staple server info into the handshake.
This patch should be complete, and includes some light tests. If this is accepted, I could follow-on with improved tests and docs.