Shakti Shah [Wed, 19 Feb 2025 16:08:36 +0000 (21:38 +0530)]
Make org.openssl.winstore: work in openssl-ts
Fixes #26739
Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26833)
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26831)
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26825)
Pauli [Wed, 19 Feb 2025 03:51:18 +0000 (14:51 +1100)]
slh-dsa: use fast flavours for FIPS Power Up Self Test
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26821)
Pauli [Fri, 14 Feb 2025 01:55:21 +0000 (12:55 +1100)]
slh-dsa: add signature generation tests
This marks the first use of the extended test feature in evp_test.
The reason behind this is the amount of time the full SLH-DSA tests consume.
The non-extended tests chosen so that they exercise all of the algorithms
at least once and all the varying combinations of features for the fast
algorithms.
On my build machine the full test suite takes: 290 seconds.
With the reduction to a dozen tests it takes: 10.5 seconds.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/26750)
Viktor Dukhovni [Tue, 18 Feb 2025 07:42:41 +0000 (18:42 +1100)]
More consistent ML-KEM key checks
- Cross-check seed `z` value on import as well as load.
- In import/load When re-generating from a seed, check hash of any
explicit private key when both provided.
- Avoid leak of expanded key encoding when load fails.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26812)
Viktor Dukhovni [Tue, 18 Feb 2025 09:41:13 +0000 (20:41 +1100)]
Typo fix
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26813)
Viktor Dukhovni [Tue, 18 Feb 2025 14:44:17 +0000 (01:44 +1100)]
ssl3_ctrl(): Fix condition in SSL_CTRL_GET_PEER_SIGNATURE_NAME
Reviewed-by: Kurt Roeckx <kurt@roeckx.be> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26819)
Neil Horman [Tue, 18 Feb 2025 14:01:40 +0000 (09:01 -0500)]
Relax checking of supported-groups/keyshare ordering
quic interop testing showed that interop with the mvfst client was
failing, due to detecting mis ordering of supported groups and keyshare
extensions
This is strictly a mvfst problem to fix, but RFC 8446 indicates that we
MAY check the ordering but don't strictly have to.
We've opened an issue with the client to fix this, but in the interests
of client compatibility relax the ordering check so that, instead of
issuing a fatal alert, we just log a trace message indicating the
discrepancy
Fixes openssl/project#1106
Reviewed-by: Saša Nedvědický <sashan@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26818)
Pauli [Tue, 18 Feb 2025 01:45:58 +0000 (12:45 +1100)]
ssl_test: correctly handle ML-DSA being disabled
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26806)
Pauli [Mon, 17 Feb 2025 23:04:58 +0000 (10:04 +1100)]
mldsa: add run-checker workflow for no-ml-dsa option
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26806)
Pauli [Mon, 17 Feb 2025 23:08:11 +0000 (10:08 +1100)]
ml-kem: add ML-KEM to bulk disable cascade
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26807)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tom Cosgrove <tom.cosgrove@arm.com>
(Merged from https://github.com/openssl/openssl/pull/26793)
Neil Horman [Mon, 17 Feb 2025 15:13:32 +0000 (10:13 -0500)]
Free hashtable prior to freeing atomic worker_lock
lhash_test uses a hashtable that may not be empty at the end of the test
Given that the free function frees the elements in the list and uses the
atomic worker_lock to do so, we need to free the hash table prior to
freeing the working lock to avoid the use of unallocated memory.
Fixes #26798
Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de> Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26800)
Neil Horman [Fri, 7 Feb 2025 19:37:57 +0000 (14:37 -0500)]
Initial slh-dsa fuzzer
Current preforms the following operations
1) Generates arbitrary key pairs
2) Generates key pairs with parameters (both correct and incorrect)
based on fuzzer input buffer
3) Exports and re-imports keys, confirming validity
4) Preforms Sign and Verify operations with optional parameters based on
fuzzer input buffer
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26708)
slontis [Tue, 11 Feb 2025 04:30:59 +0000 (15:30 +1100)]
SLH-DSA: Add EVP_PKEY_CTX_dup() support.
Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Paul Dale <ppzgs1@gmail.com>
(Merged from https://github.com/openssl/openssl/pull/26701)
slontis [Tue, 4 Feb 2025 06:39:34 +0000 (17:39 +1100)]
SLH_DSA: Make apps.c do_X509_REQ_verify() call work correctly.
- Added sigid_algs for SLH_DSA such that OBJ_find_sigid_algs() works.
