Merge 60677b1a11 into f12f8cc035

Current QUIC stack may leave connection monitored by SSL_poll() to stale
during regular shutdown.  The issue is triggered when ACK for client's
FIN gets delayed. The sequeance of operations to trigger
the stale of QUIC connection at client goes as follows:

	- application calls SSL_shutdown() on connection,
	  the shutdown can not proceed, because bi-directional
	  stream must be flushed. The client awaits ACK from
	  server acknowledging reception of FIN on client's stream

	- the stream object gets destroyed, because application
	  received all data from server.

	- application updates poll set and passes to SSL_poll()

	- ssl poll ticks the engine. Engine receives delayed ACK
	  and marks stream as flushed. At this point the SSL_shutdown()
	  operation may proceed given the application calls the
	  SSL_shutdown(). However there is no mechanism to make SSL_poll()
	  return so application is unable to proceed with its event
	  loop where SSL_shutdown() may get called.

This change introduces ossl_quic_channel_notify_flush_done() function
which notifies channel when all streams are flushed (all FINs got ACKed).

The first thing SSL_shudown() does it calls ossl_quic_stream_map_begin_shutdown_flush().
The function walks list of all streams attached to channel and notes how many
streams is missing ACK for their FIN. In our test case it finds one such stream.
Call to SSL_shutdown() returns and application destroys the SSL stream object
and updates a poll set.

SSL_poll() gets called. The QUIC stack (engine) gets ticked and reads data
from socket. It processes delayed ACK now. The ACK-manager updates the
stream notifying the server ACKs the FIN sent by client. The stream
is flushed now. Thw shutdown_flush_done() for stream gets called on
behalf of ACK manager.

The shutdown_flush_done() does two things:
	- it marks stream as flushed
	- it decrements the num_shutdown_flush counter initialized
	  be earlier call to ossl_quic_stream_map_begin_shutdown_flush()
	  called by SSL_shutdown()
The change here calls ossl_quic_channel_notify_flush_done() when
num_shutdown_flush reaches zero.

The ossl_quic_channel_notify_flush_done() then calls function
ossl_quic_channel_notify_flush_done(), which just moves the state
of the channel (connection) from active to terminating state.
The change of channel state is sufficent for SSL_poll() to
signal _EC event on connection.

Once application receives _EC event on connection it should
check the state of the channel/reason of error. In regular case
the error/channel state hints application to call SSL_shutdown()
so connection object can proceed with connection shutdown.
The SSL_shutdown() call done now moves channel to terminated
state. So the next call to SSL_poll() can signal _ECD which
tells application it's time to stop polling on SSL connection
object and destroy it.

Fixes openssl/project#1291

apps/progs.pl

@@ -93,6 +93,7 @@ EOF
 
     my %cmd_disabler = (
         ciphers  => "sock",
+        genrsa   => "rsa",
         gendsa   => "dsa",
         dsaparam => "dsa",
         gendh    => "dh",
@@ -106,7 +107,7 @@ EOF
 #   [2] = preprocessor conditional for excluding irrespective of deprecation
 #        rsa      => [ "pkey",      "3_0", "rsa" ],
 #        genrsa   => [ "genpkey",   "3_0", "rsa" ],
-        rsautl   => [ "pkeyutl",   "3_0", "" ],
+        rsautl   => [ "pkeyutl",   "3_0", "rsa" ],
 #        dhparam  => [ "pkeyparam", "3_0", "dh"  ],
 #        dsaparam => [ "pkeyparam", "3_0", "dsa" ],
 #        dsa      => [ "pkey",      "3_0", "dsa" ],

crypto/evp/asymcipher.c

@@ -261,12 +261,10 @@ int EVP_PKEY_encrypt(EVP_PKEY_CTX *ctx,
 
     cipher = ctx->op.ciph.cipher;
     desc = cipher->description != NULL ? cipher->description : "";
-    ERR_set_mark();
     ret = cipher->encrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
-    if (ret <= 0 && ERR_count_to_mark() == 0)
+    if (ret <= 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
                        "%s encrypt:%s", cipher->type_name, desc);
-    ERR_clear_last_mark();
     return ret;
 
  legacy:
@@ -311,12 +309,10 @@ int EVP_PKEY_decrypt(EVP_PKEY_CTX *ctx,
 
     cipher = ctx->op.ciph.cipher;
     desc = cipher->description != NULL ? cipher->description : "";
-    ERR_set_mark();
     ret = cipher->decrypt(ctx->op.ciph.algctx, out, outlen, (out == NULL ? 0 : *outlen), in, inlen);
-    if (ret <= 0 && ERR_count_to_mark() == 0)
+    if (ret <= 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_ASYM_CIPHER_FAILURE,
                        "%s decrypt:%s", cipher->type_name, desc);
-    ERR_clear_last_mark();
 
     return ret;
 

crypto/evp/keymgmt_meth.c

@@ -460,12 +460,10 @@ void *evp_keymgmt_gen(const EVP_KEYMGMT *keymgmt, void *genctx,
         return NULL;
     }
 
