Neil Horman [Thu, 23 Jan 2025 18:55:13 +0000 (13:55 -0500)]
Disable server address validation for resumption test
The quic-interop runner expects a handshake message and certificate
exchange in the first 3 frames in this test. The addition of server
address validation retry frames causes the test to fail. Strictly
speaking this is a shortcoming of the test, but disabling address
validation allows the test to pass, and we have the mechanism, so
disable the feature.
Fixes openssl/project#1061
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26545)
Neil Horman [Wed, 22 Jan 2025 18:19:52 +0000 (13:19 -0500)]
quic-hq-interop: Allow for retries if we've reached our max stream limit
Several servers defer the sending of max stream frames. For instance
quic-go uses a go-routine to do the sending after sufficient existing
streams have finished, while mvfst seems to wait for all outstanding
streams to be closed before issuing a new batch. This result in the
client, if all streams are in use, getting a transient NULL return from
SSL_new_stream(). Check for the stream limit being reached and allow a
number of retries before giving up to give the server a chance to issue
us more streams. Also dead-reckon the batch count of streams we use in
parallel to be 1/4 of our total number of available streams (generally
hard coded to 100 for most servers) to avoid using all our streams at
once. It would be really nice to have an api to expose our negotiated
transport parameters so that the application can know what this limit
is, but until then we have to just guess.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26527)
Neil Horman [Wed, 22 Jan 2025 19:29:19 +0000 (14:29 -0500)]
Fix up some nits
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 15:25:47 +0000 (10:25 -0500)]
remove check of pending in ossl_quic_free
Not strictly needed
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 15:10:30 +0000 (10:10 -0500)]
Remove vestigual accepted flag
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 13:37:15 +0000 (08:37 -0500)]
Fix more typos
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 22 Jan 2025 12:38:51 +0000 (07:38 -0500)]
Fix some typos
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Mon, 20 Jan 2025 22:03:42 +0000 (17:03 -0500)]
update docs with reference to SSL_set_ex_data
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Tue, 21 Jan 2025 21:55:15 +0000 (16:55 -0500)]
Attempt to use NULL listeners to avoid use after free
As per @sashan suggestion, try pre-creating user ssls with a NULL
listener
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Fri, 17 Jan 2025 18:36:26 +0000 (13:36 -0500)]
Update man page to note limitations of callbacks for QUIC
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Tue, 14 Jan 2025 22:52:20 +0000 (17:52 -0500)]
Fix memory leak in pre-allocated listeners
We have a chicken and egg problem.
Normally when we create a connection object in quic, we associate it
with a listener, and up the ref on the parent listener, which is fine.
However, now that we are pre-allocating user_ssl objects for incomming
connections we have a situation in which:
1) The pre-alocated connection object holds a ref on the listener
2) The application has no awareness of the quic connection object (and
so can't free it)
3) The freeing of the listener object never calls into the quic stack,
because its reference count may hold references from connections that
haven't been accepted yet
We could require that applications register a function for the
new_pending_conn callback, and track/free these pending connections, but
that seems like alot of extra unneeded work to place on the application
Instead:
a) add a quic_conn_st flag named accepted
b) When pre-allocating connections, clear the flag in (a) and _dont_
hold a reference to the parent listener
c) in SSL_accept_connection, set the accepted flag and reference the
listener
d) in ossl_quic_free drop the listener reference only if the accepted
flag is set
c) expressly free all user_ssl objects in ossl_quic_port_drop_incoming
