[openssl/openssl] 8e520d: Postpone two TODO(QUIC) items appropriately

Matt Caswell noreply at github.com
Fri Oct 20 15:43:20 UTC 2023


  Branch: refs/heads/master
  Home:   https://github.com/openssl/openssl
  Commit: 8e520d2714abf4c6254ceec24b57f238433541ee
      https://github.com/openssl/openssl/commit/8e520d2714abf4c6254ceec24b57f238433541ee
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M ssl/quic/quic_channel.c
    M ssl/quic/quic_tserver.c

  Log Message:
  -----------
  Postpone two TODO(QUIC) items appropriately

The one in ch_rx_handle_packet() is a tuning thing -> QUIC FUTURE
The one in ossl_quic_tserver_shutdown() is a server thing -> QUIC SERVER

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)


  Commit: 7757f5ef731ad4e8d6c0f59ef752e4f726ba4f90
      https://github.com/openssl/openssl/commit/7757f5ef731ad4e8d6c0f59ef752e4f726ba4f90
  Author: Tomas Mraz <tomas at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M doc/man3/SSL_CTX_set_quiet_shutdown.pod
    M doc/man3/SSL_set_shutdown.pod
    M include/internal/quic_channel.h
    M include/internal/quic_ssl.h
    M ssl/quic/quic_channel.c
    M ssl/quic/quic_impl.c
    M ssl/ssl_lib.c
    M test/quicapitest.c

  Log Message:
  -----------
  QUIC: Add handling of SSL_get_shutdown()

Return SSL_SENT_SHUTDOWN and SSL_RECEIVED_SHUTDOWN with semantics
similar to TLS connections.

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22408)


  Commit: 21f7a09ca256eee0ccc9a8fc498e8427469ab506
      https://github.com/openssl/openssl/commit/21f7a09ca256eee0ccc9a8fc498e8427469ab506
  Author: Neil Horman <nhorman at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M apps/openssl-vms.cnf
    M apps/openssl.cnf
    M apps/pkcs12.c
    M doc/man1/openssl-pkcs12.pod.in
    M test/recipes/80-test_pkcs12.t
    R test/recipes/80-test_pkcs12_data/jdk_trusted.cnf

  Log Message:
  -----------
  Convert jdkTrustedKeyUsage to be a pkcs12 cmd line option

Creating JDK compatible pkcs12 files requires a bit more than just
adding the Trusted Key Usage OID to a certbag in the pkcs12 file.
Additionally the JDK currently requires that pkcs12 files setting this
oid _not_ contain any additional keys, and in response will produce
unpredictable results.

This could be solved by implying --nokeys when the pkcs12 utility is run
and the config option is set, but thatcould confuse users who didn't
specify nokeys on the command line.  As such, remove the config file
setting for this feature, and replace it with a -jdktrust command line
option, that is documented to assert nokeys when a users specifies the
new command line option.

Fixes #22215

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22422)


  Commit: 461d41174b33e365677d21bf176d6959b15c2468
      https://github.com/openssl/openssl/commit/461d41174b33e365677d21bf176d6959b15c2468
  Author: Hugo Landau <hlandau at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M include/internal/quic_txp.h
    M ssl/quic/quic_channel.c
    M ssl/quic/quic_txp.c
    M test/quic_multistream_test.c
    M test/quic_txp_test.c

  Log Message:
  -----------
  QUIC: Prevent incoming oversize tokens

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22436)


  Commit: 055f3dd140f124df6f2d8f3f910f00928224b04f
      https://github.com/openssl/openssl/commit/055f3dd140f124df6f2d8f3f910f00928224b04f
  Author: Hugo Landau <hlandau at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M test/quic_multistream_test.c

  Log Message:
  -----------
  QUIC: Test handling of post-connection session tickets

Reviewed-by: Tomas Mraz <tomas at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22439)


  Commit: c239bc9e960b866093dbc666c78c78935233750c
      https://github.com/openssl/openssl/commit/c239bc9e960b866093dbc666c78c78935233750c
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M include/internal/time.h

  Log Message:
  -----------
  Round up nano secs when converting OSSL_TIME to struct timeval

struct timeval doesn't support nanosecs but OSSL_TIME does. We round up
any nanosecs to ensure that a non-zero input always results in a non-zero
output.

This fixes a quic-client fuzzer hang.

Fixes #22437

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)


  Commit: 039119a0f3eeb610689f21834ea04cc1f0efe8df
      https://github.com/openssl/openssl/commit/039119a0f3eeb610689f21834ea04cc1f0efe8df
  Author: Matt Caswell <matt at openssl.org>
  Date:   2023-10-20 (Fri, 20 Oct 2023)

  Changed paths:
    M test/build.info
    A test/recipes/02-test_time.t
    A test/time_test.c

  Log Message:
  -----------
  Add a test for converting OSSL_TIME to struct timeval

Reviewed-by: Hugo Landau <hlandau at openssl.org>
Reviewed-by: Tomas Mraz <tomas at openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22440)


Compare: https://github.com/openssl/openssl/compare/5516d20226c4...039119a0f3ee


More information about the openssl-commits mailing list