mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-06 13:26:43 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,668 Commits 34 Branches 385 Tags 420 MiB
cdd916313a
Commit Graph

425 Commits

Author SHA1 Message Date
Pauli
cdd916313a quic: process stateless resets 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21649)
 2023-08-16 12:07:17 +02:00
Matt Caswell
643f542a89 Fix a use-after-free in quic_tls.c 
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00
Matt Caswell
644ef0bb69 Add a test for receiving a post-handshake CertificateRequest 
This should result in a QUIC PROTOCOL_VIOLATION

We also add tests for a post-handshake KeyUpdate, and a NewSessionTicket
with an invalid max_early_data value.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00
Matt Caswell
614c08c239 Add the ability to send NewSessionTicket messages when we want them 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00
Matt Caswell
04c7fb53e0 NewSessionTickets with an early_data extension must have a valid max value 
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00
Matt Caswell
b644a9323f Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION 
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00
Tomas Mraz
9d005bafac ossl_qrl_enc_level_set_provide_secret(): Clear el->md on error 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/21677)
 2023-08-14 15:55:33 +02:00
Hugo Landau
f2609004df Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
89b0948e53 QUIC CHANNEL: Tune RXFC default parameters 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
8761efb2cc QUIC UINT_SET: Fix null dereference (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
f540b6b4f6 QUIC TSERVER: Handle return value correctly (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
4669a3d79b QUIC APL: Add missing unlock call (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
23406e304f QUIC: Check block_until_pred return value in shutdown (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
a2d4915ab2 QUIC QTX: Handle negative IV values correctly (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
4d6ca88599 QUIC QTLS: Fix NULL dereference (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:51 +01:00
Hugo Landau
b538ae4fbf QUIC QRX: Handle negative IV length values correctly (coverity) 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
565d2987cd QUIC FIFD: Coverity 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
dc5e5c51e2 QUIC UINT_SET: Fix regression after list refactor 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
1623bf374d QUIC TEST: STREAM, MAX_DATA and MAX_STREAM_DATA testing 
Fixes https://github.com/openssl/project/issues/76

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
6a2b70e21b QUIC TXP: Fix bug where TXPIM PKT could be used after free 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:50 +01:00
Hugo Landau
40c8c756c8 QUIC APL/CHANNEL: Wire up connection closure reason 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:45 +01:00
Hugo Landau
ed75eb32f3 QUIC TEST: Test NEW_CONN_ID frames 
Fixes https://github.com/openssl/project/issues/86

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:45 +01:00
Hugo Landau
17340e8785 QUIC TEST: Ensure PING causes ACK generation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21565)
 2023-08-10 18:19:44 +01:00
Tomas Mraz
44cb36d04a Resolve some of the TODO(QUIC) items 
For some of the items we add FUTURE/SERVER/TESTING/MULTIPATH
designation to indicate these do not need to be resolved
in QUIC MVP release.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21539)
 2023-08-08 15:58:59 +02:00
Hugo Landau
7a2bb2101b QUIC TLS: Rethink error handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
828c9c6690 QUIC: Fix nit 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
398922463f QUIC: Move string conversion functions into a source file 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
741170bef3 QUIC CHANNEL: Improve error reporting 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
67e72ed575 QUIC WIRE: RFC 9000 s. 19.6 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
098914d0b7 QUIC CHANNEL: Apply flow control to CRYPTO streams 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
1051b4a0b9 QUIC FC: Rename stream count mode to reflect actual function 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
7c793cd343 QUIC CHANNEL: Fix typo 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
2a6f1f2f6e QUIC QRX: Don't process 1-RTT packets until handshake is complete 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
0c1cc36bbb QUIC QRX: Enforce PN monotonicity with key updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
3eb0f9a702 QUIC CHANNEL, TXP: Discard INITIAL EL correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
80bcc4f1ae QUIC TLS: Report TLS errors properly as QUIC protocol errors 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
3ad5711e48 QUIC CHANNEL: Send correct alert code if no TPARAMs received 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
c5cb85b665 QUIC TXP: Allow PATH_RESPONSE to force padding 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
371c29582a QUIC CFQ: Unreliable transmission for PATH_RESPONSE 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Hugo Landau
7eb330ff7a QUIC: Echo PATH_CHALLENGE frames as PATH_RESPONSE frames 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21547)
 2023-08-08 14:33:42 +01:00
Pauli
bed2087487 quic compliance: 10.2.3 dropping instead of closing 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
6861f5a703 Fix type/legacy name 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
d15d5ea6a6 quic conformance: add comment about section 10.2.3 conformance 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
d11b901b0b trivial code nit 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
50e76846bf quic conformance: 10.2.1 rate limiting 
Implement the two requirements about limiting closing transmission size to
no more than thrice the received size.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:45 +10:00
Pauli
afe4a7978d quic conformance: section 10.2.2 requirements 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
6b3b5f9d28 quic conformance: section 10.2.1 requirements 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
24ae2d79d5 quic: use the safe fused multiply divide instead of a safe multiply then a normal division 
This should extend the range of possible results.

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
a441d08b1b Add note about RFC 9000 10.2 persist time 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00
Pauli
b056e9fcf5 document RRFC9000 10.1 MUST requirement 
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21429)
 2023-08-04 11:55:34 +10:00