From: Neil Horman <nhorman@openssl.org>
Date: Thu, 7 Nov 2024 14:34:29 +0000 (-0500)
Subject: Include RETRY_CID transport parameter when handling retried connection
X-Git-Tag: openssl-3.5.0-alpha1~325
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=35f1917f2da1dec62e665e30b44337bbe184b138;p=thirdparty%2Fopenssl.git

Include RETRY_CID transport parameter when handling retried connection

After sending a retry frame from a server, the subsequent server hello
record must include the RETRY_SCID transport parameter, as per RFC 9000:
https://datatracker.ietf.org/doc/html/rfc9000#section-7.3

Implement the encoding of said retry_source_connection_id transport
param, and fix up tests to address the impact of that change.  Test
changes amount to:
1) quicapitest needs to have its tparam test augmented such that it
   doesn't inject the retry_scid on its own, as the quic stack does it
   for the test now
2) quicapitest needs to have the ssl_trace test adjusted so the expected
   record values are reflected.

Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25890)
---

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 305831144f2..72155b079ed 100644
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -1775,6 +1775,11 @@ static int ch_generate_transport_params(QUIC_CHANNEL *ch)
         if (!ossl_quic_wire_encode_transport_param_cid(&wpkt, QUIC_TPARAM_INITIAL_SCID,
                                                        &ch->cur_local_cid))
             goto err;
+        if (ch->odcid.id_len != 0)
+            if (!ossl_quic_wire_encode_transport_param_cid(&wpkt,
+                                                           QUIC_TPARAM_RETRY_SCID,
+                                                           &ch->init_dcid))
+                goto err;
     } else {
         /* Client always uses an empty SCID. */
         if (ossl_quic_wire_encode_transport_param_bytes(&wpkt, QUIC_TPARAM_INITIAL_SCID,
diff --git a/test/quicapitest.c b/test/quicapitest.c
index 3146c4c1eda..48bca30d2d9 100644
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -1725,7 +1725,6 @@ struct tparam_test {
     size_t      buf_len;
 };
 
-static const unsigned char retry_scid_1[8] = { 0 };
 
 static const unsigned char disable_active_migration_1[] = {
     0x00
@@ -1853,8 +1852,6 @@ static const struct tparam_test tparam_tests[] = {
     TPARAM_CHECK_DROP(ORIG_DCID,
                       "ORIG_DCID was not sent but is required")
 
-    TPARAM_CHECK_INJECT_A(RETRY_SCID, retry_scid_1,
-                          "RETRY_SCID sent when not performing a retry")
     TPARAM_CHECK_DROP_INJECT_A(DISABLE_ACTIVE_MIGRATION, disable_active_migration_1,
                                "DISABLE_ACTIVE_MIGRATION is malformed")
     TPARAM_CHECK_INJECT(UNKNOWN_1, NULL, 0,
diff --git a/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt b/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt
index 9ab460994aa..2e5db31c307 100644
--- a/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt
+++ b/test/recipes/75-test_quicapi_data/ssltraceref-zlib.txt
@@ -103,7 +103,7 @@ Sent Datagram
 Received Datagram
   Length: 1200
 Received Datagram
-  Length: 234
+  Length: 244
 Received Packet
   Packet Type: Initial
   Version: 0x00000001
@@ -153,7 +153,7 @@ Received Packet
   Version: 0x00000001
   Destination Conn Id: <zero length id>
   Source Conn Id: 0x????????????????
-  Payload length: 213
+  Payload length: 223
   Packet Number: 0x00000001
 Received Frame: Crypto
     Offset: 0
@@ -164,14 +164,15 @@ Header:
   Content Type = ApplicationData (23)
   Length = 1022
   Inner Content Type = Handshake (22)
-    EncryptedExtensions, Length=88
-      extensions, length = 86
-        extension_type=UNKNOWN(57), length=67
+    EncryptedExtensions, Length=98
+      extensions, length = 96
+        extension_type=UNKNOWN(57), length=77
           0000 - 0c 00 00 08 ?? ?? ?? ??-?? ?? ?? ?? 0f 08 ??   ....????????..?
-          000f - ?? ?? ?? ?? ?? ?? ?? 01-04 80 00 75 30 03 02   ???????....u0..
-          001e - 44 b0 0e 01 02 04 04 80-0c 00 00 05 04 80 08   D..............
-          002d - 00 00 06 04 80 08 00 00-07 04 80 08 00 00 08   ...............
-          003c - 02 40 64 09 02 40 64                           .@d..@d
+          000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ??   ???????????????
+          001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02   ???????????????
+          002d - 04 04 80 0c 00 00 05 04-80 08 00 00 06 04 80   ...............
+          003c - 08 00 00 07 04 80 08 00-00 08 02 40 64 09 02   ???????????????
+          004b - 40 64                                          ??
         extension_type=application_layer_protocol_negotiation(16), length=11
           ossltest
 