- OBJ_sn2nid() was also being called, so the SN form of SLH_DSA
algorithms needed to be added to the provider dispatch tables.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26625)
slontis [Tue, 4 Feb 2025 03:35:38 +0000 (14:35 +1100)]
SLH_DSA: Add support for generating X509 certs via the openssl
command line app.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26625)
slontis [Tue, 28 Jan 2025 03:14:53 +0000 (14:14 +1100)]
SLH-DSA cleanups
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 23 Jan 2025 03:51:42 +0000 (14:51 +1100)]
SLH-DSA More fixups
Also added slh_dsa_key_dup()
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 22 Jan 2025 23:26:51 +0000 (10:26 +1100)]
SLH-DSA: Remove legacy ASN1 method tables for SLH-DSA. Update to use
custom encoders for SLH_DSA decode_der2key.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 22 Jan 2025 21:20:58 +0000 (08:20 +1100)]
SLH-DSA cleanups
Addressed some review comments.
- Ref counting has been removed from SLH_DSA_KEY (EVP_PKEY is responsible
for the keys ref counting).
- Moved constants and prefetched objects into SLH_DSA_KEY.
- The SLH_DSA_HASH_CTX is still required since there are multiple
contexts that need to propagate to a lot of functions, but it no
longer contains the constants. Note that it also holds a pointer to
the SLH_DSA_KEY.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 21 Nov 2024 05:09:18 +0000 (16:09 +1100)]
Add SLH_DSA key validation.
The pairwise test requires that the computed PK_ROOT key matches the
keys PK_ROOT value. The public and private key tests just require the
key elements to exist.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 21 Nov 2024 01:15:24 +0000 (12:15 +1100)]
Add SLH-DSA FIPS self tests
This requires a keygen test, as well as Sign/Verify tests for at least 1
sha2 algorithm and 1 shake related algorithm.
A pairwise consistency test has also been added to the key generation.
Note that self test datat for the signature is currently stored as a
sha256 digest in order to reduce the memory footprint.
(Since the signature size for sha2/shake using 128s = ~8K, and for 128f = ~17K)
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 19 Nov 2024 04:40:13 +0000 (15:40 +1100)]
Add SLH-DSA encoder/decoder support.
This required adding additional EVP_PKEY_ASN1_METHOD methods.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 12 Nov 2024 23:59:10 +0000 (10:59 +1100)]
Address style check nits for SLH-DSA
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 12 Nov 2024 07:35:10 +0000 (18:35 +1100)]
Update SLH-DSA code to use PACKET and WPACKET.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Sun, 10 Nov 2024 23:41:35 +0000 (10:41 +1100)]
Update SLH-DSAto use EVP_PKEY_sign_message_init() instead of using the
prehashed variant.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Fri, 8 Nov 2024 06:23:18 +0000 (17:23 +1100)]
Add SLH-DSA design document
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Fri, 8 Nov 2024 05:16:59 +0000 (16:16 +1100)]
Add SLH-DSA documentation
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Fri, 8 Nov 2024 05:08:31 +0000 (16:08 +1100)]
SLH-DSA clean ups
- Make slh_dsa_sign() return the siglen when sig is NULL.
- Remove the ability in fromdata to generate the public key root
given the private key and public key seed. This was messy and can
be done by key generation instead.
- Add common EVP_PKEY gettablesto SLH_DSA keys
(OSSL_PKEY_PARAM_BITS, OSSL_PKEY_PARAM_SECURITY_BITS, and
OSSL_PKEY_PARAM_MAX_SIZE).
- Update tests based on the above changes.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 10:01:27 +0000 (21:01 +1100)]
Zeorize some secret values in SLH_DSA
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 08:01:16 +0000 (19:01 +1100)]
Added return code checks to SLH_DSA Hash functions and propogated the
values thru the calling functions.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 06:43:19 +0000 (17:43 +1100)]
Add SLH_DSA to the FIPS provider.
The keygen tests required "entropy" to be added via an additional
parameter for ACVP testing. This is required because TEST_RAND cant be
used to pass entropy to the FIPS provider, due to it not knowing the
lib ctx of the FIPS provider.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 03:59:45 +0000 (14:59 +1100)]
Add support for all 12 SLH-DSA parameter sets.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Thu, 7 Nov 2024 00:24:06 +0000 (11:24 +1100)]
Add SLH-DSA signing.
Also updated function comments.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 6 Nov 2024 10:45:29 +0000 (21:45 +1100)]
Add SLH-DSA key generation
Also made fromdata able to generate the public root key if the private
key seed + prf as well as the public key seed are passed to from data.
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 6 Nov 2024 06:37:08 +0000 (17:37 +1100)]
Add SLH_DSA signature verification.
This uses a SLH_DSA_CTX that is passed to most functions.
It contains information related to a parameter set (such as constants,
hash functions, prefetched EVP_MD/EVP_MAC objects, as well as ADDRESS
functions). This context is seperated from the SLH_DSA_KEY since
multiple signature operations could be performed using the same keys.
This only implements functions required for SLH-DSA-SHA2-128s
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Wed, 6 Nov 2024 03:22:45 +0000 (14:22 +1100)]
Add base code to load a SLH_DSA public key.
