862 Commits

Author	SHA1	Message	Date
Neil Horman	ddd57b5b1e	Close small race condition on error raising in QUIC ... Github issue #28501 reported an odd condition in which a double free was occuring when a given thread was popping entries of its error stack. It was hypothesized that, because a few places in the quic stack save error state to a shared structure (ch->err_state, port->error_state, qtls->error_state), that multiple threads may attempt to mutate the shared structure during error save/restore in parallel. Investigation showed that all paths which led to such mutations were done under lock, so that shouldn't occur. Except for one case, which this PR addresses. In ossl_quic_conn_stream_conclude, we unlock our protecting mutex, prior to calling QUIC_RAISE_NON_NORMAL_ERROR. If that function is called with an reason code of SHUTDOWN, it attempts to restore the channel error state. Given that the lock was released first, this creates a small race condition in which two threads may manipulate the shared error state in the channel struct in parallel. According to the reporter, applying this patch prevents the reported error from occuring again. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28642) (cherry picked from commit 1e70e8080a)	2025-09-24 12:19:26 +02:00
Niels Dossche	f86e7107ab	Fix reallocation failure condition in qtx_resize_txe() ... Returning the same pointer does not mean that the reallocation failed, it would also prevent updating alloc_len down below. This is similar code and a similar change to 043a41ddee. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28317) (cherry picked from commit 220f5be690)	2025-08-22 09:25:43 -04:00
Neil Horman	7ba09090bc	Add CRYPTO_FREE_REF to ossl_quic_free_token_store ... ossl_quic_free_token_store doesn't call CRYPTO_FREE_REF on the hdl->reference object, which could lead to memory leaks on platforms that don't support atomics (where the call to CRYPTO_NEW_REF allocates a mutex as part of its function. It wasn't caught before because all the platforms we do ci on support threads. Fixes #28241 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28247) (cherry picked from commit d2a71ed94e)	2025-08-14 11:29:00 -04:00
Neil Horman	0fa07898e1	Ensure that the largest_pn values are migrated to our channel qrx ... Recently, our overnight QUIC interop runs began failing in CI when an openssl server was tested against an ngtcp2 client: https://github.com/openssl/openssl/actions/runs/16739736813 The underlying cause bears some explination for historical purposes The problem began happening with a recent update to ngtcp2 in which ngtcp2 updated its wolfssl tls backend to support ML-KEM, which caused ngtcp to emit a client hello message that offered several groups (including X25519MLKEM768) but only provided a keyshare for x25519. This in turn triggered the openssl server to respond with a hello retry request (HRR), requesting an ML-KEM keyshare instead, which ngtcp2 obliged. However all subsequent frames from the client were discarded by the server, due to failing packet body decryption. The problem was tracked down to a mismatch in the initial vectors used by the client and server, leading to an AEAD tag mismatch. Packet protection keys generate their IV's in QUIC by xoring the packet number of the received frame with the base IV as derived via HKDF in the tls layer. The underlying problem was that openssl hit a very odd corner case with how we compute the packet number of the received frame. To save space, QUIC encodes packet numbers using a variable length integer, and only sends the changed bits in the packet number. This requires that the receiver (openssl) store the largest received pn of the connection, which we nominally do. However, in default_port_packet_handler (where QUIC frames are processed prior to having an established channel allocated) we use a temporary qrx to validate the packet protection of those frames. This temporary qrx may be incorporated into the channel in some cases, but is not in the case of a valid frame that generates an HRR at the TLS layer. In this case, the channel allocates its own qrx independently. When this occurs, the largest_pn value of the temporary qrx is lost, and subsequent frames are unable to be received, as the newly allocated qrx belives that the larges_pn for a given pn_space is 0, rather than the value received in the initial frame (which was a complete 32 bit value, rather than just the changed lower 8 bits). As a result the IV construction produced the wrong value, and the decrypt failed on those subsequent frames. Up to this point, that wasn't even a problem, as most quic implementations start their packet numbering at 0, so the next packet could still have its packet number computed properly. The combination of ngtcp using large random values for initial packet numbers, along with the HRR triggering a separate qrx creation on a channel led to the discovery of this discrepancy. The fix seems pretty straightforward. When we detect in port_default_packet_handler, that we have a separate qrx in the new channel, we migrate processed packets from the temporary qrx to the canonical channel qrx. In addition to doing that, we also need to migrate the largest_pn array from the temporary qrx to the channel_qrx so that subsequent frame reception is guaranteed to compute the received frame packet number properly, and as such, compute the proper IV for packet protection decryption. Fixes openssl/project#1296 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28189)	2025-08-07 10:39:28 +02:00
