[openssl/openssl] b644a9: Unexpected QUIC post-handshake CertificateRequests...
Matt Caswell
noreply at github.com
Tue Aug 15 13:50:15 UTC 2023
Branch: refs/heads/master
Home: https://github.com/openssl/openssl
Commit: b644a9323f0060e27b3e45101856dc9e3bec0ac4
https://github.com/openssl/openssl/commit/b644a9323f0060e27b3e45101856dc9e3bec0ac4
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M include/internal/quic_tls.h
M ssl/quic/quic_channel.c
M ssl/quic/quic_tls.c
Log Message:
-----------
Unexpected QUIC post-handshake CertificateRequests are a PROTOCOL_VIOLATION
An OpenSSL QUIC client does not send the post_handshake_auth extension.
Therefore if a server sends a post-handsahke CertificateRequest then this
would be treated as a TLS protocol violation with an "unexpected message"
alert code. However RFC 9001 specifically requires us to treat this as
QUIC PROTOCOL_VIOLATION. So we have to translate the "unexpected message"
alert code in this one instance.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Commit: 0f2add9e8d4c1dc09848ea12aaad2eb4c5358bf2
https://github.com/openssl/openssl/commit/0f2add9e8d4c1dc09848ea12aaad2eb4c5358bf2
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M ssl/s3_lib.c
Log Message:
-----------
Don't forget we are doing QUIC if we clear the QUIC TLS data
We should retain the TLS1_FLAGS_QUIC setting in in s3.flags even after a
"clear" operation.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Commit: 04c7fb53e0437f83e2476e5d55a1af61959fadf5
https://github.com/openssl/openssl/commit/04c7fb53e0437f83e2476e5d55a1af61959fadf5
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M include/internal/quic_tls.h
M ssl/quic/quic_channel.c
M ssl/quic/quic_tls.c
M ssl/statem/extensions_clnt.c
Log Message:
-----------
NewSessionTickets with an early_data extension must have a valid max value
The max_early_data value must be 0xffffffff if the extension is present in
a NewSessionTicket message in QUIC. Otherwise it is a PROTOCOL_VIOLATION.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Commit: 50a0af2e41ea61a79c19c17f9e87541e283ba8bf
https://github.com/openssl/openssl/commit/50a0af2e41ea61a79c19c17f9e87541e283ba8bf
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M ssl/statem/statem_clnt.c
M ssl/statem/statem_srvr.c
Log Message:
-----------
TLS KeyUpdate messages are not allowed in QUIC
We already disallowed the sending of TLS KeyUpdate messages. We also treat
the receipt of a TLS KeyUpdate message as an unexpected message.
RFC 9001 section 6:
Endpoints MUST treat the receipt of a TLS KeyUpdate message as a connection
error of type 0x010a, equivalent to a fatal TLS alert of unexpected_message;
see Section 4.8.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Commit: 614c08c23999e39945b556851eabff157aef833f
https://github.com/openssl/openssl/commit/614c08c23999e39945b556851eabff157aef833f
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M include/internal/quic_tserver.h
M ssl/quic/quic_tserver.c
M test/quic_multistream_test.c
Log Message:
-----------
Add the ability to send NewSessionTicket messages when we want them
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Commit: 644ef0bb696eeaf3572e858b2beeca17b0621a3f
https://github.com/openssl/openssl/commit/644ef0bb696eeaf3572e858b2beeca17b0621a3f
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M include/internal/quic_tserver.h
M ssl/quic/quic_tserver.c
M test/quic_multistream_test.c
Log Message:
-----------
Add a test for receiving a post-handshake CertificateRequest
This should result in a QUIC PROTOCOL_VIOLATION
We also add tests for a post-handshake KeyUpdate, and a NewSessionTicket
with an invalid max_early_data value.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Commit: 643f542a89bee93e043d0899b2a1ca700d1cc418
https://github.com/openssl/openssl/commit/643f542a89bee93e043d0899b2a1ca700d1cc418
Author: Matt Caswell <matt at openssl.org>
Date: 2023-08-15 (Tue, 15 Aug 2023)
Changed paths:
M ssl/quic/quic_tls.c
Log Message:
-----------
Fix a use-after-free in quic_tls.c
The comments in quic_tls.c claimed that the dummybio was never used by
us. In fact that is not entirely correct since we set and cleared the
retry flags on it. This means that we have to manage it properly, and update
it in the event of set1_bio() call on the record layer method.
Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21686)
Compare: https://github.com/openssl/openssl/compare/98d81174d376...643f542a89be
More information about the openssl-commits
mailing list