Commit Graph

4740 Commits

Author SHA1 Message Date
Matt Caswell
5c476976ab Handle app data records from the next epoch
It is possible that DTLS records are received out of order such that
records from the next epoch arrive before we have finished processing the
current epoch. We are supposed to buffer such records but for some reason
we only did that for handshake and alert records. This is incorrect since
it is perfectly possible for app data records to arrive early too.

Fixes #20597

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20628)
2023-03-31 09:14:24 +01:00
Hugo Landau
652fbb62a3 Revise build.info
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:17 +01:00
Hugo Landau
5129e59494 QUIC: Ensure locking when injecting datagrams
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:17 +01:00
Hugo Landau
9cf091a3c5 QUIC Thread Assisted mode: miscellaneous fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:16 +01:00
Hugo Landau
20f457436d QUIC Thread Assisted Mode: Refactor locking to be infallible
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:16 +01:00
Hugo Landau
c4208a6a98 QUIC Thread Assisted Mode: Fix typos and use of CRYPTO_RWLOCK type
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:10 +01:00
Hugo Landau
1dd04a0fe2 QUIC Thread Assisted Mode: Support Windows XP
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
dbe7b51a8e Minor fixes to thread assisted mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
3b1ab5a3a0 Enhance quic_tserver test to fully test thread assisted mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
4648eac533 QUIC CHANNEL: Fix idle timeout handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
b212d554e7 QUIC CHANNEL: Allow time source to be overridden
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
134b79c056 QUIC TXP: Allow caller to determine if an ACK-eliciting packet was sent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
ffce2946c7 Switch to using ossl_crypto_mutex from CRYPTO_RWLOCK
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
ccd3103771 Add channel-only tick mode and use it for thread assisted mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
f2f7c4f15a Front End for QUIC Thread Assisted Mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
9f7acf071c QUIC Thread Assist Core
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
4a530180e5 Fix handshake locking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
e053505f0c Add mutex to tserver
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
a8489257e6 Add locking to QUIC front-end
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
4847599b54 Move channel mutex out of QUIC_CHANNEL for init/teardown flexibility
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
d7b1faddab Annotate functions needing locking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
fb2245c44b QUIC Channel: Add a mutex
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
c019e1efe9 QUIC Reactor: Allow a mutex to be released during waits
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Todd Short
3c95ef22df RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
2023-03-28 13:49:54 -04:00
Michael Baentsch
a2a543e0e3 Update the EVP_PKEY_get_id documentation
The documentation didn't mention the development where EVP_PKEY_get_id()
returns a negative value for provider-only implementations, and the
migration guide didn't mention how to cope with that.

Fixes #20497

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20501)
2023-03-25 09:44:54 +01:00
Peter Kaestle
62ea5ffa7c tls1_set_groups_list: freeing *pext before overwriting
calling SSL_CTX_set1_groups_list() twice on one SSL_CTX* caused a memory
leak visible in valgrind:
  4 bytes in 1 blocks are definitely lost in loss record 1 of 1
     at 0x4841888: malloc (vg_replace_malloc.c:381)
     by 0x4B1EE96: CRYPTO_memdup (in libcrypto.so.3)
     by 0x48993A0: tls1_set_groups_list (in libssl.so.3)
     by 0x487AA7E: ssl3_ctx_ctrl (in libssl.so.3)
     by 0x1091EA: main (mem_leak.c:10)

  LEAK SUMMARY:
     definitely lost: 4 bytes in 1 blocks

Freeing *pext to fix it.

CLA: trivial

Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20317)

(cherry picked from commit fcf3a9f7c6)
2023-03-24 13:40:12 +01:00
Hugo Landau
29fb7f0879 QUIC DEMUX: Ensure time field is always initialised
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20451)
2023-03-22 10:14:25 +11:00
Hugo Landau
553a4e00aa QUIC: Add support for datagram injection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20451)
2023-03-22 10:14:25 +11:00
VeronikaNguyen
c6d14bfd5f Added CERTIFICATE_VERIFY_MAX_LENGTH constant
- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
  (2 bytes for the algorithm identifier + 2 bytes of signature length
   + 65535 bytes of signature)
- Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH`
  in `statem_srvr.c` and `statem_clnt.c`