Norbert Pocs	5cedd0e22d	quic_channel: Handle HRR and the second transport params extension ... When HRR happens a second client hello is sent and it consist of a transport params extension. This must be processed and not cause failure. Fixes: https://github.com/openssl/project/issues/1296 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28189)	2025-08-07 10:38:24 +02:00
Nikolas Gauder	17a20fdcfa	ssl/quic/quic_channel.c: Fix endianness of supported versions from received version negotiation packets ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28169) (cherry picked from commit 95efe41d2e)	2025-08-06 08:31:21 -04:00
Nikolas Gauder	d4ab163090	ssl/quic/quic_port.c: Fix endianness of supported versions in sent version negotiation packets ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28169) (cherry picked from commit 2b24455a9f)	2025-08-06 08:31:18 -04:00
openssl-machine	8f9d7c283e	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-08-05 12:07:41 +00:00
Alexandr Nedvedicky	3300d10c67	- adding a missing file ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023) (cherry picked from commit d777deffba)	2025-07-27 05:01:19 -04:00
sashan	a1e009ea07	- fix RFC reference and indentation ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023) (cherry picked from commit a43b926fd2)	2025-07-27 05:01:13 -04:00
Sashan	23c94e510a	Update ssl/quic/quic_ackm.c ... Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023) (cherry picked from commit b083613476)	2025-07-27 05:01:12 -04:00
Sashan	15131b907e	Update ssl/quic/quic_ackm.c ... Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023) (cherry picked from commit 4a3c954a0c)	2025-07-27 05:01:10 -04:00
sashan	e068624ee1	ACK manager must avoid infinite probe time when waiting handshake confirmation ... According to RFC 9002, section 6.2.2.1 the client the client must keep PTO (probe time out) armed if it has not seen HANDSHAKE_DONE quic message from server. Not following RFC spec here may cause the QUIC session to stale during TLS handshake. Fixes openssl/project#1266 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28023) (cherry picked from commit cdbfacead0)	2025-07-27 05:01:07 -04:00
Alexandr Nedvedicky	9c047dc136	QUIC receiver may accidentally ACK packet it fails to process ... we set ok to -1 as we enter ossl_quic_handle_frames(). If we set ok to 0 here we effectively assume successful processing of all frames found in packet. We do this just before we return from function: ``` 1479 1480 /* Now that special cases are out of the way, parse frames */ 1481 if (!PACKET_buf_init(&pkt, qpacket->hdr->data, qpacket->hdr->len) 1482 || !depack_process_frames(ch, &pkt, qpacket, 1483 enc_level, 1484 qpacket->time, 1485 &ackm_data)) 1486 goto end; 1487 1488 ok = 1; 1489 end: 1490 /* 1491 * ASSUMPTION: If this function is called at all, |qpacket| is 1492 * a legitimate packet, even if its contents aren't. 1493 * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as 1494 * |ackm_data| has at least been initialized. 1495 */ 1496 if (ok >= 0) 1497 ossl_ackm_on_rx_packet(ch->ackm, &ackm_data); 1498 1499 return ok > 0; ``` if the call to `depack_process_frames()` at line 1492 fails, because barticualr frame in packet is corrupted/invalid we take a branch to `end:` goto target. In this case we must avoid the call to `ossl_ackm_on_rx_packet()`. Packet with malformed/invalid frame must not be accepted. See RFC 9000 section 13.1: Once the packet has been fully processed, a receiver acknowledges receipt by sending one or more ACK frames containing the packet number of the received packet. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/28002) (cherry picked from commit e6c20588ef)	2025-07-10 12:06:02 +02:00
openssl-machine	ed2e04f18a	Copyright year updates ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Release: yes	2025-07-01 11:50:25 +00:00
Andrew Dinh	61ff9d94b3	Reset qtls->local_transport_params_consumed to 0 on SSL_clear() ... Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27656) (cherry picked from commit 9bad2b86e8)	2025-06-03 18:30:09 +02:00
Norbert Pocs	17dcf0087a	quic_tls.c: Precede double free on EVP_MD variable ... When external quic implementation is used, the variable is not used and double free happens whe the yield_secret_cb fails. Resolves: #27504 Signed-off-by: Norbert Pocs <norbertp@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27713) (cherry picked from commit 258d3a695e)	2025-05-30 06:55:23 -04:00
Neil Horman	4fb6c56b94	Add NULL check in ossl_quic_get_peer_token ... If a peer address hasn't been set on a quic channel yet, we will not yield a token from our hashtable of available tokens. Fail the get_peer_token lookup in that event Fixes #27608 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27610) (cherry picked from commit 99ea6b3843)	2025-05-15 09:04:02 -04:00
Matt Caswell	878ab3cde1	Fix memory management in port_make_channel ... Also make port_new_handshake_layer processing clearer. Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27562) (cherry picked from commit d56f9b4d89)	2025-05-07 15:08:31 +02:00
sashan	5bb2abc26a	ossl_json_f64() seems to be unused, remove it to avoid libm dependency ... Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27434) (cherry picked from commit 0e41862899)	2025-04-29 19:39:37 +02:00
