Its the only place we use this code, so put the code in that directory
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26546)
Several servers defer the sending of max stream frames. For instance
quic-go uses a go-routine to do the sending after sufficient existing
streams have finished, while mvfst seems to wait for all outstanding
streams to be closed before issuing a new batch. This result in the
client, if all streams are in use, getting a transient NULL return from
SSL_new_stream(). Check for the stream limit being reached and allow a
number of retries before giving up to give the server a chance to issue
us more streams. Also dead-reckon the batch count of streams we use in
parallel to be 1/4 of our total number of available streams (generally
hard coded to 100 for most servers) to avoid using all our streams at
once. It would be really nice to have an api to expose our negotiated
transport parameters so that the application can know what this limit
is, but until then we have to just guess.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26527)
On working on a rebase for the quic-server branch, I noted that the
rebase was failing on the http3 server. It occurs because the new CI
ubuntu container appears to have FORTIFY_SOURCE enabled and trips over
the call to read here. Specifically the compiler notes that in passing
an int into the read syscall (which accepts a size_t as the 3rd
argument), may interpret a negative value as a very large unsigned value
that exeeds the size allowed by a read call.
Fix it by converting the size variable to a size_t to ensure that the
signing is correct
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26368)
Included are also multiple style fixes.
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26193)
Modify the QUIC HQ interop server/client to support both IPv4 and IPv6.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26194)
Normally the throughput test in the interop harness requests several
hundred very small files, resulting in lots of small stream packets from
the client, which are nominally read in a single read operation (as they
typically fit into a single stream frame), and the server was written to
expect that. However, its still possible, if a stream frame is packed
to the end of a datagram, that only part of its content is carried,
finished in a subsequent stream packet, which leads to a short read.
Augment the server to properly handle SSL_read transient failures so
that such an occurance is handled properly.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26198)
The SSL_read error handling misses the ZERO_RETURN clause which is
non-fatal, correct that.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26180)
When setting up the url value we copy data from memory regions that
overlap, it leads to bogus output, correct that.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26180)
The fileprefix that we serve content from needs to be preserved accross
h3ssl reuse. Make sure we restore it after zeroing the struct.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26180)
The handshake test in the interop suite requires that no server address
validation be preformed, so disable it for this test
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26114)
create a new h3conn in read_from_ssl_ids() when we have a new
connection.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25859)
SSL_poll() without SSL_POLL_FLAG_NO_HANDLE_EVENT ticks for each stream
we have in SSL_poll() that prevents the server logic to get all events
Use SSL_poll() with SSL_POLL_FLAG_NO_HANDLE_EVENT and
SSL_handle_events() prevents the problem.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25859)
before and the first time we are in the loop.
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25859)
the quic-interop-runner that we use for interop testing currently only
supports openssl client testing, as we had previously not had a server
to test with.
This PR rectifies that by doing the following:
1) Adding a quic-hq-interop-server.c file in demos/guide
2) Augmenting our interop Dockerfile and entrypoint to support our
interop containter running in a server role
With these changes we are able to do server side interop testing
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26000)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25431)
In ossl_property_merge() we can drop the realloc because it just makes
the allocation smaller.
In quic-hq-interop.c we check the realloc result.
Reviewed-by: Kurt Roeckx <kurt@roeckx.be>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26244)
Now that libcrypto supports the user of SSLKEYLOGFILE, the interop demo
attempts to open the same file based on the same env variable.
The hq-interop-demo code can just be removed, and it fixes the open
failure when both libcrypto and hq-interop attempt to open and write the
same file, which is causing the nightly failure
Reviewed-by: Paul Dale <ppzgs1@gmail.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25819)
To run the chacha20 test in interop we need to:
1) negotiate an hq-interop alpn
2) only use chacha 20
Item 1 requires the use of quic-hq-interop, the latter requires this
change
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25528)
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25426)
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25426)
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25426)
We have a limited number of streams to use
send requests in accordance with the number of streams we have
and batch requests according to that limit
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25426)
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25426)
Reviewed-by: Sasa Nedvedicky <sashan@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25426)
