slontis [Wed, 22 Jan 2025 21:20:58 +0000 (08:20 +1100)]
SLH-DSA cleanups
Addressed some review comments.
- Ref counting has been removed from SLH_DSA_KEY (EVP_PKEY is responsible
for the keys ref counting).
- Moved constants and prefetched objects into SLH_DSA_KEY.
- The SLH_DSA_HASH_CTX is still required since there are multiple
contexts that need to propagate to a lot of functions, but it no
longer contains the constants. Note that it also holds a pointer to
the SLH_DSA_KEY.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 21 Nov 2024 05:09:18 +0000 (16:09 +1100)]
Add SLH_DSA key validation.
The pairwise test requires that the computed PK_ROOT key matches the
keys PK_ROOT value. The public and private key tests just require the
key elements to exist.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 21 Nov 2024 01:15:24 +0000 (12:15 +1100)]
Add SLH-DSA FIPS self tests
This requires a keygen test, as well as Sign/Verify tests for at least 1
sha2 algorithm and 1 shake related algorithm.
A pairwise consistency test has also been added to the key generation.
Note that self test datat for the signature is currently stored as a
sha256 digest in order to reduce the memory footprint.
(Since the signature size for sha2/shake using 128s = ~8K, and for 128f = ~17K)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 19 Nov 2024 04:40:13 +0000 (15:40 +1100)]
Add SLH-DSA encoder/decoder support.
This required adding additional EVP_PKEY_ASN1_METHOD methods.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 12 Nov 2024 23:59:10 +0000 (10:59 +1100)]
Address style check nits for SLH-DSA
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 12 Nov 2024 07:35:10 +0000 (18:35 +1100)]
Update SLH-DSA code to use PACKET and WPACKET.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Sun, 10 Nov 2024 23:41:35 +0000 (10:41 +1100)]
Update SLH-DSAto use EVP_PKEY_sign_message_init() instead of using the
prehashed variant.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Fri, 8 Nov 2024 06:23:18 +0000 (17:23 +1100)]
Add SLH-DSA design document
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Fri, 8 Nov 2024 05:16:59 +0000 (16:16 +1100)]
Add SLH-DSA documentation
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Fri, 8 Nov 2024 05:08:31 +0000 (16:08 +1100)]
SLH-DSA clean ups
- Make slh_dsa_sign() return the siglen when sig is NULL.
- Remove the ability in fromdata to generate the public key root
given the private key and public key seed. This was messy and can
be done by key generation instead.
- Add common EVP_PKEY gettablesto SLH_DSA keys
(OSSL_PKEY_PARAM_BITS, OSSL_PKEY_PARAM_SECURITY_BITS, and
OSSL_PKEY_PARAM_MAX_SIZE).
- Update tests based on the above changes.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 10:01:27 +0000 (21:01 +1100)]
Zeorize some secret values in SLH_DSA
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 08:01:16 +0000 (19:01 +1100)]
Added return code checks to SLH_DSA Hash functions and propogated the
values thru the calling functions.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 06:43:19 +0000 (17:43 +1100)]
Add SLH_DSA to the FIPS provider.
The keygen tests required "entropy" to be added via an additional
parameter for ACVP testing. This is required because TEST_RAND cant be
used to pass entropy to the FIPS provider, due to it not knowing the
lib ctx of the FIPS provider.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 03:59:45 +0000 (14:59 +1100)]
Add support for all 12 SLH-DSA parameter sets.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 00:24:06 +0000 (11:24 +1100)]
Add SLH-DSA signing.
Also updated function comments.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 6 Nov 2024 10:45:29 +0000 (21:45 +1100)]
Add SLH-DSA key generation
Also made fromdata able to generate the public root key if the private
key seed + prf as well as the public key seed are passed to from data.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 6 Nov 2024 06:37:08 +0000 (17:37 +1100)]
Add SLH_DSA signature verification.
This uses a SLH_DSA_CTX that is passed to most functions.
It contains information related to a parameter set (such as constants,
hash functions, prefetched EVP_MD/EVP_MAC objects, as well as ADDRESS
functions). This context is seperated from the SLH_DSA_KEY since
multiple signature operations could be performed using the same keys.