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Mon, 13 Jan 2025 17:06:49 +0000 (12:06 -0500)]
Add changes.md entry noting the limitations of recursive SSL calls
QUIC can't currently make recursive SSL calls, as it potentially results
in deadlock
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Fri, 10 Jan 2025 17:20:40 +0000 (12:20 -0500)]
rename new_pending_ssl to new_pending_conn
Make it clear its only announcing connections, not streams
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Thu, 9 Jan 2025 14:25:22 +0000 (09:25 -0500)]
Run Make update
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Thu, 9 Jan 2025 13:27:58 +0000 (08:27 -0500)]
Add docs for new callback registration
Add docs for SSL_CTX_set_new_pending_ssl_cb
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 23:31:55 +0000 (18:31 -0500)]
Add a test to validate our new SSL_accept connection objects
Quick test to validate that:
a) our new pending SSL accept callback works
and
b) That our callback passed SSL objects match those that are returned
by SSL_accept_connection
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 19:59:58 +0000 (14:59 -0500)]
Add a callback to announce newly created ssl waiting acceptance
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 19:12:28 +0000 (14:12 -0500)]
Return channel tls from ossl_quic_accept_connection
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 19:08:36 +0000 (14:08 -0500)]
use internal callback to generate user ssl
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Neil Horman [Wed, 8 Jan 2025 18:23:55 +0000 (13:23 -0500)]
Add callback to get user ssl on channel creation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26361)
Andrew Dinh [Thu, 2 Jan 2025 03:46:06 +0000 (19:46 -0800)]
Fix MARSHALLED_TOKEN_MAX_LEN
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26333)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26025)
Neil Horman [Thu, 9 Jan 2025 17:12:09 +0000 (12:12 -0500)]
Fix sizing on variable in ossl-nghttp3-demo-server
On working on a rebase for the quic-server branch, I noted that the
rebase was failing on the http3 server. It occurs because the new CI
ubuntu container appears to have FORTIFY_SOURCE enabled and trips over
the call to read here. Specifically the compiler notes that in passing
an int into the read syscall (which accepts a size_t as the 3rd
argument), may interpret a negative value as a very large unsigned value
that exeeds the size allowed by a read call.
Fix it by converting the size variable to a size_t to ensure that the
signing is correct
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26368)
SSL_new_from_listner() creates QUIC connection object (QCSO)
from listener. Caller can use the object retuned from
SSL_new_from_listener() to connect to remote QUIC server.
The QCSO created here shares engine/port with listener.
the change is covered by `test_ssl_new_from_listener()` in
test/quicapitest.c
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26138)
Neil Horman [Tue, 17 Dec 2024 15:54:47 +0000 (10:54 -0500)]
Disable address validation for throughput test
The multiplexing test using quiche as a client seems to get confused
when server address validation is enabled. specifically it writes the
wrong keys into its keylog file, causing the test to fail when tshark
can't decode the tls connection that is established. Fix it by
disabling address validation for the multiplexing/transfer test
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26198)
Neil Horman [Sun, 15 Dec 2024 20:26:41 +0000 (15:26 -0500)]
Do read retries in quic hq-interop server
Normally the throughput test in the interop harness requests several
hundred very small files, resulting in lots of small stream packets from
the client, which are nominally read in a single read operation (as they
typically fit into a single stream frame), and the server was written to
expect that. However, its still possible, if a stream frame is packed
to the end of a datagram, that only part of its content is carried,
finished in a subsequent stream packet, which leads to a short read.
