mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2025-01-30 14:01:55 +08:00
Code Issues Packages Projects Releases Wiki Activity
52bcf4f88b
openssl/ssl
History
Neil Horman 89e2c6f61e Fix encryption level ordering 
It was noticed recently that the enum for QUIC encryption levels doesn't
match the ordering that is outlined in the RFC.  RFC 9000 s. 12.2 and
RFC 9002 s 14.4.1 indicate that encryption level ordering is
INITIAL/0RTT/HANDSHAKE/1RTT, but our enum is in the order
INITAL/HANDSHAKE/0RTT/1RTT.

Our enum isn't a direct wire translation, so as long as the wire->enum
mapping done in ossl_quic_pkt_type_to_enc_level is done consistently it
ideally wouldn't matter, but because we do coalescing in
ossl_quic_tx_packetiser_generate by iterating through all the values in
the enum, its possible we may coalesce in the wrong order when we do
start implementing 0RTT support.

Fix it by adjusting the enum properly to match the RFC order.  This also
necessitates and adjustment to the archetypes array, which is a two
dimensional array indexed by encryption level and frame archetype
(PROBE/NORMAL/ACK ONLY).  Moving the 0RTT enc level to index 1 requires
moving the (formerly) index 2 0RTT array row to be at index 1.

Fixes #26324

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26334)
2025-01-08 11:17:01 -05:00
..
quic Fix encryption level ordering 2025-01-08 11:17:01 -05:00
record Change "a SSL" to "an SSL" 2024-11-13 17:24:40 +01:00
rio QUIC POLLING: Support no-quic builds 2024-02-10 11:37:14 +00:00
statem Reject invalid FFDHE and ECDHE key shares with SSL_AD_ILLEGAL_PARAMETER alert 2025-01-02 14:12:54 +01:00
bio_ssl.c bio_ssl.c: Do not call SSL_shutdown if not inited 2024-06-25 16:06:17 +02:00
build.info Remove the event queue code 2024-08-07 19:48:26 +02:00
d1_lib.c Make sure we use the correct SSL object when making a callback 2024-11-07 12:05:34 +01:00
d1_msg.c
d1_srtp.c Copyright year updates 2024-04-09 13:43:26 +02:00
methods.c
pqueue.c
priority_queue.c Copyright year updates 2024-09-05 09:35:49 +02:00
s3_enc.c EVP_MD_size() updates 2024-08-29 10:29:53 +02:00
s3_lib.c ssl: rework "e_os.h" inclusions 2024-09-05 17:02:51 +02:00
s3_msg.c
ssl_asn1.c
ssl_cert_comp.c Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ssl_cert_table.h
ssl_cert.c Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ssl_ciph.c EVP_MD_size() updates 2024-08-29 10:29:53 +02:00
ssl_conf.c Fix memleaks in cmd_RecordPadding() 2024-11-13 12:00:26 +01:00
ssl_err_legacy.c
ssl_err.c Check that a supported_versions extension is present in an HRR 2024-08-07 19:34:23 +02:00
ssl_init.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_lib.c Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ssl_local.h Change "a SSL" to "an SSL" 2024-11-13 17:24:40 +01:00
ssl_mcnf.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_rsa_legacy.c Check file name for not being NULL before opening it 2024-09-26 20:35:26 +02:00
ssl_rsa.c Check file name for not being NULL before opening it 2024-09-26 20:35:26 +02:00
ssl_sess.c Fix potential use-after-free in REF_PRINT_COUNT 2024-12-10 14:58:08 +01:00
ssl_stat.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_txt.c Copyright year updates 2024-09-05 09:35:49 +02:00
ssl_utst.c
sslerr.h
t1_enc.c Copyright year updates 2024-04-09 13:43:26 +02:00
t1_lib.c Make sure we use the correct SSL object when making a callback 2024-11-07 12:05:34 +01:00
t1_trce.c IANA has assigned numbers for new TLS Supported Groups in ML-KEM 2024-09-13 14:09:34 +02:00
tls13_enc.c Copyright year updates 2024-09-05 09:35:49 +02:00
tls_depr.c
tls_srp.c Make sure we use the correct SSL object when making a callback 2024-11-07 12:05:34 +01:00