mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-15 06:01:37 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,647 Commits 34 Branches 385 Tags 513 MiB
89b0948e53
Commit Graph

417 Commits

Author SHA1 Message Date
Hugo Landau
89b0948e53 QUIC CHANNEL: Tune RXFC default parameters 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
8761efb2cc QUIC UINT_SET: Fix null dereference (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
f540b6b4f6 QUIC TSERVER: Handle return value correctly (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
4669a3d79b QUIC APL: Add missing unlock call (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
23406e304f QUIC: Check block_until_pred return value in shutdown (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
a2d4915ab2 QUIC QTX: Handle negative IV values correctly (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
4d6ca88599 QUIC QTLS: Fix NULL dereference (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
b538ae4fbf QUIC QRX: Handle negative IV length values correctly (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
565d2987cd QUIC FIFD: Coverity 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
dc5e5c51e2 QUIC UINT_SET: Fix regression after list refactor 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
1623bf374d QUIC TEST: STREAM, MAX_DATA and MAX_STREAM_DATA testing 
Fixes https://github.com/openssl/project/issues/76

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
6a2b70e21b QUIC TXP: Fix bug where TXPIM PKT could be used after free 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
40c8c756c8 QUIC APL/CHANNEL: Wire up connection closure reason 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:45 +01:00
Hugo Landau
ed75eb32f3 QUIC TEST: Test NEW_CONN_ID frames 
Fixes https://github.com/openssl/project/issues/86

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:45 +01:00
Hugo Landau
17340e8785 QUIC TEST: Ensure PING causes ACK generation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:44 +01:00
Tomas Mraz
44cb36d04a Resolve some of the TODO(QUIC) items 
For some of the items we add FUTURE/SERVER/TESTING/MULTIPATH
designation to indicate these do not need to be resolved
in QUIC MVP release.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21539)
 2023-08-08 15:58:59 +02:00
Hugo Landau
7a2bb2101b QUIC TLS: Rethink error handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
828c9c6690 QUIC: Fix nit 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
398922463f QUIC: Move string conversion functions into a source file 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
741170bef3 QUIC CHANNEL: Improve error reporting 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
67e72ed575 QUIC WIRE: RFC 9000 s. 19.6 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
098914d0b7 QUIC CHANNEL: Apply flow control to CRYPTO streams 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
1051b4a0b9 QUIC FC: Rename stream count mode to reflect actual function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
7c793cd343 QUIC CHANNEL: Fix typo 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
2a6f1f2f6e QUIC QRX: Don't process 1-RTT packets until handshake is complete 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
0c1cc36bbb QUIC QRX: Enforce PN monotonicity with key updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
3eb0f9a702 QUIC CHANNEL, TXP: Discard INITIAL EL correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
80bcc4f1ae QUIC TLS: Report TLS errors properly as QUIC protocol errors 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
3ad5711e48 QUIC CHANNEL: Send correct alert code if no TPARAMs received 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
c5cb85b665 QUIC TXP: Allow PATH_RESPONSE to force padding 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
371c29582a QUIC CFQ: Unreliable transmission for PATH_RESPONSE 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
7eb330ff7a QUIC: Echo PATH_CHALLENGE frames as PATH_RESPONSE frames 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Pauli
bed2087487 quic compliance: 10.2.3 dropping instead of closing 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
6861f5a703 Fix type/legacy name 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
d15d5ea6a6 quic conformance: add comment about section 10.2.3 conformance 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
d11b901b0b trivial code nit 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
50e76846bf quic conformance: 10.2.1 rate limiting 
Implement the two requirements about limiting closing transmission size to
no more than thrice the received size.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
afe4a7978d quic conformance: section 10.2.2 requirements 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
6b3b5f9d28 quic conformance: section 10.2.1 requirements 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
24ae2d79d5 quic: use the safe fused multiply divide instead of a safe multiply then a normal division 
This should extend the range of possible results.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
a441d08b1b Add note about RFC 9000 10.2 persist time 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
b056e9fcf5 document RRFC9000 10.1 MUST requirement 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
73ef6e6f0f Note RFC 9000 19.19 requirement 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Matt Caswell
f219abef51 Ensure the QUIC TLS SSL object is marked as shutdown 
If we shutdown the QUIC connection then we should mark the underlying
TLS SSL object as shutdown as well. Otherwise any sessions are considered
unusable for resumption.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
 2023-08-02 20:27:07 +01:00
Matt Caswell
829eec9f86 Add the ability for tserver to use a pre-existing SSL_CTX 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
 2023-08-02 20:27:07 +01:00
Matt Caswell
f85d343208 Keep doing ossl_quic_tls_tick() even after handshake completion 
There may be post-handshake messages to process so make sure we keep
ticking things even if the handshake has finished. We do this simply by
calling SSL_read(). There should never be app data to read but we will
process any handshake records we encounter.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
 2023-08-02 20:26:54 +01:00
Matt Caswell
c31f06120f Ensure SSL_has_pending() always works even before a connection 
s_client calls SSL_has_pending() even before the connection has been
established. We expect it to return 0 in this case and not put any errors
on the stack.

We change things so that SSL_has_pending() always returns 0 if there is
no stream available.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21578)
 2023-08-02 15:07:07 +01:00
Matt Caswell
33f6ad1724 Still advance handshake even on an empty write 
A call to SSL_write() with a zero length buffer should still advance the
handshake. Applications (including s_client) may rely on this.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21578)
 2023-08-02 15:07:07 +01:00
Hugo Landau
63fac76c24 QUIC: Automatically drain non-concluded streams, bugfixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21484)
 2023-07-31 14:03:42 +01:00
Hugo Landau
6d6b3a032d QUIC APL: Mask API operations when in shutdown flush 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21484)
 2023-07-31 14:03:42 +01:00