Matt Caswell	6bb3e506b0	Fix errors on SSL_accept() and SSL_get_error() ... Calling SSL_accept() was raising two errors on the stack if you passed the wrong object type. Similarly SSL_get_error() was adding an error to the stack if the wrong object type was passed and returning the wrong result. We also ensure SSL_set_accept_state() and SSL_set_connect_state() don't raise spurious errors since these are void functions. Fixes #27347 Fixes #27348 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27351) (cherry picked from commit cb5bb8916f)	2025-04-24 20:11:04 +02:00
Matt Caswell	3217b95e93	Fix SSL_accept() ... If you have a QUIC server SSL connection object, you should be able to call SSL_accept() on it. Fixes #27282 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27283) (cherry picked from commit 38bf6f3036)	2025-04-14 14:39:17 +01:00
Matt Caswell	11fb3d7f9c	Prevent SSL_poll from reporting a stream as writeable if it isn't ... The CWM might prevent a stream from being writeable. We should not report a stream as writeable if there is no credit. Fixes #27312 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> (Merged from https://github.com/openssl/openssl/pull/27319) (cherry picked from commit 4efd1a2682)	2025-04-11 07:59:55 +01:00
Samson S. Kolge	88ecf93695	Fix SSL_new() with QUIC_server_method and improve formatting (Fixes #27255) ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27264) (cherry picked from commit 5341e271d9)	2025-04-05 09:15:56 -04:00
openssl-machine	b17e3bb6ce	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Release: yes	2025-03-25 14:59:38 +00:00
Bernd Edlinger	1e6bd53cfc	Try to fix reported qlog issues ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27089) (cherry picked from commit 9f85a036e3)	2025-03-24 20:21:42 +01:00
Tomas Mraz	56e00f1296	qlog_event_helpers.c: Fix inverted condition ... We want to skip up to PACKET_remaining() and not "at least" PACKET_remaining() bytes. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Richard Levitte <levitte@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27138) (cherry picked from commit 83b11af017)	2025-03-24 15:23:09 +01:00
Matt Caswell	6e4ddabd98	Fix the use of CCM ciphersuites with QUIC TLS API ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091) (cherry picked from commit 207cd5bb97)	2025-03-20 11:25:01 +01:00
Matt Caswell	688cea710d	Always use NULL BIOs when using the QUIC TLS API ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091) (cherry picked from commit 228a26fde4)	2025-03-20 11:24:59 +01:00
Matt Caswell	81789a05b7	Don't decrement the unreleased counter if we failed to release a record ... In a failure situation we may incorrectly decrement the amount of data released. Only decrement the counter if we successfully released. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27091) (cherry picked from commit 4ad45969b0)	2025-03-20 11:24:57 +01:00
openssl-machine	0c679f5566	Copyright year updates ... Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Release: yes	2025-03-12 13:35:59 +00:00
Neil Horman	9a308a89a4	Orphan packets from qrx ... It may occur that the qrx we allocate in port_default_packet handler to do AEAD validation isn't the one the channel ultimately uses (like if we turn off address validation). In that event, we need to ensure that anything we have on that qrx isn't returned to its free list to avoid early freeing when we free the qrx at the end of port_default_packet_handler, while those frames are still pending on the channel qrx Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27004)	2025-03-09 18:44:53 +01:00
Neil Horman	8f74d8cee3	If our server channel creates its own qrx, set its initial secret ... With the addition of larger client hellos, stemming from the use of larger PQC key shares, it may happen that we get a client hello accross multiple datagrams. Normally this is not a problem as port_default_packet_handler allocates a qrx and initializes its initial secret immediately. But if server address validation is disabled, then the channel creates the qrx in port_bind_channel itself, without initial secrets. As a result, we validate the first datagram in port_default_packet_handler, but the subsequent datagrams containing the remaining client hello fragments fail decode. Fix it by ensuring that we add the initial secret in port_bind_channel if we don't give it a preconfigured qrx Fixes openssl/project#1131 Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> (Merged from https://github.com/openssl/openssl/pull/27006)	2025-03-07 21:56:34 -05:00
Andrew Dinh	442f1958e8	QUIC NULL checks ... - Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029 - Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030 - Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643141 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26916)	2025-02-27 10:23:38 -05:00
Alexandr Nedvedicky	395a83a617	Fix read out of buffer bounds when dealing with BIO_ADDR ... This issue was discoevered while I was testing SSL_new_from_listener() using a newly created unit test. It has turned out the QUIC stack at few places contain pattern as follows: foo(QUIC_WHATEVER *q, BIO_ADDR *a) { q->a = *a; } The problem is that derefencning a that way is risky. If the address `a` comes from BIO_lookup_ex() it may actually be shorter than sizeof(BIO_ADDR). Using BIO_ADDR_copy() is the right thing to do here. Fixes #26241 Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26252)	2025-02-25 15:55:46 +01:00
