Commit Graph

5209 Commits

Author SHA1 Message Date
Matt Caswell
e07b5e1a0a Ensure the default length calculation includes the content type byte
TLSv1.3 includes an extra byte after the payload for the content type.
We should incorporate that in the calculation of the default buffer length.

Fixes #23015

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23021)
2023-12-19 10:47:29 +00:00
Frederik Wedel-Heinen
78ef740999 Remove redundant logic for DTLS server version selection
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22989)
2023-12-18 09:56:34 +00:00
Frederik Wedel-Heinen
f4ad7c2f73 Handle tls and dtls server version selection similarly
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22989)
2023-12-18 09:56:34 +00:00
Hugo Landau
708b4fb708 QUIC LCIDM: Fix usage of LHASH
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22981)
2023-12-13 15:26:59 +00:00
Matt Caswell
e46a6b1a5d Remove some redundant code
We remove a function that was left behind and is no longer called after the
record layer refactor

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
2023-12-12 16:06:54 +00:00
Matt Caswell
afcc12c41a Don't attempt to set provider params on an ENGINE based cipher
If an ENGINE has been loaded after the SSL_CTX has been created then
the cipher we have cached might be provider based, but the cipher we
actually end up using might not be. Don't try to set provider params on
a cipher that is actually ENGINE based.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Todd Short <todd.short@me.com>
(Merged from https://github.com/openssl/openssl/pull/22864)
2023-12-12 16:06:54 +00:00
Hugo Landau
4c62c56648 QUIC LCIDM: Minor updates in response to feedback
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
2773749772 QUIC LCIDM: Make robust against LHASH failures
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
e6cf72c525 QUIC LCIDM: Always use lcid_obj to refer to QUIC_LCID
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
935aa14344 QUIC LCIDM: Minor fixes
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
1f2958536e QUIC LCIDM: Add debug calls
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
a35956b2f7 QUIC LCIDM: Enforce and document ODCID peculiarities
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
3d7f83ebdc QUIC LCIDM: Add fuzzer
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Hugo Landau
8489a0a1f2 QUIC LCIDM: Add LCIDM
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22673)
2023-12-06 10:40:11 +00:00
Markus Minichmayr
f290663148 Fix implementation of PreferNoDHEKEX option.
`tls_parse_ctos_key_share()` didn't properly handle the option.
Avoid the need to deal with the option in multiple places by properly
handling it in `tls_parse_ctos_psk_kex_modes()`.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22844)
2023-11-30 18:40:44 +01:00
Viktor Dukhovni
f636e7e6bd Fix freshly introduced double-free.
We don't need the decoded X.509 Full(0) certificate for the EE usages 1 and 3,
because the leaf certificate is always part of the presented chain, so the
certificate is only validated as well-formed, and then discarded, but the
TLSA record is of course still used after the validation step.

Added DANE test cases for: 3 0 0, 3 1 0, 1 0 0, and 1 1 0

Reported by Claus Assmann.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22821)
2023-11-29 10:31:42 +01:00
Bernd Edlinger
a435d78604 Fix a possible memory leak in ct_move_scts
Instead of trying to move the doomed sct back
to the src stack, which may fail as well, simply
free the sct object, as the src list will be
deleted anyway.

Reviewed-by: Paul Yang <kaishen.yy@antfin.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22762)
2023-11-28 19:42:32 +01:00
Hugo Landau
eadebcc863 QUIC TSERVER: Fix erroneously static variable
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:57:32 +00:00
Hugo Landau
c30aee71f9 Make scsv read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:55:55 +00:00
Hugo Landau
3392a5690b Make nid_to_group read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:52:54 +00:00
Hugo Landau
a87b6d1377 Make bitmask table read only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:52:24 +00:00
Hugo Landau
5fb4433606 Make ssl_cert_info read-only
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/22828)
2023-11-27 07:51:33 +00:00
Hugo Landau
e64ad80c72 QUIC SRT GEN: Minor updates
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
2023-11-25 09:14:05 +00:00
Hugo Landau
2db3fdb457 QUIC SRT GEN: Add SRT generator
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22599)
2023-11-25 09:14:05 +00:00
Markus Minichmayr
b8590b2f36 Add option SSL_OP_PREFER_NO_DHE_KEX, allowing the server to prefer non-dhe psk key exchange over psk with dhe (config file option PreferNoDHEKEX, server option prefer_no_dhe_kex).
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22794)
2023-11-24 15:08:04 +00:00
Dmitry Belyavskiy
e9241d16b4 IANA has assigned numbers for 2 hybrid PQ KEX widely used in tests
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22803)
2023-11-24 11:40:36 +01:00
Hugo Landau
4e3d481980 QUIC SRTM: Switch to using AES-128-ECB
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00
Hugo Landau
8fff2e39bc QUIC SRTM: Harden SRTM in event of allocation failure
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00
Hugo Landau
abc06d53a9 QUIC SRTM: Add SRTM
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22612)
2023-11-23 14:46:01 +00:00
Bernd Edlinger
bc0773bbbd Fix a possible use-after-free in custom_exts_free
This may happen when ssl_cert_dup calls custom_exts_copy, where
a possible memory allocation error causes custom_exts_free
to be called twice: once in the error handling of custom_exts_copy
and a second time in the error handling of ssl_cert_dup.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22772)
2023-11-22 09:34:55 +01:00
Bernd Edlinger
e4a94bcc77 Fix a possible memory leak in dane_tlsa_add
Several error cases leak either the X509 object
or the pkey or the danetls_record object.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matthias St. Pierre <Matthias.St.Pierre@ncp-e.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22743)
2023-11-22 09:18:21 +01:00
Matt Caswell
a091bc6022 Move freeing of an old record layer to dtls1_clear_sent_buffer
When we are clearing the sent messages queue we should ensure we free any
old write record layers that are no longer in use. Previously this logic
was in dtls1_hm_fragment_free() - but this can end up freeing the current
record layer under certain error conditions.