-    ERR_set_mark();
     ret = keymgmt->gen(genctx, cb, cbarg);
-    if (ret == NULL && ERR_count_to_mark() == 0)
+    if (ret == NULL)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_KEYMGMT_FAILURE,
                        "%s key generation:%s", keymgmt->type_name, desc);
-    ERR_clear_last_mark();
     return ret;
 }
 

crypto/evp/m_sigver.c

@@ -426,12 +426,10 @@ int EVP_DigestSignUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
         return 0;
     }
 
-    ERR_set_mark();
     ret = signature->digest_sign_update(pctx->op.sig.algctx, data, dsize);
-    if (ret <= 0 && ERR_count_to_mark() == 0)
+    if (ret <= 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_sign_update:%s", signature->type_name, desc);
-    ERR_clear_last_mark();
     return ret;
 
  legacy:
@@ -476,12 +474,10 @@ int EVP_DigestVerifyUpdate(EVP_MD_CTX *ctx, const void *data, size_t dsize)
         return 0;
     }
 
-    ERR_set_mark();
     ret = signature->digest_verify_update(pctx->op.sig.algctx, data, dsize);
-    if (ret <= 0 && ERR_count_to_mark() == 0)
+    if (ret <= 0)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_verify_update:%s", signature->type_name, desc);
-    ERR_clear_last_mark();
     return ret;
 
  legacy:
@@ -531,13 +527,11 @@ int EVP_DigestSignFinal(EVP_MD_CTX *ctx, unsigned char *sigret,
             pctx = dctx;
     }
 
-    ERR_set_mark();
     r = signature->digest_sign_final(pctx->op.sig.algctx, sigret, siglen,
                                      sigret == NULL ? 0 : *siglen);
-    if (!r && ERR_count_to_mark() == 0)
+    if (!r)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_sign_final:%s", signature->type_name, desc);
-    ERR_clear_last_mark();
     if (dctx == NULL && sigret != NULL)
         ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
     else
@@ -644,13 +638,11 @@ int EVP_DigestSign(EVP_MD_CTX *ctx, unsigned char *sigret, size_t *siglen,
 
             if (sigret != NULL)
                 ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
-            ERR_set_mark();
             ret = signature->digest_sign(pctx->op.sig.algctx, sigret, siglen,
                                          sigret == NULL ? 0 : *siglen, tbs, tbslen);
-            if (ret <= 0 && ERR_count_to_mark() == 0)
+            if (ret <= 0)
                 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                                "%s digest_sign:%s", signature->type_name, desc);
-            ERR_clear_last_mark();
             return ret;
         }
     } else {
@@ -701,12 +693,10 @@ int EVP_DigestVerifyFinal(EVP_MD_CTX *ctx, const unsigned char *sig,
             pctx = dctx;
     }
 
-    ERR_set_mark();
     r = signature->digest_verify_final(pctx->op.sig.algctx, sig, siglen);
-    if (!r && ERR_count_to_mark() == 0)
+    if (!r)
         ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                        "%s digest_verify_final:%s", signature->type_name, desc);
-    ERR_clear_last_mark();
     if (dctx == NULL)
         ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
     else
@@ -779,12 +769,10 @@ int EVP_DigestVerify(EVP_MD_CTX *ctx, const unsigned char *sigret,
             int ret;
 
             ctx->flags |= EVP_MD_CTX_FLAG_FINALISED;
-            ERR_set_mark();
             ret = signature->digest_verify(pctx->op.sig.algctx, sigret, siglen, tbs, tbslen);
-            if (ret <= 0 && ERR_count_to_mark() == 0)
+            if (ret <= 0)
                 ERR_raise_data(ERR_LIB_EVP, EVP_R_PROVIDER_SIGNATURE_FAILURE,
                                "%s digest_verify:%s", signature->type_name, desc);
-            ERR_clear_last_mark();
             return ret;
         }
     } else {

crypto/provider_core.c

@@ -2419,11 +2419,6 @@ static int core_pop_error_to_mark(const OSSL_CORE_HANDLE *handle)
     return ERR_pop_to_mark();
 }
 