Augment the server to properly handle SSL_read transient failures so
that such an occurance is handled properly.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26198)
Andrew Dinh [Thu, 12 Dec 2024 15:28:52 +0000 (09:28 -0600)]
Encrypt the address validation token
Store an EVP_CIPHER_CTX context with an ephemeral key set in port
and use it to encrypt/decrypt the validation token.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26165)
Neil Horman [Thu, 12 Dec 2024 14:40:29 +0000 (09:40 -0500)]
modify docker endpoint to not do address validation on transfer test
quic interop uses the transfer test as part of the amplificationlimit
test, and as such we can't do address validation with retry frames
there, as the test requires it
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26178)
Neil Horman [Wed, 4 Dec 2024 21:12:02 +0000 (16:12 -0500)]
Clarify that this validation only relates to retry packets
Disabling server address validation here only relates to new connections
that arrive without a token. Future connections using tokens provided
by the server via NEW_TOKEN frames will still be validated
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26114)
Neil Horman [Wed, 4 Dec 2024 14:25:12 +0000 (09:25 -0500)]
Add a public flag to disable address validation on listeners
Now that we have the infrastructure to skip address validation, add a
public flag to SSL_new_listener and SSL_new_listener_from to allow the
skipping of address validation on selected quic listener SSL objects
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26114)
Arrange the logic:
SSL_poll() without SSL_POLL_FLAG_NO_HANDLE_EVENT ticks for each stream
we have in SSL_poll() that prevents the server logic to get all events
Use SSL_poll() with SSL_POLL_FLAG_NO_HANDLE_EVENT and
SSL_handle_events() prevents the problem.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25859)
Andrew Dinh [Wed, 27 Nov 2024 20:35:16 +0000 (12:35 -0800)]
Augment RETRY validation token
Adds fields to the QUIC RETRY packet validation token:
timestamp, remote_addr, odcid, & rscid.
Also adds functionality to validate the token once returned by the client.
Note that this does not encrypt the token yet.
Also check that the RSCID stored in the RETRY validation
token matches the DCID in the header.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26048)
Neil Horman [Mon, 11 Nov 2024 22:12:19 +0000 (17:12 -0500)]
Augment quic interop harness to support server side interop tests
the quic-interop-runner that we use for interop testing currently only
supports openssl client testing, as we had previously not had a server
to test with.
This PR rectifies that by doing the following:
1) Adding a quic-hq-interop-server.c file in demos/guide
2) Augmenting our interop Dockerfile and entrypoint to support our
interop containter running in a server role
With these changes we are able to do server side interop testing
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26000)
Matt Caswell [Tue, 26 Nov 2024 12:36:52 +0000 (12:36 +0000)]
Add the ablity to set a local address for BIO_dgram_pair
BIOs created from a BIO_dgram_pair don't normally have a local BIO_ADDR
associated with them. This allows us to set one.
Fixes openssl/project#933
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26066)
Neil Horman [Fri, 15 Nov 2024 19:32:56 +0000 (14:32 -0500)]
Fixup tests to properly check version negotiation
Currently the quic_multistream_test tests version negotiation..sort of.
It uses a packet injector to force the tserver to send a version
negotiation packet back to the client. Thats no longer needed as the
server will respond to an invalid version properly.
So alter script_74 to, instead of using the injector, use a quic channel
mutator to invalidate the version provided in the initial packet. Then
we attempt to connect. If the server responds with a version
negotiation packet and the client restarts with the proper version, then
the test passes, as the connection is extablished.
Also, while we're in here, update the gen_version_neg function to
properly insert a 0 version into the packet header for script_75, as
version negotiation packets require that to be set, otherwise script_75
will fail now when the server notices this discrepancy.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25968)
Neil Horman [Fri, 15 Nov 2024 19:31:36 +0000 (14:31 -0500)]
Handle the receipt of version negotiation packets
On the client side, when we get a version negotiation packet, we need to
interrogate the supported version list from the server, and either:
1) drop the connection if we don't see a version we can work with
2) select a supported version and try the negotiation again
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25968)
Neil Horman [Fri, 15 Nov 2024 19:09:16 +0000 (14:09 -0500)]
Add port version negotiation response from server
If the server receives an Initial packet with a version number we don't
support (currently a fixed check for QUIC_VERSION_1), instead of
dropping it, respond with a version negotiation packet to the peer
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25968)
Neil Horman [Fri, 15 Nov 2024 18:55:05 +0000 (13:55 -0500)]
Allow packetizer to accept an arg to set protocol version
In preparation for doing version negotiation, expose the ability to have
the packetiser for QUIC set a configured protocol version. We only set
it to QUIC_VERSION_1 for now, but it allows for us to set different
protocols in the future.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25968)
Neil Horman [Fri, 15 Nov 2024 18:34:37 +0000 (13:34 -0500)]
Augment ossl_quic_wire_decode_pkt_hdr
In preparation for supporting the handling of version negotiation, we
need to be able to detect why the decoding of quic header failed.