@@ -265,12 +266,12 @@ YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
 
 Received Frame: Crypto
     Offset: 1022
-    Len: 192
+    Len: 202
 Received TLS Record
 Header:
   Version = TLS 1.2 (0x303)
   Content Type = ApplicationData (23)
-  Length = 192
+  Length = 202
   Inner Content Type = Handshake (22)
     CertificateVerify, Length=260
       Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)
diff --git a/test/recipes/75-test_quicapi_data/ssltraceref.txt b/test/recipes/75-test_quicapi_data/ssltraceref.txt
index c241d375595..148e154adfe 100644
--- a/test/recipes/75-test_quicapi_data/ssltraceref.txt
+++ b/test/recipes/75-test_quicapi_data/ssltraceref.txt
@@ -101,7 +101,7 @@ Sent Datagram
 Received Datagram
   Length: 1200
 Received Datagram
-  Length: 234
+  Length: 244
 Received Packet
   Packet Type: Initial
   Version: 0x00000001
@@ -151,7 +151,7 @@ Received Packet
   Version: 0x00000001
   Destination Conn Id: <zero length id>
   Source Conn Id: 0x????????????????
-  Payload length: 213
+  Payload length: 223
   Packet Number: 0x00000001
 Received Frame: Crypto
     Offset: 0
@@ -162,14 +162,15 @@ Header:
   Content Type = ApplicationData (23)
   Length = 1022
   Inner Content Type = Handshake (22)
-    EncryptedExtensions, Length=88
-      extensions, length = 86
-        extension_type=UNKNOWN(57), length=67
+    EncryptedExtensions, Length=98
+      extensions, length = 96
+        extension_type=UNKNOWN(57), length=77
           0000 - 0c 00 00 08 ?? ?? ?? ??-?? ?? ?? ?? 0f 08 ??   ....????????..?
-          000f - ?? ?? ?? ?? ?? ?? ?? 01-04 80 00 75 30 03 02   ???????....u0..
-          001e - 44 b0 0e 01 02 04 04 80-0c 00 00 05 04 80 08   D..............
-          002d - 00 00 06 04 80 08 00 00-07 04 80 08 00 00 08   ...............
-          003c - 02 40 64 09 02 40 64                           .@d..@d
+          000f - ?? ?? ?? ?? ?? ?? ?? 10-08 ?? ?? ?? ?? ?? ??   ???????..??????
+          001e - ?? ?? 01 04 80 00 75 30-03 02 44 b0 0e 01 02   ??....??..?....
+          002d - 04 04 80 0c 00 00 05 04-80 08 00 00 06 04 80   ...............
+          003c - 08 00 00 07 04 80 08 00-00 08 02 40 64 09 02   ...........@d..
+          004b - 40 64                                          @d
         extension_type=application_layer_protocol_negotiation(16), length=11
           ossltest
 
@@ -263,12 +264,12 @@ YeeuLO02zToHhnQ6KbPXOrQAqcL1kngO4g+j/ru+4AZThFkdkGnltvk=
 
 Received Frame: Crypto
     Offset: 1022
-    Len: 192
+    Len: 202
 Received TLS Record
 Header:
   Version = TLS 1.2 (0x303)
   Content Type = ApplicationData (23)
-  Length = 192
+  Length = 202
   Inner Content Type = Handshake (22)
     CertificateVerify, Length=260
       Signature Algorithm: rsa_pss_rsae_sha256 (0x0804)