mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-12-21 06:09:35 +08:00
Code Issues Packages Projects Releases Wiki Activity
33,478 Commits 34 Branches 385 Tags 517 MiB
fd6c1476a0
Commit Graph

32 Commits

Author SHA1 Message Date
Hugo Landau
f36504cc39 Minor fixups 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
9ff3a99ea6 QUIC: Fix multistream test on macOS 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
5ed3a435d5 QUIC QSM: Get rid of recv_fin_retired in favour of recv_state 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:18:05 +10:00
Hugo Landau
2f018d14f0 QUIC QSM/STREAM: Refactor to use RFC stream states 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21135)
 2023-07-17 08:17:57 +10:00
Matt Caswell
37f27b91de Add a test quicserver utility 
This QUIC server utility is intended for test purposes only and is expected
to be replaced in a future version of OpenSSL by s_server. At that point
it will be removed.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21204)
 2023-06-28 09:53:22 +10:00
Hugo Landau
629b408c12 QUIC: Fix bugs where threading is disabled 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
 2023-05-24 10:34:54 +01:00
Hugo Landau
1df479a9f9 QUIC TSERVER: Allow detection of new incoming streams 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20856)
 2023-05-24 10:34:47 +01:00
Tomas Mraz
80b9eca279 Add test for handling NEW_CONNECTION_ID frame 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20892)
 2023-05-17 14:04:18 +01:00
Hugo Landau
f0e22d1be8 QUIC TSERVER: Allow STOP_SENDING/RESET_STREAM to be queried 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
 2023-05-12 14:47:13 +01:00
Hugo Landau
2289401685 QUIC TSERVER: Handle FINs correctly if ossl_quic_tserver_read is not called first 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
 2023-05-12 14:47:13 +01:00
Hugo Landau
723cbe8a73 QUIC CHANNEL: Do not copy terminate cause as it is not modified after termination 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
 2023-05-12 14:47:12 +01:00
Hugo Landau
b757beb5f3 QUIC TSERVER: Add support for multiple streams 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
 2023-05-12 14:47:11 +01:00
Juergen Christ
ca9ef8ebf5 Fix stack use-after-free in QUIC 
When running test_quicapi on master on a Fedora 38 with santizier, a stack
use-after-free is reported:

```
75-test_quicapi.t ..
=================================================================
==28379==ERROR: AddressSanitizer: stack-use-after-return on address 0x03ffa22a2961 at pc 0x03ffa507384a bp 0x03fffb576d68 sp 0x03fffb576550
READ of size 8 at 0x03ffa22a2961 thread T0
    #0 0x3ffa5073849 in memcpy (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c)
    #1 0x118b883 in tls_handle_alpn ssl/statem/statem_srvr.c:2221
    #2 0x111569d in tls_parse_all_extensions ssl/statem/extensions.c:813
    #3 0x118e2bf in tls_early_post_process_client_hello ssl/statem/statem_srvr.c:1957
    #4 0x118e2bf in tls_post_process_client_hello ssl/statem/statem_srvr.c:2290
    #5 0x113d797 in read_state_machine ssl/statem/statem.c:712
    #6 0x113d797 in state_machine ssl/statem/statem.c:478
    #7 0x10729f3 in SSL_do_handshake ssl/ssl_lib.c:4669
    #8 0x11cec2d in ossl_quic_tls_tick ssl/quic/quic_tls.c:717
    #9 0x11afb03 in ch_tick ssl/quic/quic_channel.c:1296
    #10 0x10cd1a9 in ossl_quic_reactor_tick ssl/quic/quic_reactor.c:79
    #11 0x10d948b in ossl_quic_tserver_tick ssl/quic/quic_tserver.c:160
    #12 0x1021ead in qtest_create_quic_connection test/helpers/quictestlib.c:273
    #13 0x102b81d in test_quic_write_read test/quicapitest.c:54
    #14 0x12035a9 in run_tests test/testutil/driver.c:370
    #15 0x1013203 in main test/testutil/main.c:30
    #16 0x3ffa463262b in __libc_start_call_main (/usr/lib64/libc.so.6+0x3262b) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
    #17 0x3ffa463272d in __libc_start_main_impl (/usr/lib64/libc.so.6+0x3272d) (BuildId: 6bd4a775904d85009582d6887da4767128897d0e)
    #18 0x101efb9  (/root/openssl/test/quicapitest+0x101efb9) (BuildId: 075e387adf6d0032320aaa18061f13e9565ab481)
Address 0x03ffa22a2961 is located in stack of thread T0 at offset 33 in frame
    #0 0x10d868f in alpn_select_cb ssl/quic/quic_tserver.c:49
  This frame has 1 object(s):
    [32, 41) 'alpn' (line 50) <== Memory access at offset 33 is inside this variable
HINT: this may be a false positive if your program uses some custom stack unwind mechanism, swapcontext or vfork
      (longjmp and C++ exceptions *are* supported)
SUMMARY: AddressSanitizer: stack-use-after-return (/usr/lib64/libasan.so.8+0x73849) (BuildId: ce24d4ce2e06892c2e9105155979b957089a182c) in memcpy
Shadow bytes around the buggy address:
  0x03ffa22a2680: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2700: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2780: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2800: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2880: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
=>0x03ffa22a2900: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5[f5]f5 f5 f5
  0x03ffa22a2980: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2a00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2a80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2b00: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
  0x03ffa22a2b80: f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5 f5
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
  Global redzone:          f9
  Global init order:       f6
  Poisoned by user:        f7
  Container overflow:      fc
  Array cookie:            ac
  Intra object redzone:    bb
  ASan internal:           fe
  Left alloca redzone:     ca
  Right alloca redzone:    cb
==28379==ABORTING
../../util/wrap.pl ../../test/quicapitest default ../../test/default.cnf ../../test/certs => 1
not ok 1 - running quicapitest
```