This only implements functions required for SLH-DSA-SHA2-128s
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 6 Nov 2024 03:22:45 +0000 (14:22 +1100)]
Add base code to load a SLH_DSA public key.
This loads a SLH_DSA public key from data.
A simple SLH_DSA keymanager imports this key.
Initially this only has a parameter set for
SLH-DSA-SHA2-128s
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 5 Nov 2024 04:18:41 +0000 (15:18 +1100)]
Add SLH_DSA configuration option
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
Pauli [Mon, 10 Feb 2025 22:32:28 +0000 (09:32 +1100)]
fips: omit PCT on key import
Our lab thinks the IG 10.3.A additional comment 1 is a mistake and that
a PCT on import is not required.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26785)
Neil Horman [Fri, 14 Feb 2025 19:21:31 +0000 (14:21 -0500)]
Readd the inclusion of quic_record_util.h to quic_tls.c
Some refactoring on master removed the inclusion of quic_local.h from
ssl_local.h, which quic_tls.c needed on the server branch to pull in the
QRL_SUITE_AES128GCM and simmilar definitions. Fix it by specifcially
adding quic_record_util.h into quic_tls.c, as we only need a few defines
from that header.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26762)
Neil Horman [Fri, 14 Feb 2025 20:58:58 +0000 (15:58 -0500)]
Fixup conflict between 3rd party quic-tls api and quic-server
Build.info changes between quic-server and master occured here, resolve
them. Can't do it as a fixup as the conficting changes have already
been merged to master
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26762)
Backout validation of initial packet done by port_default_packet_handler()
QUIC interoperability tests discovered bugs in my earlier commit #59e7c2313be7cff.
This change reverts everything out.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26748)
Perform initial AEAD validation before creating a channel
We let port to create qrx object and use it for
packet validation. If packet validates, we then
create channel and pass pre-created qrx to channel's
constructor.
Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26610)
Neil Horman [Wed, 29 Jan 2025 19:10:09 +0000 (14:10 -0500)]
Fix ossl_quic_trace to fetch connection short conn id len
ossl_quic_trace currently fails to get the connection id when parsing a
short header. now that we have an api to get the known length, go ahead
and use that to parse the header properly
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26592)
Neil Horman [Sat, 1 Feb 2025 16:28:25 +0000 (11:28 -0500)]
Remove NEW_TOKEN public api
@sashan and I were discussing the usefulness of the public facing api
for NEW_TOKEN support, and he has concerns over its usefulness and our
being stuck with it if we need to make changes later. Given that it is
a convience api for using multiple CTX-es to share a cache, its fine if
we remove it for now, as that seems like a less common use case.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Thu, 30 Jan 2025 17:14:26 +0000 (12:14 -0500)]
Rename token_store functions to make them consistent
we use get0 to get a token store, but set to set it. Since the latter
takes a refcount, change that to set1. Also rename the interal quic
functions to match.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Tue, 28 Jan 2025 13:58:19 +0000 (08:58 -0500)]
Reduce our NEW_TOKEN send rate.
Currently, we send a NEW_TOKEN frame on every new validated connection,
but thats not necessecary. Since NEW_TOKEN tokens have a lifetime of 1
hour currently, we really only need to send a NEW_TOKEN if:
1) We validated a RETRY token
or
2) We validated a NEW_TOKEN for which the lifetime is nearing its limit
So lets do that. When we validate a token, only generate a NEW_TOKEN if
the current token is a RETRY token, or if its a NEW_TOKEN, and there is
less than 10% of the tokens lifetime remaining.
This lets clients use NEW_TOKENS repeatedly (as per the RFC), and saves
us some network bandwith.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Mon, 27 Jan 2025 21:32:32 +0000 (16:32 -0500)]
Don't reserve an unused cid for NEW_TOKENS
Just realized that NEW_TOKEN tokens don't need a reserved rscid.
Because a client might use a received NEW_TOKEN for multiple subsequent
connections, we allocate a cid when we validate the token on new
connection establishment (in fact we just use the one that the client
sends). As such the allocated rscid never gets used, and just sits
there until it ages out.
Instead, fill the rscid with random data to mutate subsequently
generated NEW_TOKENS's, since it won't ever be part of the validation
process anyway.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Mon, 27 Jan 2025 18:56:40 +0000 (13:56 -0500)]
Reference count QUIC_TOKENS
closer reading of RFC 9000 indicates that a NEW_TOKEN token can be
(re)used repeatedly.
so instead of creating a use once and discard pattern in the token api.
