Commit Graph

4758 Commits

Author SHA1 Message Date
Hugo Landau
b633cf8764 QUIC CC: Move dummy method to test code
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
d235f657f8 QUIC CC: Safe multiplication
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
0f1c43c441 QUIC CC: Minor fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
f6f45c55ea QUIC: Make QUIC_CHANNEL use newreno CC
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
ab11c165f6 QUIC Congestion Control: Tests
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
f68fd1cebc QUIC: NewReno congestion controller
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Hugo Landau
90699176b0 QUIC CC: Major revisions to CC abstract interface
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20423)
2023-05-01 11:03:54 +01:00
Matt Caswell
c20d923b46 Release zero length handshake fragment records
If we are processing a hanshake fragment and we end up with a
zero length record, then we still need to release it to avoid an
infinite loop.

Fixes #20821

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20824)
2023-05-01 09:54:39 +01:00
Matt Caswell
5758245031 Update the SSL_rstate_string*() return value for QUIC
We make these APIs work more like the TLS versions do.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
2023-04-27 17:03:33 +01:00
Matt Caswell
73bac6e280 Ensure that the SSL_rstate_string*() API works as they used to
We initialise the record layer rstate variable to ensure the
SSL_rstate_string*() APIs return values that are consistent with
previous versions.

Fixes #20808

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20827)
2023-04-27 17:03:33 +01:00
Tomas Mraz
3155b5a90e Fix regression of no-posix-io builds
Instead of using stat() to check if a file is a directory
we just skip . and .. as a workaround.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/20786)
2023-04-25 11:32:20 +02:00
FdaSilvaYY
24a3225443 dtls: code cleanup and refactorization
- factorize BIO_CTRL_DGRAM_SET_NEXT_TIMEOUT calls.
- simplify a return type
- style nits

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20602)
2023-04-24 14:41:47 +02:00
Irak Rigia
1e6bd31e58 Replaced '{ 0, NULL }' with OSSL_DISPATCH_END in OSSL_DISPATCH arrays
Fixes #20710

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20745)
2023-04-21 16:19:11 +02:00
Ladislav Marko
e35a213341 Fix typo in ssl_ciph.c
CLA: trivial

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/20703)
2023-04-13 10:28:08 +01:00
Matt Caswell
7a4e109ebe Allow partially releasing a record for TLS
This enables the cleansing of plaintext to occur in the record layer and
avoids the need to cast away const above the record layer.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
2023-04-12 11:02:01 +10:00
Matt Caswell
2eb91b0ec3 Make the data field for get_record() const
Improves consistency with the QUIC rstream implementation - and improves
the abstraction between the TLS implementation and the abstract record
layer. We should not expect that the TLS implementation should be able to
change the underlying buffer. Future record layers may not expect that.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
2023-04-12 11:02:01 +10:00
Matt Caswell
7257188b70 Add support for rstream get/release record in the QUIC TLS layer
The QUIC TLS layer was taking an internal copy of rstream data while
reading. The QUIC rstream code has recently been extended to enable a
get/release model which avoids the need for this internal copy, so we use
that instead.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20404)
2023-04-12 11:02:01 +10:00
Matt Caswell
50769b15ea Make sure we can query the SSL object for version info when using QUIC
We have the existing functions SSL_version(), SSL_get_version() and
SSL_is_dtls(). We extend the first two to return something sensible when
using QUIC. We additionally provide the new functions SSL_is_tls() and
SSL_is_quic() to provide a mechanism to figure out what protocol we are
using.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20650)
2023-04-04 09:06:18 +10:00
Matt Caswell
5c476976ab Handle app data records from the next epoch
It is possible that DTLS records are received out of order such that
records from the next epoch arrive before we have finished processing the
current epoch. We are supposed to buffer such records but for some reason
we only did that for handshake and alert records. This is incorrect since
it is perfectly possible for app data records to arrive early too.

