QUIC Demuxer and Record Layer (RX+TX) #18949
Conversation
hlandau
added
branch: master
github-actions
bot
added
the
severity: fips change
hlandau
force-pushed
the
quic-rlrx2
branch
2 times, most recently
from
65818dc
to
fe3b438
Compare
|
Not sure what's going on with a/ub/msan. I can't replicate it on my machine with either clang or GCC sanitizers, and the error reported isn't even a sanitizer error... the test is supposed to be deterministic. Hm... |
|
Just some nits for now. |
|
I've looked at the use of OSSL_RECORD_METHOD by TLS and KTLS... IMO it's going to be premature to do something like this for now, especially since the KTLS interface for QUIC literally doesn't exist yet. It makes more sense when needing to support four versions of TLS, DTLS plus KTLS, but the scope of variation for QUIC is a lot narrower. I think this can wait for now; moreover, it's either a question of refactoring this now with an unknown design space (future KTLS APIs) which will probably have to be redone later, or later when we actually know what's needed. So, I'd like to avoid introducing polymorphism into the QRL for now. The msan issue is weird. Going to have to try and repro it on a build server. |
Fair enough. |
|
The test issue was caused by random test ordering. Fixed. |
|
Updated, refactored. The other KDF function is similar to I think this settles the outstanding feedback. |
|
Updated:
|
|
Also while I remember: @paulidale, let me know if it would be more helpful for the iovecs to be a linked list instead of an array. |
hlandau
changed the title
|
Do I understand correctly that this replaces #18870? |
Yeah, it does. |
|
Updated:
|
|
Updated (nits). |
| /* Clients should never receive 0-RTT packets. */ | ||
| if (rxe->hdr.type == QUIC_PKT_TYPE_0RTT) |
There was a problem hiding this comment.
Given we will need at least rudimentary server for testing, should this be prepared to handle server side? I.e., have a client flag in the OSSL_QRX?
There was a problem hiding this comment.
Yeah, seems reasonable. I'll get on this at some point.
There was a problem hiding this comment.
/* TODO(QUIC): ... */ would WFM too.
|
Updated, minor changes. |
|
Added comment. |
t8m
removed
the
approval: otc review pending
paulidale
added
approval: done
openssl-machine
added
approval: ready to merge
|
This pull request is ready to merge |
|
Merged to master branch. Thank you for this great work! |
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #18949)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #18949)
- Adds an RX time field to the OSSL_QRX_PKT structure. - Adds a timekeeping argument to ossl_demux_new which is used to determine packet reception time. - Adds a decoded PN field to the OSSL_QRX_PKT structure. This has to be decoded by the QRX anyway, and its omission was an oversight. - Key update support for the TX side. - Minor refactoring. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from #18949)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18949)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18949)
- Adds an RX time field to the OSSL_QRX_PKT structure. - Adds a timekeeping argument to ossl_demux_new which is used to determine packet reception time. - Adds a decoded PN field to the OSSL_QRX_PKT structure. This has to be decoded by the QRX anyway, and its omission was an oversight. - Key update support for the TX side. - Minor refactoring. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18949)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18949)
Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18949)
- Adds an RX time field to the OSSL_QRX_PKT structure. - Adds a timekeeping argument to ossl_demux_new which is used to determine packet reception time. - Adds a decoded PN field to the OSSL_QRX_PKT structure. This has to be decoded by the QRX anyway, and its omission was an oversight. - Key update support for the TX side. - Minor refactoring. Reviewed-by: Paul Dale <pauli@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from openssl#18949)
Here we go.
RX only for now aside from some small currently-vestigial pieces of TX functionality.
Key update is mandatory AIUI but involves interaction between the TX/RX pieces so the plan is:
So this shouldn't be merged yet (well, it could be, and I just make a new PR), but reviews are welcome.
This includes a demuxer because implementing the QRL resulted in 90% of the functionality of a demuxer and it made no sense not to include it, since there's necessary interaction between the two.