From: Hugo Landau Date: Thu, 9 Nov 2023 10:27:14 +0000 (+0000) Subject: QUIC CHANNEL, LCIDM: Factor duplicate CID generation function X-Git-Tag: openssl-3.3.0-alpha1~415 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=29fbdfafafcc5fa705f445a9f63ddd8207bf9f06;p=thirdparty%2Fopenssl.git QUIC CHANNEL, LCIDM: Factor duplicate CID generation function Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell (Merged from https://github.com/openssl/openssl/pull/22674) --- diff --git a/include/internal/quic_types.h b/include/internal/quic_types.h index 1d3816a2098..fa1ac81ca1e 100644 --- a/include/internal/quic_types.h +++ b/include/internal/quic_types.h @@ -87,6 +87,13 @@ static ossl_unused ossl_inline int ossl_quic_conn_id_eq(const QUIC_CONN_ID *a, return memcmp(a->id, b->id, a->id_len) == 0; } +/* + * Generates a random CID of the given length. libctx may be NULL. + * Returns 1 on success or 0 on failure. + */ +int ossl_quic_gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, + QUIC_CONN_ID *cid); + # define QUIC_MIN_INITIAL_DGRAM_LEN 1200 # define QUIC_DEFAULT_ACK_DELAY_EXP 3 diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 0b1eea2babd..aed911ad9fd 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -102,22 +102,6 @@ static void ch_raise_version_neg_failure(QUIC_CHANNEL *ch); DEFINE_LHASH_OF_EX(QUIC_SRT_ELEM); -static int gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, QUIC_CONN_ID *cid) -{ - if (len > QUIC_MAX_CONN_ID_LEN) - return 0; - - cid->id_len = (unsigned char)len; - - if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) { - ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB); - cid->id_len = 0; - return 0; - } - - return 1; -} - /* * QUIC Channel Initialization and Teardown * ======================================== @@ -145,7 +129,8 @@ static int ch_init(QUIC_CHANNEL *ch) /* For clients, generate our initial DCID. */ if (!ch->is_server - && !gen_rand_conn_id(ch->port->libctx, tx_init_dcid_len, &ch->init_dcid)) + && !ossl_quic_gen_rand_conn_id(ch->port->libctx, tx_init_dcid_len, + &ch->init_dcid)) goto err; /* We plug in a network write BIO to the QTX later when we get one. */ diff --git a/ssl/quic/quic_lcidm.c b/ssl/quic/quic_lcidm.c index a3315164c7c..e5948b95e90 100644 --- a/ssl/quic/quic_lcidm.c +++ b/ssl/quic/quic_lcidm.c @@ -287,26 +287,6 @@ size_t ossl_quic_lcidm_get_num_active_lcid(const QUIC_LCIDM *lcidm, return conn->num_active_lcid; } -#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION - -static int gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, QUIC_CONN_ID *cid) -{ - if (len > QUIC_MAX_CONN_ID_LEN) - return 0; - - cid->id_len = (unsigned char)len; - - if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) { - ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB); - cid->id_len = 0; - return 0; - } - - return 1; -} - -#endif - static int lcidm_generate_cid(QUIC_LCIDM *lcidm, QUIC_CONN_ID *cid) { @@ -322,7 +302,7 @@ static int lcidm_generate_cid(QUIC_LCIDM *lcidm, return 1; #else - return gen_rand_conn_id(lcidm->libctx, lcidm->lcid_len, cid); + return ossl_quic_gen_rand_conn_id(lcidm->libctx, lcidm->lcid_len, cid); #endif } diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c index 425e7efc2ed..faf80cfd07a 100644 --- a/ssl/quic/quic_wire.c +++ b/ssl/quic/quic_wire.c @@ -9,6 +9,7 @@ #include #include +#include #include "internal/quic_ssl.h" #include "internal/quic_vlint.h" #include "internal/quic_wire.h" @@ -1076,3 +1077,20 @@ const char *ossl_quic_err_to_string(uint64_t error_code) return NULL; } } + +int ossl_quic_gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, + QUIC_CONN_ID *cid) +{ + if (len > QUIC_MAX_CONN_ID_LEN) + return 0; + + cid->id_len = (unsigned char)len; + + if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) { + ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB); + cid->id_len = 0; + return 0; + } + + return 1; +}