Commit Graph

26 Commits

Author SHA1 Message Date
Matt Caswell
8d13d9e730 Check for NULL when freeing the QUIC_TLS object
Free functions are expected to be tolerant of a NULL pointer being passed.

Fixes the problem in
https://github.com/openssl/openssl/pull/21668#issuecomment-1782718328

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22536)
2023-10-31 11:40:02 +00:00
Matt Caswell
d8a4451fa7 If an error occurs constructing the quic record layer, free it properly
We need to call quic_free() to free the record layer to ensure than any
BIO that was already set is also freed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
2023-10-23 10:08:22 +01:00
Matt Caswell
da1c088f59 Copyright year updates
Reviewed-by: Richard Levitte <levitte@openssl.org>
Release: yes
2023-09-07 09:59:15 +01:00
Matt Caswell
3a0012cb52 Handle non IO based retry errors in QUIC
SSL_get_error() may respond with some retry errors that are not IO related.
In particular SSL_ERROR_WANT_RETRY_VERIFY and SSL_ERROR_WANT_X509_LOOKUP.
These can occur during a TLS handshake. If they occur when a QUIC Connection
is performing a TLS handshake then we need to propagate these up to the QCSO.

We also handle SSL_ERROR_WANT_CLIENT_HELLO_CB. This one will only ever
occur on the server side which we don't currently support. However adding
the handling for it now is identical to all the other handling so including
it is no cost, and will be needed when we do add server support.

We are not concerned with SSL_ERROR_WANT_ASYNC or SSL_ERROR_WANT_ASYNC_JOB
since we do not support async operation with QUIC.

Fixes openssl/project#199

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21922)
2023-09-02 15:23:47 +01:00
Hugo Landau
881e3299dc QUIC TLS: Better error message when ALPN not used
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
2023-09-01 10:45:33 +01:00
Tomas Mraz
eb1eaa9af4 Always use uint8_t for TLS record type
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
2023-08-25 12:04:00 +01:00
Tomas Mraz
5ad3cc1928 quic_tls.c: Fix wrong format string when raising error
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
2023-08-25 12:03:46 +01:00
Tomas Mraz
1cc8c53b0f Avoid issues with endianness when type is used in SSL_trace()
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
2023-08-25 12:03:46 +01:00
Tomas Mraz
68b9a32aa3 Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick()
This was already resolved by https://github.com/openssl/openssl/pull/21547

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
2023-08-23 17:18:39 +02:00
Tomas Mraz
79cdbe893d quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE
Fixes openssl/project#134

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21756)
2023-08-18 10:17:08 +02:00
Matt Caswell
643f542a89 Fix a use-after-free in quic_tls.c
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
2023-08-15 14:41:31 +01:00
Matt Caswell
04c7fb53e0 NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
2023-08-15 14:41:31 +01:00
Matt Caswell
b644a9323f Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
2023-08-15 14:41:31 +01:00
Hugo Landau
4d6ca88599 QUIC QTLS: Fix NULL dereference (coverity)
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
2023-08-10 18:19:51 +01:00
Hugo Landau
7a2bb2101b QUIC TLS: Rethink error handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
2023-08-08 14:33:42 +01:00
Hugo Landau
741170bef3 QUIC CHANNEL: Improve error reporting
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
2023-08-08 14:33:42 +01:00
Hugo Landau
80bcc4f1ae QUIC TLS: Report TLS errors properly as QUIC protocol errors
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
2023-08-08 14:33:42 +01:00
Matt Caswell
f85d343208 Keep doing ossl_quic_tls_tick() even after handshake completion
There may be post-handshake messages to process so make sure we keep
ticking things even if the handshake has finished. We do this simply by
calling SSL_read(). There should never be app data to read but we will
process any handshake records we encounter.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21591)
2023-08-02 20:26:54 +01:00
Matt Caswell
5758245031 Update the SSL_rstate_string*() return value for QUIC
We make these APIs work more like the TLS versions do.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
2023-04-27 17:03:33 +01:00
Matt Caswell
7a4e109ebe Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
2023-04-12 11:02:01 +10:00
Matt Caswell
2eb91b0ec3 Make the data field for get_record() const
Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
layer. We should not expect that the TLS implementation should be able to
change the underlying buffer. Future record layers may not expect that.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
2023-04-12 11:02:01 +10:00
Matt Caswell
7257188b70 Add support for rstream get/release record in the QUIC TLS layer
The QUIC TLS layer was taking an internal copy of rstream data while
reading. The QUIC rstream code has recently been extended to enable a
get/release model which avoids the need for this internal copy, so we use
that instead.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
2023-04-12 11:02:01 +10:00
Matt Caswell
f10e5885f0 Add a test for a server that doesn't provide transport params
Check that we fail if the server has failed to provide transport params.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
2023-02-22 05:34:04 +00:00
Matt Caswell
4e3a55fd14 Add QUIC-TLS server support
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)
2023-01-24 17:16:29 +00:00
Matt Caswell
1d57dbac19 Add support for the msg_callback
Having support for the msg_callback will improve debug capabilities.

For record headers we "manufacture" dummy ones so that as far as the
callback is concerned we are doing "normal" TLS.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)
2023-01-24 17:16:29 +00:00
Matt Caswell
19863d497d Add an initial QUIC-TLS implementation
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)
2023-01-24 17:16:29 +00:00