mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-03-01 19:28:10 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,433 Commits 30 Branches 390 Tags 502 MiB
283938fca5
Commit Graph

4937 Commits

Author SHA1 Message Date
Hugo Landau
283938fca5 RFC 9000 s. 19.8: Enforce maximum stream size 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
212616ed09 QUIC CONFORMANCE: RFC 9000 s. 17.2.5.1 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
fd0d593220 QUIC CONFORMANCE: RFC 9000 s. 17.2.2: Enforce no initial token from server 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
08cb9a8327 QUIC CONFORMANCE: Enforce packet header reserved bits 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
5b9452e037 QUIC WIRE: Allow encoding/decoding of reserved header bits 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
22f21fbdd6 QUIC CONFORMANCE: RFC 9000 s. 13.3: MAX_STREAM_DATA generation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
96fa10f36f QUIC CONFORMANCE: RFC 9000 s. 12.5: Application CONNECTION_CLOSE frame masking 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
8d2e353df4 QUIC CONFORMANCE: RFC 9000 s. 12.5: Ensure CFQ can not be used to send disallowed frame types in a given PN space 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
5a1b1d2be3 QUIC CONFORMANCE: RFC 9000 s. 12.3: PN Limit 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
dfe5e7fa98 QUIC CONFORMANCE: RFC 9000 s. 12.3: PN duplicate suppression 
Make sure PN duplicate suppression is side-channel safe by doing
the duplicate test after AEAD verification.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
85bbef270c QUIC ACKM: Clarify the role of is_inflight 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
6c1d0e2865 QUIC CONFORMANCE: Enforce minimal frame type encoding 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
0911cb4a07 QUIC CONFORMANCE: Packet handling fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
7e3fa44f24 QUIC CONFORMANCE: Handle RESET_STREAM final size correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
2cc0e2dddf QUIC CONFORMANCE: Validate RESET_STREAM final sizes correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
c407d5e568 QUIC: Note that we do not retransmit stream data for retransmitted streams 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
28d0e35cd6 QUIC QSM: Free unneeded stream buffers, calculate RESET_STREAM final size correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
418e122cd4 QUIC QSM: Model final sizes and handle STOP_SENDING correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
01715f2b41 QUIC CONFORMANCE: RFC 9000 s. 3.3: Stream States — Permitted Frame Types — STREAM 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Hugo Landau
2f018d14f0 QUIC QSM/STREAM: Refactor to use RFC stream states 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Tomas Mraz
69aef72264 ossl_quic_wire_encode_pkt_hdr(): Assign ptrs only on static buf wpkt 
Pointers can be invalidated when the underlying BUF_MEM grows.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21411)
 2023-07-14 11:51:48 +02:00
Hugo Landau
780b252747 QUIC APL: Tick on SSL_read failure in non-blocking mode 
...

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21381)
 2023-07-10 09:09:30 +10:00
Tomas Mraz
9c3ea4e1d7 QUIC err handling: Save and restore error state 
We save the error state from the thread that encountered
a permanent error condition caused by system or internal
error to the QUIC_CHANNEL.

Then we restore it whenever we are returning to a user
call when protocol is shutdown.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)
 2023-07-07 15:13:29 +02:00
Tomas Mraz
5c3474ea56 QUIC err handling: Properly report network errors 
We return SSL_ERROR_SYSCALL when network error is encountered.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21087)
 2023-07-07 15:13:29 +02:00
Matt Caswell
0cea6df239 Use %llx not %lx for uint64_t 
Some compilers don't like %lx

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
 2023-07-06 12:55:21 +10:00
Matt Caswell
1a2a0e1dc8 Don't compile quic_thread_assist.c on OPENSSL_NO_QUIC_THREAD_ASSIST 
If OPENSSL_NO_QUIC_THREAD_ASSIST is defined then we don't have the right
support for QUIC thread assisted mode so don't attempt to compile that
code.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21332)
 2023-07-06 12:55:21 +10:00
Hugo Landau
db2f98c4eb Rework options handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:03:04 +10:00
Hugo Landau
9562842b33 Simplify QUIC API masking 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:03:04 +10:00
Hugo Landau
18ca1c8fc0 Update SSL options handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:03:04 +10:00
Hugo Landau
6e5550a104 Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:03:04 +10:00
Hugo Landau
3f7b67fb21 Remove unused server code 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:03:04 +10:00
Hugo Landau
d6e7ebba33 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:03:04 +10:00
Hugo Landau
5f69db396c QUIC SSL: Block SSL_clear 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:27 +10:00
Hugo Landau
f66f0d3ce1 QUIC SSL: SSL_set_quiet_shutdown 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:27 +10:00
Hugo Landau
3ea30e76d7 QUIC SSL: Restrict SSL_CTX_set_ssl_version, SSL_set_ssl_method 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:27 +10:00
Hugo Landau
0eecf8418a QUIC SSL: Version setting restrictions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
38c0ff1f40 QUIC SSL: Forbid pipeline-related operations 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
5e6015af4d QUIC SSL: SSL_set_fd for BIO_s_datagram 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
a1c56bbe79 QUIC SSL: HelloRetryRequest 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
fe33e2c8c1 QUIC SSL: Buffer Management 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
82a2becab3 QUIC SSL: Prohibit early data functionailty 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
d0638fd5f0 QUIC SSL: Prohibit readahead-related functions 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
9280d26a3a QUIC: Implement SSL_has_pending 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
9ea0e72992 QUIC: Implement SSL_rstate_string(_long) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
7163617f33 QUIC: Prohibit post-handshake auth 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
f0d9757caf QUIC: Control SSL option setting 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
68dbff4c04 QUIC: Forbid NPN 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
09d56d20a2 QUIC: Forbid non-QUIC ciphers 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
f082205bcf QUIC TLS: Prohibit SRTP-related calls for QUIC TLS 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00
Hugo Landau
43788fb3ac QUIC SSL Behaviours: Allow detection of an SSL connection used for QUIC handshake 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)
 2023-07-05 09:02:26 +10:00