Fixes #22664

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22679)
2023-11-21 13:09:28 +01:00
Neil Horman
e59ed0bfee zero data in hm_fragment on alloc
if we allocate a new hm_frament in dtls1_buffer_message with
dtls1_hm_fragment_new, the returned fragment contains uninitalized data in the
msg_header field.  If an error then occurs, and we free the fragment,
dtls_hm_fragment_free interrogates the msg_header field (which is garbage), and
potentially references undefined values, or worse, accidentally references
available memory that is not owned, leading to various corruptions.

Reviewed-by: Dmitry Belyavskiy <beldmit@gmail.com>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Richard Levitte <levitte@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22679)
2023-11-21 13:09:28 +01:00
Matt Caswell
46376fcf4b Correct tag len check when determining how much space we have in the pkt
If the available space is equal to the tag length then we have no available
space for plaintext data.

Fixes #22699

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22715)
2023-11-15 11:06:52 +01:00
Matt Caswell
e57bf6b3bf Keep track of connection credit as we add stream data
If a single packet contains data from multiple streams we need to keep track
of the cummulative connection level credit consumed across all of the
streams. Once the connection level credit has been consumed we must stop
adding stream data.

Fixes #22706

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22718)
2023-11-15 09:08:16 +01:00
Alexey Fofanov
9890cc42da set_client_ciphersuite(): Fix for potential UB if session->cipher is NULL
This currently cannot happen without an application overriding
the session with some bogus data so this is an ossl_assert()
check.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22418)
2023-11-13 12:52:43 +01:00
Bernd Edlinger
a2b1ab6100 Fix a possible memory leak of ssl->s3.tmp.psk
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22637)
2023-11-09 17:33:55 +01:00
Matt Caswell
7fe3010471 After a stream has implicit length don't add more stream related frames
Once we have decided that a stream has an implicit length then we should
treat the packet as full and not try to add any more stream related frames
to the packet.

Fixes #22658

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22662)
2023-11-09 12:33:09 +00:00
Hugo Landau
e1c15a8abe QUIC TXP: Handle padding correctly for ACK_ONLY archetype
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22615)
2023-11-08 15:09:39 +00:00
Hugo Landau
3bef14c536 QUIC TXP: Fix use of implicit-length STREAM frames in presence of PATH_REPSONSE frames
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22615)
2023-11-08 15:09:36 +00:00
Pauli
a031087780 Fix bug in priority queue remove function
The short circuit in the remove function when the element is the last in the
heap, failed to add the removed slot back to the freelist.

Fixes #22644

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22646)
2023-11-08 11:09:12 +00:00
Bernd Edlinger
668a144f0a Fix a possible memory leak in custom_ext_add
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22638)
2023-11-08 08:20:06 +00:00
Matt Caswell
e718b248f9 Correctly track the original length when generating a stream frame
txp_generate_stream_frames() plans chunks of data to send via the
function txp_plan_stream_chunk(). That function may clamp the amount in
the chunk due to flow control, even though there is more available to send.

We should take this into account when deciding whether or not to try
serializing the next chunk.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22601)
2023-11-06 07:51:22 +00:00
Tomas Mraz
0e2e4b3e69 ossl_quic_new(): Avoid dereferencing NULL qc during cleanup
Fixes Coverity 1548383

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22606)
2023-11-06 07:50:08 +00:00
Tomas Mraz
0c2aabbaea ossl_qrl_enc_level_set_provide_secret(): Avoid leaking keyslot in error condition
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22600)
2023-11-06 07:47:17 +00:00
Hugo Landau
f62fec6404 TLS: Fix use of an uninitialized value
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
2023-11-02 14:22:12 +01:00
Hugo Landau
05937a70a1 QUIC WIRE: Refuse integer transport params with trailing body bytes
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
2023-11-02 14:22:04 +01:00
Hugo Landau
f94cacb70b QUIC CHANNEL: Set reason string for missing tparams extension
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22523)
2023-11-02 14:22:04 +01:00
Tomas Mraz
55936eee86 ossl_quic_new(): Fix a leak found by error injection
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22572)
2023-11-02 14:19:23 +01:00
Hugo Landau
115ee28263 QUIC SSTREAM: Fix bug in ossl_quic_sstream_is_totally_acked
ossl_quic_sstream_is_totally_acked would return 0
if no data had been appended to the stream yet.
Fixed and added tests.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22580)
2023-11-02 08:49:01 +00:00