-static int core_count_to_mark(const OSSL_CORE_HANDLE *handle)
-{
-    return ERR_count_to_mark();
-}
-
 static void core_indicator_get_callback(OPENSSL_CORE_CTX *libctx,
                                         OSSL_INDICATOR_CALLBACK **cb)
 {
@@ -2605,7 +2600,6 @@ static const OSSL_DISPATCH core_dispatch_[] = {
     { OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK,
       (void (*)(void))core_clear_last_error_mark },
     { OSSL_FUNC_CORE_POP_ERROR_TO_MARK, (void (*)(void))core_pop_error_to_mark },
-    { OSSL_FUNC_CORE_COUNT_TO_MARK, (void (*)(void))core_count_to_mark },
     { OSSL_FUNC_BIO_NEW_FILE, (void (*)(void))ossl_core_bio_new_file },
     { OSSL_FUNC_BIO_NEW_MEMBUF, (void (*)(void))ossl_core_bio_new_mem_buf },
     { OSSL_FUNC_BIO_READ_EX, (void (*)(void))ossl_core_bio_read_ex },

doc/man7/provider-base.pod

@@ -154,10 +154,6 @@ provider):
  core_new_error                 OSSL_FUNC_CORE_NEW_ERROR
  core_set_error_debug           OSSL_FUNC_CORE_SET_ERROR_DEBUG
  core_vset_error                OSSL_FUNC_CORE_VSET_ERROR
- core_set_error_mark            OSSL_FUNC_CORE_SET_ERROR_MARK
- core_clear_last_error_mark     OSSL_FUNC_CORE_CLEAR_LAST_ERROR_MARK
- core_pop_error_to_mark         OSSL_FUNC_CORE_POP_ERROR_TO_MARK
- core_count_to_mark             OSSL_FUNC_CORE_COUNT_TO_MARK
  core_obj_add_sigid             OSSL_FUNC_CORE_OBJ_ADD_SIGID
  core_obj_create                OSSL_FUNC_CORE_OBJ_CREATE
  CRYPTO_malloc                  OSSL_FUNC_CRYPTO_MALLOC
@@ -274,33 +270,6 @@ error occurred or was reported.
 
 This corresponds to the OpenSSL function L<ERR_vset_error(3)>.
 
-=item core_set_error_mark()
-
-sets a mark on the current topmost error record if there is one.
-
-This corresponds to the OpenSSL function L<ERR_set_mark(3)>.
-
-=item core_clear_last_error_mark()
-
-removes the last mark added if there is one.
-
-This corresponds to the OpenSSL function L<ERR_clear_last_mark(3)>.
-
-=item core_pop_error_to_mark()
-
-pops the top of the error stack until a mark is found. The mark is then removed.
-If there is no mark, the whole stack is removed.
-
-This corresponds to the OpenSSL function L<ERR_pop_to_mark(3)>.
-
-=item core_count_to_mark()
-
-returns the number of entries on the error stack above the most recently
-marked entry, not including that entry. If there is no mark in the error stack,
-the number of entries in the error stack is returned.
-
-This corresponds to the OpenSSL function L<ERR_count_to_mark(3)>.
-
 =back
 
 The core_obj_create() function registers a new OID and associated short name

fuzz/dtlsserver.c

@@ -590,7 +590,10 @@ int FuzzerTestOneInput(const uint8_t *buf, size_t len)
     SSL *server;
     BIO *in;
     BIO *out;
+#if !defined(OPENSSL_NO_EC)                     \
+    || (!defined(OPENSSL_NO_DSA) && !defined(OPENSSL_NO_DEPRECATED_3_0))
     BIO *bio_buf;
+#endif
     SSL_CTX *ctx;
     int ret;
 #ifndef OPENSSL_NO_DEPRECATED_3_0

include/openssl/core_dispatch.h

@@ -253,10 +253,6 @@ OSSL_CORE_MAKE_FUNC(int, provider_up_ref,
 OSSL_CORE_MAKE_FUNC(int, provider_free,
                     (const OSSL_CORE_HANDLE *prov, int deactivate))
 
-/* Additional error functions provided by the core */
-# define OSSL_FUNC_CORE_COUNT_TO_MARK          120
-OSSL_CORE_MAKE_FUNC(int, core_count_to_mark, (const OSSL_CORE_HANDLE *prov))
-
 /* Functions provided by the provider to the Core, reserved numbers 1024-1535 */
 # define OSSL_FUNC_PROVIDER_TEARDOWN           1024
 OSSL_CORE_MAKE_FUNC(void, provider_teardown, (void *provctx))

providers/fips/fipsprov.c

@@ -65,7 +65,6 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error;
 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark;
 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark;
 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark;
-static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark;
 static OSSL_FUNC_CRYPTO_malloc_fn *c_CRYPTO_malloc;
 static OSSL_FUNC_CRYPTO_zalloc_fn *c_CRYPTO_zalloc;
 static OSSL_FUNC_CRYPTO_free_fn *c_CRYPTO_free;
@@ -835,9 +834,6 @@ int OSSL_provider_init_int(const OSSL_CORE_HANDLE *handle,
         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
             set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(in));
             break;
-        case OSSL_FUNC_CORE_COUNT_TO_MARK:
-            set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in));
-            break;
         case OSSL_FUNC_CRYPTO_MALLOC:
             set_func(c_CRYPTO_malloc, OSSL_FUNC_CRYPTO_malloc(in));
             break;
@@ -1076,11 +1072,6 @@ int ERR_pop_to_mark(void)
     return c_pop_error_to_mark(NULL);
 }
 
