Closed
Conversation
Refer: swiftlang/swift#39143 for a description of the algorithm. It is optimal in the sense of having: * no divisions * minimal number of blocks of random bits from the generator Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22499) (cherry picked from commit 55755fb)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22499) (cherry picked from commit d05e0e4)
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22499) (cherry picked from commit dfb26e0)
Previously we entered an infinite loop if these things failed. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22557) (cherry picked from commit ddf84fc)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22569) (cherry picked from commit 2665289)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22569) (cherry picked from commit b119f8b)
Minor edits (expand MVP acronym, suggest how to install "libuv") These changes are part of openssl/project#253 Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22543) (cherry picked from commit bcc04ab)
Update makefile and fix some signedness issues in the demo sources. Drop stray "\n" in the host-port format string that prevented ddd-01 from working (this was also noticed by Neil H). Also, determine the length of the message we are sending and send that many bytes (rather than send sizeof the buffer storing the message). These changes are part of openssl/project#253 Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22542) (cherry picked from commit d1338fc)
The txp->want_ack value has different bit values for different pn_space values. Make sure we take that into account when we read it. Fixes openssl#22568 Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22579) (cherry picked from commit d13488b)
The QUIC fault injector frame injection functionality injects injected frames on whatever EL we happen to be using to generate a packet in. This means we sometimes inject the frame into a packet type it is not allowed to be in, causing a different error code to be generated. Fix this by making sure the connection is fully established before trying to generate the frame in question. Fixes openssl#22348. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22578) (cherry picked from commit a6eb287)
…acket types Although the previous commit is enough to fix the immediate cause of the stochastic failure on Windows, this is a more resilient fix; make sure we only inject a given frame into the correct packet type for our various injection functions. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22578) (cherry picked from commit 660718e)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22552) (cherry picked from commit 2ec4e73)
We also supply some test certificates for use with the demos. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22552) (cherry picked from commit a2b8247)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22552) (cherry picked from commit 420037c)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22552) (cherry picked from commit cb8107b)
The demo code has changed to accept the hostname/port on the command line. We update the tutorials to keep in sync with the demo code. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22552) (cherry picked from commit 9e973eb)
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22585) (cherry picked from commit daf26c2)
ossl_quic_sstream_is_totally_acked would return 0 if no data had been appended to the stream yet. Fixed and added tests. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from openssl#22580) (cherry picked from commit 115ee28)
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Hugo Landau <hlandau@openssl.org> (Merged from openssl#22583) (cherry picked from commit 19641b4)
In testing the quic demos, I found that the quicserver refused to start for me, indicating an inability to bind a socket to listen on The problem turned out to be that getaddrinfo on my system was returning multiple entries, due to the fact that /etc/host maps the localhost host name to both ipv4 (127.0.0.1) and ipv6 (::1), but returns the latter as an ipv4 mapped address (specifying family == AF_INET) It seems like the proper fix would be to modify the /etc/hosts file to not make that mapping, and indeed that works. However, since several distribution ship with this setup, it seems like it is worthwhile to manage it in the server code. its also that some other application may be bound to a given address/port leading to failure, which I think could be considered erroneous, as any failure for the full addrinfo list in quicserver would lead to a complete failure Fix this by modifying the create_dgram_bio function to count the number of sockets is successfully binds/listens on, skipping any failures, and only exit the application if the number of bound sockets is zero. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#22559) (cherry picked from commit fe26b6b)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from openssl#22572) (cherry picked from commit 55936ee)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22523) (cherry picked from commit f94cacb)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22523) (cherry picked from commit 05937a7)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22523) (cherry picked from commit 1d8a399)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22523) (cherry picked from commit 8cb4a47)
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22523) (cherry picked from commit f62fec6)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22493) (cherry picked from commit a1c0306)
Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22592) (cherry picked from commit d3dcf88)
Enable the quic-client fuzzer to accept and create new streams Reviewed-by: Hugo Landau <hlandau@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22592) (cherry picked from commit 3fa274c)
@mspncp noted that the condition should have been likely not unlikely. Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#22593) (cherry picked from commit b90662b)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
20 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Checklist