This loads a SLH_DSA public key from data.
A simple SLH_DSA keymanager imports this key.
Initially this only has a parameter set for
SLH-DSA-SHA2-128s
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
slontis [Tue, 5 Nov 2024 04:18:41 +0000 (15:18 +1100)]
Add SLH_DSA configuration option
Reviewed-by: Paul Dale <ppzgs1@gmail.com> Reviewed-by: Viktor Dukhovni <viktor@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25882)
Pauli [Mon, 10 Feb 2025 22:32:28 +0000 (09:32 +1100)]
fips: omit PCT on key import
Our lab thinks the IG 10.3.A additional comment 1 is a mistake and that
a PCT on import is not required.
Reviewed-by: Shane Lontis <shane.lontis@oracle.com> Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26785)
Neil Horman [Fri, 14 Feb 2025 19:21:31 +0000 (14:21 -0500)]
Readd the inclusion of quic_record_util.h to quic_tls.c
Some refactoring on master removed the inclusion of quic_local.h from
ssl_local.h, which quic_tls.c needed on the server branch to pull in the
QRL_SUITE_AES128GCM and simmilar definitions. Fix it by specifcially
adding quic_record_util.h into quic_tls.c, as we only need a few defines
from that header.
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26762)
Neil Horman [Fri, 14 Feb 2025 20:58:58 +0000 (15:58 -0500)]
Fixup conflict between 3rd party quic-tls api and quic-server
Build.info changes between quic-server and master occured here, resolve
them. Can't do it as a fixup as the conficting changes have already
been merged to master
Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26762)
Backout validation of initial packet done by port_default_packet_handler()
QUIC interoperability tests discovered bugs in my earlier commit #59e7c2313be7cff.
This change reverts everything out.
Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26748)
Perform initial AEAD validation before creating a channel
We let port to create qrx object and use it for
packet validation. If packet validates, we then
create channel and pass pre-created qrx to channel's
constructor.
Co-authored-by: Andrew Dinh <andrewd@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26610)
Neil Horman [Wed, 29 Jan 2025 19:10:09 +0000 (14:10 -0500)]
Fix ossl_quic_trace to fetch connection short conn id len
ossl_quic_trace currently fails to get the connection id when parsing a
short header. now that we have an api to get the known length, go ahead
and use that to parse the header properly
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26592)
Neil Horman [Sat, 1 Feb 2025 16:28:25 +0000 (11:28 -0500)]
Remove NEW_TOKEN public api
@sashan and I were discussing the usefulness of the public facing api
for NEW_TOKEN support, and he has concerns over its usefulness and our
being stuck with it if we need to make changes later. Given that it is
a convience api for using multiple CTX-es to share a cache, its fine if
we remove it for now, as that seems like a less common use case.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Thu, 30 Jan 2025 17:14:26 +0000 (12:14 -0500)]
Rename token_store functions to make them consistent
we use get0 to get a token store, but set to set it. Since the latter
takes a refcount, change that to set1. Also rename the interal quic
functions to match.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Tue, 28 Jan 2025 13:58:19 +0000 (08:58 -0500)]
Reduce our NEW_TOKEN send rate.
Currently, we send a NEW_TOKEN frame on every new validated connection,
but thats not necessecary. Since NEW_TOKEN tokens have a lifetime of 1
hour currently, we really only need to send a NEW_TOKEN if:
1) We validated a RETRY token
or
2) We validated a NEW_TOKEN for which the lifetime is nearing its limit
So lets do that. When we validate a token, only generate a NEW_TOKEN if
the current token is a RETRY token, or if its a NEW_TOKEN, and there is
less than 10% of the tokens lifetime remaining.
This lets clients use NEW_TOKENS repeatedly (as per the RFC), and saves
us some network bandwith.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Mon, 27 Jan 2025 21:32:32 +0000 (16:32 -0500)]
Don't reserve an unused cid for NEW_TOKENS
Just realized that NEW_TOKEN tokens don't need a reserved rscid.
Because a client might use a received NEW_TOKEN for multiple subsequent
connections, we allocate a cid when we validate the token on new
connection establishment (in fact we just use the one that the client
sends). As such the allocated rscid never gets used, and just sits
there until it ages out.
Instead, fill the rscid with random data to mutate subsequently
generated NEW_TOKENS's, since it won't ever be part of the validation
process anyway.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
Neil Horman [Mon, 27 Jan 2025 18:56:40 +0000 (13:56 -0500)]
Reference count QUIC_TOKENS
closer reading of RFC 9000 indicates that a NEW_TOKEN token can be
(re)used repeatedly.
so instead of creating a use once and discard pattern in the token api.
Let the tokens stick around until they are replaced with a new token
from the server. To do this, we need to ref count the tokens so that we
don't accidentally free them while a given client is waiting to send an
initial frame making use of them.
Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
projects / thirdparty / openssl.git / log
