QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://g

QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC DISPATCH/APL: Implement SSL_set_default_stream_mode, default XSO refactor

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from h

QUIC DISPATCH/APL: Implement SSL_set_default_stream_mode, default XSO refactor

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC APL: Defer default XSO creation

QUIC in single-stream mode could be used with a protocol where the
server writes first or the client writes first. This determines
whether the si

QUIC APL: Defer default XSO creation

QUIC in single-stream mode could be used with a protocol where the
server writes first or the client writes first. This determines
whether the single stream would be client or server initiated,
which affects the stream ID allocated to the stream. We should support
both client-sends-first and server-sends-first application protocols.
Thus, defer default XSO creation until the point in time at which
we know whether a client-first or server-first application protocol
is being used. We do this by taking whether SSL_read() or SSL_write()
is called first as a cue.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC APL: Add stream creation APIs

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

QUIC APL: Refactor stream-related code into QUIC_XSO object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/o

QUIC APL: Refactor stream-related code into QUIC_XSO object

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC: Base client/server identity on SSL method, not SSL_set_connect/accept_state

In QUIC, we have an architectural need (in future, when we implement
0-RTT, etc.) to be able to create s

QUIC: Base client/server identity on SSL method, not SSL_set_connect/accept_state

In QUIC, we have an architectural need (in future, when we implement
0-RTT, etc.) to be able to create streams before we start connecting.
This requires we allocate a stream, including a stream ID, after
creating a QCSO but prior to connecting. However stream IDs are
dependent on whether the endpoint is in the client or server role,
therefore we must know whether we are going to be a client or server
before any pre-connection streams are created. Moreover, the originally
defined QUIC_client_method() and QUIC_server_method() functions heavily
implied the original plan was to have different SSL_METHODs for clients
and servers. Up until now we had been relying on
SSL_set_connect/accept_state() instead.

Solve these problems by basing client/server identity on whether
QUIC_server_method() is used (in future, when we support servers). This
ensures that once a QCSO is created its client/server identity are fixed
and cannot change, allowing pre-connection stream IDs, etc. to be
allocated.

Client/server uncertainty was the primary reason why QUIC_CHANNEL
creation was deferred until connection time up until now, so this
enables further refactoring to facilitate eager allocation of the
QUIC_CHANNEL at QCSO allocation time. This is important as allocating a
stream including its write buffers is hard without having the
QUIC_CHANNEL (which owns the QUIC_STREAM_MAP) in existence.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Add simple way to determine if SSL object is QUIC-related

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https:/

QUIC Dispatch: Add simple way to determine if SSL object is QUIC-related

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Dispatch: Introduce the QUIC_XSO object

The QUIC_XSO (external stream object) is to a QUIC stream what a
QUIC_CONNECTION is to a QUIC connection. Both are SSL objects. The
QUIC_

QUIC Dispatch: Introduce the QUIC_XSO object

The QUIC_XSO (external stream object) is to a QUIC stream what a
QUIC_CONNECTION is to a QUIC connection. Both are SSL objects. The
QUIC_CONNECTION type is the internal representation of a QUIC connection
SSL object (QCSO) and the QUIC_XSO type is the internal representation
of a QUIC stream SSL object (QSSO) type. The name QUIC_XSO has been
chosen to be distinct from the existing QUIC_STREAM type which is our
existing internal stream type. QUIC_XSO is to a QUIC_STREAM what
QUIC_CONNECTION is to a QUIC_CHANNEL; in other words, QUIC_CONNECTION
and QUIC_XSO objects form part of the API personality layer, whereas
QUIC_CHANNEL and QUIC_STREAM objects form part of the QUIC core and are
distinct from the API personality layer.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)

show more ...

QUIC Thread Assisted mode: miscellaneous fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openss

QUIC Thread Assisted mode: miscellaneous fixes

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)

show more ...

QUIC Thread Assisted Mode: Fix typos and use of CRYPTO_RWLOCK type

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://githu

QUIC Thread Assisted Mode: Fix typos and use of CRYPTO_RWLOCK type

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)

show more ...

QUIC CHANNEL: Allow time source to be overridden

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/open

QUIC CHANNEL: Allow time source to be overridden

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)

show more ...

Front End for QUIC Thread Assisted Mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/

Front End for QUIC Thread Assisted Mode

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)

show more ...

Move channel mutex out of QUIC_CHANNEL for init/teardown flexibility

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://git

Move channel mutex out of QUIC_CHANNEL for init/teardown flexibility

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20348)

show more ...

QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.

QUIC: Refine SSL_shutdown and begin to implement SSL_shutdown_ex

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19897)

show more ...

Replace use of the Dummy Handshake Layer with the real one

We start using the QUIC TLS implementation rather than the dummy one.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
R

Replace use of the Dummy Handshake Layer with the real one

We start using the QUIC TLS implementation rather than the dummy one.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

show more ...

QUIC Front-End I/O API

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19703)

Plug the QUIC_RSTREAM to the RX depacketizer

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/opens

Plug the QUIC_RSTREAM to the RX depacketizer

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19351)

show more ...

Move the QUIC_CONNECTION typedef to internal headers

Also add internal functionality to get a QUIC_CONNECTION pointer from
an SSL pointer, and setters / getters for the GQX and ACKM fiel

Move the QUIC_CONNECTION typedef to internal headers

Also add internal functionality to get a QUIC_CONNECTION pointer from
an SSL pointer, and setters / getters for the GQX and ACKM fields.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18838)

show more ...

ssl: modify libssl so that it uses OSSL_TIME

This is instead of time_t and struct timeval. Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME in

ssl: modify libssl so that it uses OSSL_TIME

This is instead of time_t and struct timeval. Some public APIs mandate a
presence of these two types, but they are converted to OSSL_TIME internally.

Reviewed-by: Todd Short <todd.short@me.com>
Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19082)

show more ...

RX depacketizer (QUIC)

The same-ish module as the TX packetizer, handling the opposite direction.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@open

RX depacketizer (QUIC)

The same-ish module as the TX packetizer, handling the opposite direction.

Reviewed-by: Paul Dale <pauli@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18610)

show more ...

SSL object refactoring using SSL_CONNECTION object

Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented

SSL object refactoring using SSL_CONNECTION object

Make the SSL object polymorphic based on whether this is
a traditional SSL connection, QUIC connection, or later
to be implemented a QUIC stream.

It requires adding if after every SSL_CONNECTION_FROM_SSL() call
which itself has to be added to almost every public SSL_ API call.

Reviewed-by: Richard Levitte <levitte@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18612)

show more ...

Add a test_ssl_new testcase

This requires some code being pulled into the empty protocol
implementation so the state machinery works.

Reviewed-by: Matt Caswell <matt@openssl.org

Add a test_ssl_new testcase

This requires some code being pulled into the empty protocol
implementation so the state machinery works.

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)

show more ...

First working empty protocol test

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)

Add empty implementations of quic method functions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/ope

Add empty implementations of quic method functions

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)

show more ...