Its been reported that, when using SSL_listen_ex to obtain a new
connection from a listener, that, if the listener is freed prior to the
obtained connection, we get use-after-free conditions when freeing said
obtained connections.
This occurs because SSL_listen_ex fails to take a reference on the
parent listener SSL object (in the same way that SSL_new_from_listener
does). If the listener is freed first, then several listener resources
are freed, which the obtained connection still makes use of, hence the
use-after-free.
The fix is to do what SSL_new_from_listener does, namely:
1) Increase the reference count on the listener SSL object.
2) Ensure that the connection qc->listener points to the listener object
so that, when the connection is freed, we call SSL_free on the
listener object, dropping the reference count we take in
SSL_listen_ex.
While we're at it, this PR also modifies the quicapi test for testing
the SSL_listen_ex call, freeing the listener first to ensure that the
increased refcount holds the SSL object data stable until the connection
is freed.
Thanks to Stanislav Fort at Asile Research for pointing out this issue.
fixesopenssl/project#1766
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/29398)
This change introduces a new public API symbol: SSL_get_peer_addr().
The change is QUIC-only, there are no changes for TLS connections
- API: add peer address query for QUIC connections
* Internal: declare/implement ossl_quic_get_peer_addr(SSL*, BIO_ADDR*)
* Public: declare/implement SSL_get_peer_addr(SSL*, BIO_ADDR*)
Rationale:
- Allow applications to retrieve the remote UDP tuple for QUIC sessions
(e.g., logging, access control, diagnostics)
Provided documentation and test cases for SSL_get_peer_addr().
Set peer via channel API on new-conn.
- In ch_on_new_conn_common(), BIO_ADDR_copy(&ch->cur_peer_addr, peer)
was replaced with ossl_quic_channel_set_peer_addr(ch, peer) so
addressed_mode is enabled at connection bring-up.
Dropped redundant peer detection in create_qc_from_incoming_conn()
The peer address is now propagated in ch_on_new_conn_common() via
ossl_quic_channel_set_peer_addr(), so the channel is already in
"addressed" mode. This also avoids querying the (unconnected) server
UDP BIO, reduces duplication, and simplifies the accept path. All
regression tests pass.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/28690)
The test_bio_ssl test in quicapitest is failing on windows. Something
about the timing there is causing wide variance in how long it takes to
establish a handshake (between 130-6500 iterations).
Convert it to use fake time to make it run consistently.
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26801)
Basically just create two clients and two servers, ensuring that both
clients use the same ctx (to share the token cache).
Connect the first client and server so that the cache gets populated
with a new token, tracing the ssl connection
Connect the second client and server, again tracing the connection with
the same bio
Then sift through the trace, looking for the new token frame in the
first connection, matching it with the token used in the second
connection.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26517)
SSL_new_from_listner() creates QUIC connection object (QCSO)
from listener. Caller can use the object retuned from
SSL_new_from_listener() to connect to remote QUIC server.
The QCSO created here shares engine/port with listener.
the change is covered by `test_ssl_new_from_listener()` in
test/quicapitest.c
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26138)
After sending a retry frame from a server, the subsequent server hello
record must include the RETRY_SCID transport parameter, as per RFC 9000:
https://datatracker.ietf.org/doc/html/rfc9000#section-7.3
Implement the encoding of said retry_source_connection_id transport
param, and fix up tests to address the impact of that change. Test
changes amount to:
1) quicapitest needs to have its tparam test augmented such that it
doesn't inject the retry_scid on its own, as the quic stack does it
for the test now
2) quicapitest needs to have the ssl_trace test adjusted so the expected
record values are reflected.
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25890)
Ensure that we don't inadvertently start the connection if we call
SSL_handle_events(), or SSL_get_event_timeout() early.
This adds a test for #25054, which was originally fixed by #25069 to
ensure we haven't broken anything by the changes in the previous commit.
Reviewed-by: Viktor Dukhovni <viktor@openssl.org>
Reviewed-by: Saša Nedvědický <sashan@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/25452)
- add test vectors for tls1_3 integrity-only ciphers
- recmethod_local.h: add new member for MAC
- tls13_meth.c: add MAC only to tls 1.3
- tls13_enc.c: extend function to add MAC only
- ssl_local.h: add ssl_cipher_get_evp_md_mac()
- s3_lib.c: add the new ciphers and add #ifndef OPENSSL_NO_INTEGRITY_ONLY_CIPHERS
- ssl_ciph.c : add ssl_cipher_get_evp_md_mac() and use it
- tls13secretstest.c: add dummy test function
- Configure: add integrity-only-ciphers option
- document the new ciphers
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: David von Oheimb <david.von.oheimb@siemens.com>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22903)
If either endpoint issues a PING frame while we are introducing noise
into the communication then there is a danger that the connection itself
will fail. We detect the PING and then back off on generating noise for a
short while. It should be sufficient to just ensure that the next datagram
does not get dropped for each endpoint.
Fixes#22199
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22243)
