public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
openssl/ssl/quic
History
Alexandr Nedvedicky 96075a6a40 Fix AEAD validation of initial packets in port 
The interoperability tests disable client ip address
validation done by RETRY packet. All tests done in CI
take code path which sends a retry packet.

The first initial packet sent by client uses a different
initial encryption level keys to protect packet integrity.
The keys are derived from DCID chosen by client.

When server accepts connection on behalf of initial packet,
the 'DCID' gets changed which means the initial level encryption keys
are changing too. So when server skips sending a retry packet,
it must forget the qrx which was used to validate initial
packet sent by client.

Forgetting qrx is not straightforward, we must salvage the
unencrypted packets left there after they were validated.
Those unencrypted packets must be injected to newly created channel.

Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26808)
2025-02-25 12:05:10 +01:00
..
build.info Fixup conflict between 3rd party quic-tls api and quic-server 2025-02-17 11:27:34 -05:00
cc_newreno.c Resolve some of the TODO(QUIC) items 2023-08-08 15:58:59 +02:00
json_enc.c Copyright year updates 2024-04-09 13:43:26 +02:00
qlog.c Copyright year updates 2024-04-09 13:43:26 +02:00
qlog_event_helpers.c Copyright year updates 2024-04-09 13:43:26 +02:00
quic_ackm.c If the loss detection timer has fired we may not have lost packets 2023-10-30 08:01:58 +00:00
quic_cfq.c Copyright year updates 2024-09-05 09:35:49 +02:00
quic_channel.c Fix AEAD validation of initial packets in port 2025-02-25 12:05:10 +01:00
quic_channel_local.h Perform initial AEAD validation before creating a channel 2025-02-25 12:04:09 +01:00
quic_demux.c use-of-uninitialized-value in quic_tserver_test 2025-01-06 20:46:08 +01:00
quic_engine.c Simplify the QUIC time override handling 2025-02-17 11:27:32 -05:00
quic_engine_local.h Minor updates 2023-12-21 08:12:06 +00:00
quic_fc.c Copyright year updates 2024-04-09 13:43:26 +02:00
quic_fifd.c Copyright year updates 2024-04-09 13:43:26 +02:00
quic_impl.c Various NULL checks 2025-02-21 15:07:27 -05:00
quic_lcidm.c Use siphash to implement lcidm hash function 2025-02-22 13:23:16 -05:00
quic_local.h Remove vestigual accepted flag 2025-02-17 11:27:33 -05:00
quic_method.c QUIC APL: Implement base listener API, move addressing mode handling into PORT 2025-02-17 11:27:32 -05:00
quic_obj.c QUIC OBJ: Require blocking support in the domain flags to use blocking mode 2025-02-17 11:27:32 -05:00
quic_obj_local.h QUIC APL: Refine domain flag handling 2025-02-17 11:27:32 -05:00
quic_port.c Fix AEAD validation of initial packets in port 2025-02-25 12:05:10 +01:00
quic_port_local.h Add callback to get user ssl on channel creation 2025-02-17 11:27:33 -05:00
quic_rcidm.c Rename list macros 2024-09-26 10:02:30 +02:00
quic_reactor.c QUIC REACTOR: Add support for external registration of blocking operations 2025-02-17 11:27:33 -05:00
quic_reactor_wait_ctx.c QUIC REACTOR: Add utility for tracking recursive blocking operations 2025-02-17 11:27:33 -05:00
quic_record_rx.c Fix AEAD validation of initial packets in port 2025-02-25 12:05:10 +01:00
quic_record_shared.c ossl_qrl_enc_level_set_provide_secret(): Avoid leaking keyslot in error condition 2023-11-06 07:47:17 +00:00
quic_record_shared.h TX key update support, RX time and PN reporting, general refactoring 2022-09-02 10:03:55 +02:00
quic_record_tx.c Copyright year updates 2024-04-09 13:43:26 +02:00
quic_record_util.c Copyright year updates 2024-09-05 09:35:49 +02:00
quic_rstream.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_rx_depack.c Move implementation of RETIRE CONN ID frames to QUIC FUTURE 2025-02-17 11:27:34 -05:00
quic_sf_list.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_srt_gen.c QUIC SRT GEN: Minor updates 2023-11-25 09:14:05 +00:00
quic_srtm.c Copyright year updates 2024-04-09 13:43:26 +02:00
quic_sstream.c QUIC SSTREAM: Fix bug in ossl_quic_sstream_is_totally_acked 2023-11-02 08:49:01 +00:00
quic_statm.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_stream_map.c Add (void) cast to result of ossl_quic_rxfc_on_retire() 2024-07-08 18:17:15 +02:00
quic_thread_assist.c Simplify the QUIC time override handling 2025-02-17 11:27:32 -05:00
quic_tls.c Various NULL checks 2025-02-21 15:07:27 -05:00
quic_tls_api.c Added new API to enable 0-RTT for 3rd party QUIC stacks. 2025-02-21 12:01:30 +01:00
quic_trace.c Fix ossl_quic_trace to fetch connection short conn id len 2025-02-17 11:27:34 -05:00
quic_tserver.c Add api to fetch short conn id len from a given channel/tserver 2025-02-17 11:27:34 -05:00
quic_txp.c Move handling of connection close frames to QUIC FUTURE 2025-02-17 11:27:34 -05:00
quic_txpim.c Copyright year updates 2023-09-07 09:59:15 +01:00
quic_types.c QUIC: Move CID generation to quic_types.c 2023-12-21 08:12:06 +00:00
quic_wire.c Copyright year updates 2024-04-09 13:43:26 +02:00
quic_wire_pkt.c Augment ossl_quic_wire_decode_pkt_hdr 2025-02-17 11:27:33 -05:00
uint_set.c Copyright year updates 2023-09-07 09:59:15 +01:00