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20486)
2023-03-21 12:44:08 +01:00
Matt Caswell
d293ebde01 Fix some Windows issues in the quic_reactor
An incorrect macro name was being used for Windows detection which meant
we were going down a codepath not intended for Windows and thus failing.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:55 +11:00
Matt Caswell
0c593328fe Add a simple QUIC test for blocking mode
We create "real" sockets for blocking mode so that we can block on them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:55 +11:00
Matt Caswell
c2212dc19e Make sure the QRX and QTX are associated with a libctx
If a libctx has been associated with the channel, it must be passed down
to the QRX and QTX.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:38 +11:00
Matt Caswell
4e15b44864 Fix seg fault when calling SSL_shutdown() for a QUIC connection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:38 +11:00
Matt Caswell
560470b5d9 Fix SSL_has_pending() for QUIC connections
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:38 +11:00
Matt Caswell
44a1ac5de0 Provide better errors for some QUIC failures
For example if would be helpful if we got more useful information if the
caller forgot to set the peer address.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:38 +11:00
Matt Caswell
f8ffab0d52 Defer unknown QUIC ctrls to the SSL object for TLS
If the QUIC oject receives a ctrl it does not recognise, the chances are
it is intended for the underlying SSL object - so we forward unknown ctrls
there.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:38 +11:00
Pauli
b36e677f8f Coverity 1521490: resource leak
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/20504)
2023-03-15 19:58:07 +11:00
Tomas Mraz
bf762f9203 stream_frame_new(): Add missing allocation check
Reported by Marc Schönefeld.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)
2023-03-06 12:26:16 +01:00
Tomas Mraz
2113ea584c Improve the QUIC_RSTREAM implementation
Add API calls to avoid copying data when reading
These are ossl_quic_rstream_get_record() and
ossl_quic_rstream_release_record().

Add side storage for the stream frame data.
When there are too many packets referenced by the
receiving stream the function ossl_quic_rstream_move_to_rbuf()
can be called to move the data to a ring buffer.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19794)
2023-03-06 12:26:16 +01:00
Matt Caswell
79abf0dff9 Remove spurious error queue entries on early data
Early data decryption is expected to fail sometimes. If it does we should
not leave spurious error entries on the queue.

Fixes #20377

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20401)
2023-03-06 08:35:17 +11:00
Matt Caswell
0513a38364 Fix early_data age calculation
The ticket_age/age_add values use ms granualarity. We were incorrectly
treating them as seconds and so the ticket was always being rejected for
early data. We also clarify a comment which could have been the source of
the confusion.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20387)
2023-03-01 13:04:14 +11:00
Michael Baentsch
ee58915cfd first cut at sigalg loading
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19312)
2023-02-24 11:02:48 +11:00
olszomal
1dc35d44f3 Skip subdirectories in SSL_add_dir_cert_subjects_to_stack()
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20312)
2023-02-23 20:10:58 +11:00
Matt Caswell
d518854cef Don't send ciphersuites twice in QUIC
QUIC TLS was sending some ciphersuites twice in the ClientHello. This
was due to us declaring some TLSv1.3 ciphersuites in the list intended to
describe the TLSv1.2 ciphersuites supported by the SSL_METHOD.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20148)
2023-02-23 18:31:44 +11:00
Matt Caswell
45bb98bfa2 Add const to some test tserver functions
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:06 +00:00
Matt Caswell
c12e111336 Rename various functions OSSL_QUIC_FAULT -> QTEST_FAULT
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:06 +00:00
Matt Caswell
d6cf4b59a0 Don't declare SSL_CONNECTION twice
It causes problems with some compilation options

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:05 +00:00
Matt Caswell
ce8f20b6ae Don't treat the Tserver as connected until the handshake is confirmed
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:04 +00:00
Matt Caswell
62d0da12e3 Raise a protocol error if we have not received transport params from peer
If we complete the TLS handshake but transport params were not received
then this is a protcol error and we should fail.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:04 +00:00
Matt Caswell
f10e5885f0 Add a test for a server that doesn't provide transport params
Check that we fail if the server has failed to provide transport params.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:04 +00:00