-int ERR_count_to_mark(void)
-{
-    return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0;
-}
-
 /*
  * This must take a library context, since it's called from the depths
  * of crypto/initthread.c code, where it's (correctly) assumed that the

providers/legacyprov.c

@@ -48,7 +48,6 @@ static OSSL_FUNC_core_vset_error_fn *c_vset_error;
 static OSSL_FUNC_core_set_error_mark_fn *c_set_error_mark;
 static OSSL_FUNC_core_clear_last_error_mark_fn *c_clear_last_error_mark;
 static OSSL_FUNC_core_pop_error_to_mark_fn *c_pop_error_to_mark;
-static OSSL_FUNC_core_count_to_mark_fn *c_count_to_mark;
 #endif
 
 /* Parameters we provide to the core */
@@ -235,9 +234,6 @@ int OSSL_provider_init(const OSSL_CORE_HANDLE *handle,
         case OSSL_FUNC_CORE_POP_ERROR_TO_MARK:
             set_func(c_pop_error_to_mark, OSSL_FUNC_core_pop_error_to_mark(tmp));
             break;
-        case OSSL_FUNC_CORE_COUNT_TO_MARK:
-            set_func(c_count_to_mark, OSSL_FUNC_core_count_to_mark(in));
-            break;
         }
     }
 #endif
@@ -305,9 +301,4 @@ int ERR_pop_to_mark(void)
 {
     return c_pop_error_to_mark(NULL);
 }
-
-int ERR_count_to_mark(void)
-{
-    return c_count_to_mark != NULL ? c_count_to_mark(NULL) : 0;
-}
 #endif

test/generate_buildtest.pl

@@ -23,19 +23,9 @@ print <<"_____";
 #ifndef OPENSSL_NO_STDIO
 # include <stdio.h>
 #endif
-_____
-
-if (${name_uc} eq "RSA") {
-    print("#include <openssl/rsa.h>");
-}
-else {
-    print <<"_____";
 #ifndef OPENSSL_NO_${name_uc}
 # include <openssl/$name.h>
 #endif
-_____
-}
-print <<"_____";
 
 int main(void)
 {

test/quic_txp_test.c

@@ -119,24 +119,11 @@ static void demux_default_handler(QUIC_URXE *e, void *arg,
     ossl_qrx_inject_urxe(h->qrx, e);
 }
 
-/*
- * we don't need fully initialized channel for TX-packetizer test.
- * We just need a mockup channel instance which makes function
- * ossl_quic_channel_is_serve() to return zero, Zero buffer
- * which size is greater than sizeof (struct quic_channel_st) is
- * is sufficient.
- */
-static QUIC_CHANNEL *get_client_test_channel(void)
-{
-    static char test_client_channel[4096] = { 0 };
-
-    return (QUIC_CHANNEL *)test_client_channel;
-}
-
 static int helper_init(struct helper *h)
 {
     int rc = 0;
     size_t i;
+    static char fake_channel[4096] = { 0 };
 
     memset(h, 0, sizeof(*h));
 
@@ -200,10 +187,15 @@ static int helper_init(struct helper *h)
                                                /* is_server */0)))
         goto err;
 
+    /*
+     * fake_channel is ugly hack which is good enough for testing.
+     * we enable qsm to safely dereference a memory when it
+     * calls ossl_quic_channel_is_serve().
+     */
     if (!TEST_true(ossl_quic_stream_map_init(&h->qsm, NULL, NULL,
                                              &h->max_streams_bidi_rxfc,
                                              &h->max_streams_uni_rxfc,
-                                             get_client_test_channel())))
+                                             (QUIC_CHANNEL *)fake_channel)))
         goto err;
 
     h->have_qsm = 1;

test/sslapitest.c

@@ -1984,7 +1984,7 @@ static int test_tlsext_status_type(void)
     if (!create_ssl_ctx_pair(libctx, TLS_server_method(), TLS_client_method(),
                              TLS1_VERSION, 0,
                              &sctx, &cctx, leaf, skey))
-        goto end;
+        return 0;
     if (SSL_CTX_use_certificate_chain_file(sctx, leaf_chain) <= 0)
         goto end;
     if (SSL_CTX_get_tlsext_status_type(cctx) != -1)