mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,899 Commits 34 Branches 385 Tags 420 MiB
84f371a130
Commit Graph

477 Commits

Author SHA1 Message Date
Matt Caswell
da1c088f59 Copyright year updates 
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
 2023-09-07 09:59:15 +01:00
Richard Levitte
cfbdc5dd14 Include #include "internal/numbers.h" in ssl/quic/quic_cfq.c 
It's needed for platforms that don't define UINT64_MAX and similar macros

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21951)
 2023-09-04 18:27:21 +02:00
Matt Caswell
3a0012cb52 Handle non IO based retry errors in QUIC 
SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOOKUP.
These can occur during a TLS handshake. If they occur when a QUIC Connection
is performing a TLS handshake then we need to propagate these up to the QCSO.

We also handle SSL_ERROR_WANT_CLIENT_HELLO_CB. This one will only ever
occur on the server side which we don't currently support. However adding
the handling for it now is identical to all the other handling so including
it is no cost, and will be needed when we do add server support.

We are not concerned with SSL_ERROR_WANT_ASYNC or SSL_ERROR_WANT_ASYNC_JOB
since we do not support async operation with QUIC.

Fixes openssl/project#199

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)
 2023-09-02 15:23:47 +01:00
Hugo Landau
5debf07010 QUIC APL: Implement SSL_want 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
 2023-09-01 14:44:47 +01:00
Hugo Landau
72ca0b88fc QUIC APL: Revise I/O error setting so that the last error is set on success 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
 2023-09-01 14:44:47 +01:00
Hugo Landau
56df4cf24f QUIC APL: Adjust expect_quic_conn_only 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
 2023-09-01 14:44:46 +01:00
Hugo Landau
8c792b0ccd QUIC RXDP: Reuse allocations between ACK frame processing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
 2023-09-01 14:06:18 +01:00
Hugo Landau
a31601cc3f QUIC WIRE: When peeking at number of ACK ranges, ensure enough data is available 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
 2023-09-01 14:06:18 +01:00
Hugo Landau
016a80dcf4 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:54 +01:00
Hugo Landau
7b1ca59995 Fix after rebase 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:54 +01:00
Hugo Landau
b139f7a26d QUIC APL: Report that we do not support SSL_clear correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:54 +01:00
Hugo Landau
7d9e447ab8 QUIC API: Revise SSL_get_conn_close_info to use a flags field 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:50 +01:00
Hugo Landau
d2e9e12b23 QUIC APL: Allow stream origin to be queried 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:50 +01:00
Hugo Landau
8d7f034622 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:36 +01:00
Hugo Landau
abeb41b42f Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:36 +01:00
Hugo Landau
3760747ff4 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:36 +01:00
Hugo Landau
62665fc243 QUIC APL: Introduce addressed v. non-addressed mode handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau
617b459ddf QUIC CHANNEL: Introduce concept of (non-)addressed mode 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau
51e671e204 QUIC APL: Refactor blocking configuration to allow late blocking support detection 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau
be96180aa6 QUIC CHANNEL: Cleanup poll descriptor management 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau
0b8b75e242 QUIC REACTOR: Move can-poll flags into reactor 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau
0818c17007 QUIC APL: Autoconfigure BIOs as non-blocking 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau
2e1760118b QUIC APL: Better error reporting 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:33 +01:00
Hugo Landau
549d0a700b QUIC CHANNEL: Only handle the first protocol error raised 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:33 +01:00
Hugo Landau
881e3299dc QUIC TLS: Better error message when ALPN not used 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:33 +01:00
Hugo Landau
a954f761fe QUIC APL: Determine if an error is an I/O error dynamically 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21829)
 2023-08-30 15:49:08 +01:00
Hugo Landau
3bc38ba071 QUIC MULTISTREAM TEST: Test WAIT_PEER 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
 2023-08-30 08:28:22 +01:00
Hugo Landau
25a0c4b907 QUIC APL: Support waiting for peer-initiated shutdown 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
 2023-08-30 08:28:22 +01:00
Hugo Landau
96fe5e5f96 QUIC APL: Implement backpressure on stream creation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
 2023-08-30 08:28:22 +01:00
Hugo Landau
de85ec03f5 QUIC RXDP: Handle PING correctly 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau
413a427c2a QUIC QRX: Initialise all RXE fields properly for non-encrypted packets 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau
c5b882a80b QUIC APL: Handle modes correctly 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau
777a8a7f5d QUIC: Minimally handle version negotiation packets 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau
7a5f58b2cf QUIC APL: Fix stream backpressure conditions to use non-I/O errors 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
 2023-08-25 15:11:05 +02:00
Hugo Landau
9d6bd3d30f QUIC APL: Implement backpressure on stream creation 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
 2023-08-25 15:10:43 +02:00
Tomas Mraz
eb1eaa9af4 Always use uint8_t for TLS record type 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:04:00 +01:00
Tomas Mraz
d848520afe ch_init(): Add braces to appease older clang compilers 
They produce a warning `suggest braces around initialization of subobject`
otherwise.

Add -Wno-missing-braces to silence old clang compilers

And drop unnecessary braces in zeroing initializers.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:03:54 +01:00
Tomas Mraz
5ad3cc1928 quic_tls.c: Fix wrong format string when raising error 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:03:46 +01:00
Tomas Mraz
1cc8c53b0f Avoid issues with endianness when type is used in SSL_trace() 
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:03:46 +01:00
Matt Caswell
0b31072e08 Don't keep creating CONNECTION_CLOSE frames 
If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
 2023-08-25 08:42:39 +02:00
Matt Caswell
aa433014bb Keep sending datagrams while we have data to send 
If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
 2023-08-25 08:42:39 +02:00
Matt Caswell
cb93128873 Add the ability to set SSL_trace as the msg_callback in tserver 
This is useful for debugging purposes. The standard SSL_trace msgcallback
can be used with tserver.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
 2023-08-24 10:33:58 +01:00
Tomas Mraz
8ee3ee10e3 quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz
64fd69911e ossl_quic_tx_packetiser_generate(): Always report if packets were sent 
Even in case of later failure we need to flush
the previous packets.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz
96014840b6 QUIC: Miscellaneous error handling updates 
Raise errors when appropriate.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz
cb19528b93 QUIC: Add ERR_raise() calls for EVP call failures 
This improves tracking where the failure was triggered.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz
68b9a32aa3 Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick() 
This was already resolved by https://github.com/openssl/openssl/pull/21547

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:39 +02:00
Tomas Mraz
8fd32a0eda QUIC: Update ping deadline when we receive a packet 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
 2023-08-22 12:31:46 +02:00
Tomas Mraz
604a607222 quic_trace.c: Fix typo in traces 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
 2023-08-22 12:31:46 +02:00
Tomas Mraz
b6125b54ed QUIC: Do not discard the INITIAL el too early 
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.

On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
 2023-08-22 12:31:46 +02:00