Specifically, ossl_quic_wire_decode_pkt_hdr fails if the version
provided in the header isn't QUIC_VERSION_1. We want to keep that, as
we don't support anything else, but the server code needs to
differentiate when we fail decode because of a version problem, vs some
other more fatal malforming issue.
So add a uint64_t *fail_cause pointer that gets filled out with a
failure cause. We only use VERSION failures right now, but we can
expand this later if needed
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25968)
Neil Horman [Thu, 7 Nov 2024 14:34:29 +0000 (09:34 -0500)]
Include RETRY_CID transport parameter when handling retried connection
After sending a retry frame from a server, the subsequent server hello
record must include the RETRY_SCID transport parameter, as per RFC 9000:
https://datatracker.ietf.org/doc/html/rfc9000#section-7.3
Implement the encoding of said retry_source_connection_id transport
param, and fix up tests to address the impact of that change. Test
changes amount to:
1) quicapitest needs to have its tparam test augmented such that it
doesn't inject the retry_scid on its own, as the quic stack does it
for the test now
2) quicapitest needs to have the ssl_trace test adjusted so the expected
record values are reflected.
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25890)
Neil Horman [Wed, 6 Nov 2024 13:47:04 +0000 (08:47 -0500)]
Select proper ORIG_DCID when sending server hello over quic
When establishing a connection over quic, if the channel is established
in response to a retry request from the server, the ORIG_DCID transport
parameter must reflect the original dcid sent from the client in the
first inital packet that the server sent the retry request in response
to.
As opposed to establishing a connection without the retry request, when
address validation isn't in use, where the ORIG_DCID parameter just
represents the the dcid that the client sent.
Augment the channel creation code to select the 'right' DCID when
encoding server side transport parameters
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25890)
Neil Horman [Tue, 5 Nov 2024 21:25:25 +0000 (16:25 -0500)]
Generate initial packet keys based on new dcid for addr validation
When using retry packets in QUIC to implement address validation, the
2nd inital packet that arrives after the server sends the retry frame
will have its CRYPTO packet encrypted using keys derived from the new
dcid, rather than the dcid in the 1st initial packet. Update the
channel creation code to update those keys on the server so that the
CRYPTO packet is decrypted successfully
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25890)
Saša Nedvědický [Tue, 5 Nov 2024 21:15:55 +0000 (16:15 -0500)]
Implement Server Address validation using retry packets
RFC 9000 describes a method for preforming server address validation on
QUIC using retry packets. Based on:
https://datatracker.ietf.org/doc/html/rfc9000#section-17.2.5.2
We do the following:
1) Client sends an Initial packet without a retry token
2) Server abandons the initial packet and responds with a retry frame
which includes a retry token and integrity tag and new SCID
3) Client send the initial packet again, updating the encryption keys
for the connection based on the SCID sent in (2), using it as the new
DCID, including the retry token/tag provided in (2).
4) Server validates the token in (3) and creates a new connection using
the updated DCID from the client to generate its encryption keys
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25890)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC: Update SSL_poll documentation
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC: Glossary updates
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC RADIX: Use enhanced blocking support when testing
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC RADIX: Test listener polling support
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC RADIX: Test new SSL_poll functionality
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC MULTISTREAM TEST: Remove test that blocking SSL_poll doesn't work
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
RIO: Amend SSL_poll code to correctly register blocking operations for inter-thread notification
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
QUIC POLLING: Add support for polling listeners
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)
Hugo Landau [Mon, 13 May 2024 19:20:23 +0000 (20:20 +0100)]
RIO: Amend SSL_poll to support blocking on QUIC objects
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25416)