Fixes #20597

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20628)
2023-03-31 09:14:24 +01:00
Hugo Landau
652fbb62a3 Revise build.info
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:17 +01:00
Hugo Landau
5129e59494 QUIC: Ensure locking when injecting datagrams
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:17 +01:00
Hugo Landau
9cf091a3c5 QUIC Thread Assisted mode: miscellaneous fixes
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:16 +01:00
Hugo Landau
20f457436d QUIC Thread Assisted Mode: Refactor locking to be infallible
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:16 +01:00
Hugo Landau
c4208a6a98 QUIC Thread Assisted Mode: Fix typos and use of CRYPTO_RWLOCK type
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:10 +01:00
Hugo Landau
1dd04a0fe2 QUIC Thread Assisted Mode: Support Windows XP
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
dbe7b51a8e Minor fixes to thread assisted mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
3b1ab5a3a0 Enhance quic_tserver test to fully test thread assisted mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
4648eac533 QUIC CHANNEL: Fix idle timeout handling
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
b212d554e7 QUIC CHANNEL: Allow time source to be overridden
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:09 +01:00
Hugo Landau
134b79c056 QUIC TXP: Allow caller to determine if an ACK-eliciting packet was sent
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
ffce2946c7 Switch to using ossl_crypto_mutex from CRYPTO_RWLOCK
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
ccd3103771 Add channel-only tick mode and use it for thread assisted mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
f2f7c4f15a Front End for QUIC Thread Assisted Mode
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
9f7acf071c QUIC Thread Assist Core
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
4a530180e5 Fix handshake locking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
e053505f0c Add mutex to tserver
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:08 +01:00
Hugo Landau
a8489257e6 Add locking to QUIC front-end
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
4847599b54 Move channel mutex out of QUIC_CHANNEL for init/teardown flexibility
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
d7b1faddab Annotate functions needing locking
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
fb2245c44b QUIC Channel: Add a mutex
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Hugo Landau
c019e1efe9 QUIC Reactor: Allow a mutex to be released during waits
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
2023-03-30 11:14:07 +01:00
Todd Short
3c95ef22df RFC7250 (RPK) support
Add support for the RFC7250 certificate-type extensions.
Alows the use of only private keys for connection (i.e. certs not needed).

Add APIs
Add unit tests
Add documentation
Add s_client/s_server support

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18185)
2023-03-28 13:49:54 -04:00
Michael Baentsch
a2a543e0e3 Update the EVP_PKEY_get_id documentation
The documentation didn't mention the development where EVP_PKEY_get_id()
returns a negative value for provider-only implementations, and the
migration guide didn't mention how to cope with that.

Fixes #20497

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20501)
2023-03-25 09:44:54 +01:00
Peter Kaestle
62ea5ffa7c tls1_set_groups_list: freeing *pext before overwriting
calling SSL_CTX_set1_groups_list() twice on one SSL_CTX* caused a memory
leak visible in valgrind:
  4 bytes in 1 blocks are definitely lost in loss record 1 of 1
     at 0x4841888: malloc (vg_replace_malloc.c:381)
     by 0x4B1EE96: CRYPTO_memdup (in libcrypto.so.3)
     by 0x48993A0: tls1_set_groups_list (in libssl.so.3)
     by 0x487AA7E: ssl3_ctx_ctrl (in libssl.so.3)
     by 0x1091EA: main (mem_leak.c:10)

  LEAK SUMMARY:
     definitely lost: 4 bytes in 1 blocks

Freeing *pext to fix it.

CLA: trivial

Signed-off-by: Peter Kaestle <peter.kaestle@nokia.com>

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20317)

(cherry picked from commit fcf3a9f7c6)
2023-03-24 13:40:12 +01:00
Hugo Landau
29fb7f0879 QUIC DEMUX: Ensure time field is always initialised
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20451)
2023-03-22 10:14:25 +11:00
Hugo Landau
553a4e00aa QUIC: Add support for datagram injection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20451)
2023-03-22 10:14:25 +11:00
VeronikaNguyen
c6d14bfd5f Added CERTIFICATE_VERIFY_MAX_LENGTH constant
- Set `CERTIFICATE_VERIFY_MAX_LENGTH` to 65539
  (2 bytes for the algorithm identifier + 2 bytes of signature length
   + 65535 bytes of signature)
- Changed `SSL3_RT_MAX_PLAIN_LENGTH` to `CERTIFICATE_VERIFY_MAX_LENGTH`
  in `statem_srvr.c` and `statem_clnt.c`

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20486)
2023-03-21 12:44:08 +01:00
Matt Caswell
d293ebde01 Fix some Windows issues in the quic_reactor
An incorrect macro name was being used for Windows detection which meant
we were going down a codepath not intended for Windows and thus failing.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:55 +11:00
Matt Caswell
0c593328fe Add a simple QUIC test for blocking mode
We create "real" sockets for blocking mode so that we can block on them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:55 +11:00
Matt Caswell
c2212dc19e Make sure the QRX and QTX are associated with a libctx
If a libctx has been associated with the channel, it must be passed down
to the QRX and QTX.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
2023-03-20 09:35:38 +11:00