Let the tokens stick around until they are replaced with a new token
from the server. To do this, we need to ref count the tokens so that we
don't accidentally free them while a given client is waiting to send an
initial frame making use of them.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Sat, 25 Jan 2025 00:51:01 +0000 (19:51 -0500)]
Schedule new token frame after handshake complete
We don't want to schedule the NEW_TOKEN frame until such time as the
handshake is complete, otherwise we risk giving a token to validate a
future connection to a peer we haven't decided to trust yet
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Thu, 16 Jan 2025 13:27:48 +0000 (08:27 -0500)]
Add allocation of token cache on server contexts when needed
the SSL_new_from_listener api creates a client SSL from a server
SSL_CTX context. Normally server contexts need no token cache, but once
we start using it as a client, that changes. Allocate one here when
needed
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Tomas Mraz [Thu, 23 Jan 2025 16:42:56 +0000 (17:42 +0100)]
Clean up a few further TODO(QUIC SERVER)
These are either already implemented or not relevant for
the QUIC server MVP.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26544)
Tomas Mraz [Thu, 23 Jan 2025 16:28:43 +0000 (17:28 +0100)]
Add build.info for QUIC server demo
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26544)
Tomas Mraz [Thu, 23 Jan 2025 16:21:21 +0000 (17:21 +0100)]
We are not handling AEAD at port level for now
-> TODO(QUIC FUTURE)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26544)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26544)
Neil Horman [Thu, 23 Jan 2025 18:55:13 +0000 (13:55 -0500)]
Disable server address validation for resumption test
The quic-interop runner expects a handshake message and certificate
exchange in the first 3 frames in this test. The addition of server
address validation retry frames causes the test to fail. Strictly
speaking this is a shortcoming of the test, but disabling address
validation allows the test to pass, and we have the mechanism, so
disable the feature.
Fixes openssl/project#1061
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26545)
Neil Horman [Wed, 22 Jan 2025 18:19:52 +0000 (13:19 -0500)]
quic-hq-interop: Allow for retries if we've reached our max stream limit
Several servers defer the sending of max stream frames. For instance
quic-go uses a go-routine to do the sending after sufficient existing
streams have finished, while mvfst seems to wait for all outstanding
streams to be closed before issuing a new batch. This result in the
client, if all streams are in use, getting a transient NULL return from
SSL_new_stream(). Check for the stream limit being reached and allow a
number of retries before giving up to give the server a chance to issue
us more streams. Also dead-reckon the batch count of streams we use in
parallel to be 1/4 of our total number of available streams (generally
hard coded to 100 for most servers) to avoid using all our streams at
once. It would be really nice to have an api to expose our negotiated
transport parameters so that the application can know what this limit
is, but until then we have to just guess.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26527)
Neil Horman [Wed, 22 Jan 2025 19:29:19 +0000 (14:29 -0500)]
Fix up some nits
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 15:25:47 +0000 (10:25 -0500)]
remove check of pending in ossl_quic_free
Not strictly needed
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 15:10:30 +0000 (10:10 -0500)]
Remove vestigual accepted flag
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 13:37:15 +0000 (08:37 -0500)]
Fix more typos
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 12:38:51 +0000 (07:38 -0500)]
Fix some typos
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Mon, 20 Jan 2025 22:03:42 +0000 (17:03 -0500)]
update docs with reference to SSL_set_ex_data
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Tue, 21 Jan 2025 21:55:15 +0000 (16:55 -0500)]
Attempt to use NULL listeners to avoid use after free
As per @sashan suggestion, try pre-creating user ssls with a NULL
listener
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Fri, 17 Jan 2025 18:36:26 +0000 (13:36 -0500)]
Update man page to note limitations of callbacks for QUIC
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Tue, 14 Jan 2025 22:52:20 +0000 (17:52 -0500)]
Fix memory leak in pre-allocated listeners
We have a chicken and egg problem.
Normally when we create a connection object in quic, we associate it
with a listener, and up the ref on the parent listener, which is fine.