Tomas Mraz	87b5aa737d	Rename fnv1a_hash() to ossl_fnv1a_hash() ... It is no longer static. Also add it to libssl only with quic enabled. Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26882)	2025-02-25 15:45:42 +01:00
Alexandr Nedvedicky	96075a6a40	Fix AEAD validation of initial packets in port ... The interoperability tests disable client ip address validation done by RETRY packet. All tests done in CI take code path which sends a retry packet. The first initial packet sent by client uses a different initial encryption level keys to protect packet integrity. The keys are derived from DCID chosen by client. When server accepts connection on behalf of initial packet, the 'DCID' gets changed which means the initial level encryption keys are changing too. So when server skips sending a retry packet, it must forget the qrx which was used to validate initial packet sent by client. Forgetting qrx is not straightforward, we must salvage the unencrypted packets left there after they were validated. Those unencrypted packets must be injected to newly created channel. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26808)	2025-02-25 12:05:10 +01:00
Alexandr Nedvedicky	c14ae04613	Perform initial AEAD validation before creating a channel ... We let port to create qrx object and use it for packet validation. If packet validates, we then create channel and pass pre-created qrx to channel's constructor. Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26808)	2025-02-25 12:04:09 +01:00
Andrew Dinh	cec0659fa4	Coverity fixes ... Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643042 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643047 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643089 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643091 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643095 Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26845)	2025-02-25 08:55:26 +01:00
Neil Horman	17d2fd0752	Use siphash to implement lcidm hash function ... Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26849)	2025-02-22 13:23:16 -05:00
Neil Horman	6a9a9480a7	Update LCIDM lookups to include hash keys ... In preparation for using siphash in our hash function Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26849)	2025-02-22 13:23:16 -05:00
Neil Horman	3e3942b42f	Add random hash key value to lcidm struct ... This is in preparation for using siphash to compute lcidm hash table values Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26849)	2025-02-22 13:23:16 -05:00
Andrew Dinh	704c3d3cd2	Various NULL checks ... Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643035 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643039 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643041 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643044 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643045 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643046 Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26840)	2025-02-21 15:07:27 -05:00
Cheng Zhang	db2c54cc92	Added new API to enable 0-RTT for 3rd party QUIC stacks. ... Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26842)	2025-02-21 12:01:30 +01:00
Andrew Dinh	3820f2da7c	NULL checks for QUIC code ... Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643033 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643032 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643031 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643030 Fixes https://scan5.scan.coverity.com/#/project-view/62507/10222?selectedIssue=1643029 Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26825)	2025-02-20 08:13:02 -05:00
Neil Horman	8b0fbe224a	Add ssl_unwrap.h to quic_tls_api.c ... Needed after the macro re-arranging performed on the quic-server branch Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26762)	2025-02-17 11:27:34 -05:00
Neil Horman	b360611ad6	Readd the inclusion of quic_record_util.h to quic_tls.c ... Some refactoring on master removed the inclusion of quic_local.h from ssl_local.h, which quic_tls.c needed on the server branch to pull in the QRL_SUITE_AES128GCM and simmilar definitions. Fix it by specifcially adding quic_record_util.h into quic_tls.c, as we only need a few defines from that header. Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26762)	2025-02-17 11:27:34 -05:00
Neil Horman	473e6bcb2c	Fixup conflict between 3rd party quic-tls api and quic-server ... Build.info changes between quic-server and master occured here, resolve them. Can't do it as a fixup as the conficting changes have already been merged to master Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26762)	2025-02-17 11:27:34 -05:00
Alexandr Nedvedicky	9eee58cce4	Backout validation of initial packet done by port_default_packet_handler() ... QUIC interoperability tests discovered bugs in my earlier commit #59e7c2313be7cff. This change reverts everything out. Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26748)	2025-02-17 11:27:34 -05:00
Alexandr Nedvedicky	c82c1dbbbb	Perform initial AEAD validation before creating a channel ... We let port to create qrx object and use it for packet validation. If packet validates, we then create channel and pass pre-created qrx to channel's constructor. Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26610)	2025-02-17 11:27:34 -05:00