Fix this be making the protocols to select static constants and thereby moving
them out of the stack frame of the callback function.

Signed-off-by: Juergen Christ <jchrist@linux.ibm.com>

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20904)
 2023-05-09 14:14:23 +01:00
Hugo Landau
9cf091a3c5 QUIC Thread Assisted mode: miscellaneous fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
 2023-03-30 11:14:16 +01:00
Hugo Landau
c4208a6a98 QUIC Thread Assisted Mode: Fix typos and use of CRYPTO_RWLOCK type 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
 2023-03-30 11:14:10 +01:00
Hugo Landau
dbe7b51a8e Minor fixes to thread assisted mode 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
 2023-03-30 11:14:09 +01:00
Hugo Landau
b212d554e7 QUIC CHANNEL: Allow time source to be overridden 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
 2023-03-30 11:14:09 +01:00
Hugo Landau
ccd3103771 Add channel-only tick mode and use it for thread assisted mode 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
 2023-03-30 11:14:08 +01:00
Hugo Landau
e053505f0c Add mutex to tserver 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)
 2023-03-30 11:14:08 +01:00
Matt Caswell
0c593328fe Add a simple QUIC test for blocking mode 
We create "real" sockets for blocking mode so that we can block on them.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20514)
 2023-03-20 09:35:55 +11:00
Matt Caswell
45bb98bfa2 Add const to some test tserver functions 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:34:06 +00:00
Matt Caswell
c12e111336 Rename various functions OSSL_QUIC_FAULT -> QTEST_FAULT 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:34:06 +00:00
Matt Caswell
ce8f20b6ae Don't treat the Tserver as connected until the handshake is confirmed 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:34:04 +00:00
Matt Caswell
f10e5885f0 Add a test for a server that doesn't provide transport params 
Check that we fail if the server has failed to provide transport params.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:34:04 +00:00
Matt Caswell
d03fe5de8d Add the ability to mutate TLS handshake messages before they are written 
We add callbacks so that TLS handshake messages can be modified by the test
framework before they are passed to the handshake hash, possibly encrypted
and written to the network. This enables us to simulate badly behaving
endpoints.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:34:03 +00:00
Matt Caswell
149a8e6c0a Enable QUIC test server to find out the termination reason 
We enable querying of the termination reason which is useful for tests.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:34:03 +00:00
Matt Caswell
adef87a2c6 Add a skeleton quicfaultstest 
Also includes helper support to create a QUIC connection inside a test.

We wil use quicfaultstest to deliberately inject faulty datagrams/packets
to test how we handle them.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:33:24 +00:00
Matt Caswell
14e3140939 Add the ability to mutate QUIC packets before they are written 
We add callbacks so that QUIC packets can be modified by the test
framework before they are encrypted and written to the network. This
enables us to simulate badly behaving endpoints.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20030)
 2023-02-22 05:33:23 +00:00
Hugo Landau
a9979965bf QUIC Front End I/O API: Add support for signalling and detecting end-of-stream 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)
 2023-01-27 14:19:15 +00:00
Matt Caswell
4e3a55fd14 Add QUIC-TLS server support 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)
 2023-01-24 17:16:29 +00:00
Hugo Landau
091f532e0e QUIC Test Server: Minor fixups 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:49 +00:00
Hugo Landau
51a168b804 QUIC Test Server Implementation 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19734)
 2023-01-19 13:17:40 +00:00