However, now that we are pre-allocating user_ssl objects for incomming
connections we have a situation in which:
1) The pre-alocated connection object holds a ref on the listener
2) The application has no awareness of the quic connection object (and
so can't free it)
3) The freeing of the listener object never calls into the quic stack,
because its reference count may hold references from connections that
haven't been accepted yet
We could require that applications register a function for the
new_pending_conn callback, and track/free these pending connections, but
that seems like alot of extra unneeded work to place on the application
Instead:
a) add a quic_conn_st flag named accepted
b) When pre-allocating connections, clear the flag in (a) and _dont_
hold a reference to the parent listener
c) in SSL_accept_connection, set the accepted flag and reference the
listener
d) in ossl_quic_free drop the listener reference only if the accepted
flag is set
c) expressly free all user_ssl objects in ossl_quic_port_drop_incoming
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Mon, 13 Jan 2025 17:06:49 +0000 (12:06 -0500)]
Add changes.md entry noting the limitations of recursive SSL calls
QUIC can't currently make recursive SSL calls, as it potentially results
in deadlock
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Fri, 10 Jan 2025 17:20:40 +0000 (12:20 -0500)]
rename new_pending_ssl to new_pending_conn
Make it clear its only announcing connections, not streams
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Thu, 9 Jan 2025 14:25:22 +0000 (09:25 -0500)]
Run Make update
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Thu, 9 Jan 2025 13:27:58 +0000 (08:27 -0500)]
Add docs for new callback registration
Add docs for SSL_CTX_set_new_pending_ssl_cb
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 23:31:55 +0000 (18:31 -0500)]
Add a test to validate our new SSL_accept connection objects
Quick test to validate that:
a) our new pending SSL accept callback works
and
b) That our callback passed SSL objects match those that are returned
by SSL_accept_connection
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 19:59:58 +0000 (14:59 -0500)]
Add a callback to announce newly created ssl waiting acceptance
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 19:12:28 +0000 (14:12 -0500)]
Return channel tls from ossl_quic_accept_connection
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 19:08:36 +0000 (14:08 -0500)]
use internal callback to generate user ssl
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 18:23:55 +0000 (13:23 -0500)]
Add callback to get user ssl on channel creation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Andrew Dinh [Thu, 2 Jan 2025 03:46:06 +0000 (19:46 -0800)]
Fix MARSHALLED_TOKEN_MAX_LEN
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26333)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26025)
Neil Horman [Thu, 9 Jan 2025 17:12:09 +0000 (12:12 -0500)]
Fix sizing on variable in ossl-nghttp3-demo-server
On working on a rebase for the quic-server branch, I noted that the
rebase was failing on the http3 server. It occurs because the new CI
ubuntu container appears to have FORTIFY_SOURCE enabled and trips over
the call to read here. Specifically the compiler notes that in passing
an int into the read syscall (which accepts a size_t as the 3rd
argument), may interpret a negative value as a very large unsigned value
that exeeds the size allowed by a read call.
Fix it by converting the size variable to a size_t to ensure that the
signing is correct
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26368)
SSL_new_from_listner() creates QUIC connection object (QCSO)
from listener. Caller can use the object retuned from
SSL_new_from_listener() to connect to remote QUIC server.
The QCSO created here shares engine/port with listener.
the change is covered by `test_ssl_new_from_listener()` in
test/quicapitest.c
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26138)
Neil Horman [Tue, 17 Dec 2024 15:54:47 +0000 (10:54 -0500)]
Disable address validation for throughput test
The multiplexing test using quiche as a client seems to get confused
when server address validation is enabled. specifically it writes the
wrong keys into its keylog file, causing the test to fail when tshark
can't decode the tls connection that is established. Fix it by
disabling address validation for the multiplexing/transfer test
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26198)
Neil Horman [Sun, 15 Dec 2024 20:26:41 +0000 (15:26 -0500)]
Do read retries in quic hq-interop server
Normally the throughput test in the interop harness requests several
hundred very small files, resulting in lots of small stream packets from
the client, which are nominally read in a single read operation (as they
typically fit into a single stream frame), and the server was written to
expect that. However, its still possible, if a stream frame is packed
to the end of a datagram, that only part of its content is carried,
finished in a subsequent stream packet, which leads to a short read.
Augment the server to properly handle SSL_read transient failures so
that such an occurance is handled properly.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26198)
projects / thirdparty / openssl.git / log
