root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity
33,833 Commits 32 Branches 398 Tags 545 MiB
Commit Graph

472 Commits

Author SHA1 Message Date
Hugo Landau 56df4cf24f QUIC APL: Adjust expect_quic_conn_only 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21915)
 2023-09-01 14:44:46 +01:00
Hugo Landau 8c792b0ccd QUIC RXDP: Reuse allocations between ACK frame processing 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
 2023-09-01 14:06:18 +01:00
Hugo Landau a31601cc3f QUIC WIRE: When peeking at number of ACK ranges, ensure enough data is available 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21917)
 2023-09-01 14:06:18 +01:00
Hugo Landau 016a80dcf4 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:54 +01:00
Hugo Landau 7b1ca59995 Fix after rebase 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:54 +01:00
Hugo Landau b139f7a26d QUIC APL: Report that we do not support SSL_clear correctly 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:54 +01:00
Hugo Landau 7d9e447ab8 QUIC API: Revise SSL_get_conn_close_info to use a flags field 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:50 +01:00
Hugo Landau d2e9e12b23 QUIC APL: Allow stream origin to be queried 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21905)
 2023-09-01 14:02:50 +01:00
Hugo Landau 8d7f034622 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:36 +01:00
Hugo Landau abeb41b42f Minor updates 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:36 +01:00
Hugo Landau 3760747ff4 Minor fixes 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:36 +01:00
Hugo Landau 62665fc243 QUIC APL: Introduce addressed v. non-addressed mode handling 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau 617b459ddf QUIC CHANNEL: Introduce concept of (non-)addressed mode 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau 51e671e204 QUIC APL: Refactor blocking configuration to allow late blocking support detection 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau be96180aa6 QUIC CHANNEL: Cleanup poll descriptor management 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau 0b8b75e242 QUIC REACTOR: Move can-poll flags into reactor 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau 0818c17007 QUIC APL: Autoconfigure BIOs as non-blocking 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:34 +01:00
Hugo Landau 2e1760118b QUIC APL: Better error reporting 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:33 +01:00
Hugo Landau 549d0a700b QUIC CHANNEL: Only handle the first protocol error raised 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:33 +01:00
Hugo Landau 881e3299dc QUIC TLS: Better error message when ALPN not used 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21715)
 2023-09-01 10:45:33 +01:00
Hugo Landau a954f761fe QUIC APL: Determine if an error is an I/O error dynamically 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21829)
 2023-08-30 15:49:08 +01:00
Hugo Landau 3bc38ba071 QUIC MULTISTREAM TEST: Test WAIT_PEER 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
 2023-08-30 08:28:22 +01:00
Hugo Landau 25a0c4b907 QUIC APL: Support waiting for peer-initiated shutdown 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
 2023-08-30 08:28:22 +01:00
Hugo Landau 96fe5e5f96 QUIC APL: Implement backpressure on stream creation 
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21815)
 2023-08-30 08:28:22 +01:00
Hugo Landau de85ec03f5 QUIC RXDP: Handle PING correctly 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau 413a427c2a QUIC QRX: Initialise all RXE fields properly for non-encrypted packets 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau c5b882a80b QUIC APL: Handle modes correctly 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau 777a8a7f5d QUIC: Minimally handle version negotiation packets 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21764)
 2023-08-29 15:33:22 +02:00
Hugo Landau 7a5f58b2cf QUIC APL: Fix stream backpressure conditions to use non-I/O errors 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
 2023-08-25 15:11:05 +02:00
Hugo Landau 9d6bd3d30f QUIC APL: Implement backpressure on stream creation 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21811)
 2023-08-25 15:10:43 +02:00
Tomas Mraz eb1eaa9af4 Always use uint8_t for TLS record type 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:04:00 +01:00
Tomas Mraz d848520afe ch_init(): Add braces to appease older clang compilers 
They produce a warning `suggest braces around initialization of subobject`
otherwise.

Add -Wno-missing-braces to silence old clang compilers

And drop unnecessary braces in zeroing initializers.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:03:54 +01:00
Tomas Mraz 5ad3cc1928 quic_tls.c: Fix wrong format string when raising error 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:03:46 +01:00
Tomas Mraz 1cc8c53b0f Avoid issues with endianness when type is used in SSL_trace() 
The TLS record type is a single byte value so we can
use uint8_t for it. This allows passing its address
directly to SSL_trace() instead of converting it to
a single byte type first.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21823)
 2023-08-25 12:03:46 +01:00
Matt Caswell 0b31072e08 Don't keep creating CONNECTION_CLOSE frames 
If we want to send a CONNECTION_CLOSE frame then one is enough unless we
are scheduled to send another one. Now that we can create more than one
datagram in one go this is now required.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
 2023-08-25 08:42:39 +02:00
Matt Caswell aa433014bb Keep sending datagrams while we have data to send 
If we've got more data to send than will fit in a single datagram we should
keep generating those datagrams until we've sent it all.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21798)
 2023-08-25 08:42:39 +02:00
Matt Caswell cb93128873 Add the ability to set SSL_trace as the msg_callback in tserver 
This is useful for debugging purposes. The standard SSL_trace msgcallback
can be used with tserver.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21800)
 2023-08-24 10:33:58 +01:00
Tomas Mraz 8ee3ee10e3 quic_impl.c: Add QUIC_RAISE_NON_IO_ERROR() and use it 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz 64fd69911e ossl_quic_tx_packetiser_generate(): Always report if packets were sent 
Even in case of later failure we need to flush
the previous packets.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz 96014840b6 QUIC: Miscellaneous error handling updates 
Raise errors when appropriate.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz cb19528b93 QUIC: Add ERR_raise() calls for EVP call failures 
This improves tracking where the failure was triggered.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:48 +02:00
Tomas Mraz 68b9a32aa3 Remove TODO(QUIC) about raising errors from ossl_quic_tls_tick() 
This was already resolved by https://github.com/openssl/openssl/pull/21547

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21700)
 2023-08-23 17:18:39 +02:00
Tomas Mraz 8fd32a0eda QUIC: Update ping deadline when we receive a packet 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
 2023-08-22 12:31:46 +02:00
Tomas Mraz 604a607222 quic_trace.c: Fix typo in traces 
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
 2023-08-22 12:31:46 +02:00
Tomas Mraz b6125b54ed QUIC: Do not discard the INITIAL el too early 
RFC says that successful decryption of HANDSHAKE el packet
triggers the discard on server side only.

On client we discard INITIAL el when we successfully send
a HANDSHAKE packet.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21713)
 2023-08-22 12:31:46 +02:00
Matt Caswell 72622c0b96 Handle the case where the read buffer is empty but we have received FIN 
In some cases where a FIN has been received but with no data quic_read_actual
was failing to raise SSL_ERROR_ZERO_RETURN. This meant that we could end up
blocking in SSL_read(_ex) for too long.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21780)
 2023-08-20 13:28:33 +02:00
Tomas Mraz 79cdbe893d quic_new_record_layer(): Change TODO(QUIC) to QUIC FUTURE 
Fixes openssl/project#134

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21756)
 2023-08-18 10:17:08 +02:00
Pauli cdd916313a quic: process stateless resets 
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21649)
 2023-08-16 12:07:17 +02:00
Matt Caswell 643f542a89 Fix a use-after-free in quic_tls.c 
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00
Matt Caswell 644ef0bb69 Add a test for receiving a post-handshake CertificateRequest 
This should result in a QUIC PROTOCOL_VIOLATION

We also add tests for a post-handshake KeyUpdate, and a NewSessionTicket
with an invalid max_early_data value.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
 2023-08-15 14:41:31 +01:00