QUIC CHANNEL, LCIDM: Factor duplicate CID generation function

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22674)

diff --git a/include/internal/quic_types.h b/include/internal/quic_types.h
index 1d3816a20987226ead56dc573a9a2d25df255507..fa1ac81ca1e6a8c52444247e169560c9e6bf59a2 100644 (file)
--- a/include/internal/quic_types.h
+++ b/include/internal/quic_types.h
@@ -87,6 +87,13 @@ static ossl_unused ossl_inline int ossl_quic_conn_id_eq(const QUIC_CONN_ID *a,
     return memcmp(a->id, b->id, a->id_len) == 0;
 }
 
+/*
+ * Generates a random CID of the given length. libctx may be NULL.
+ * Returns 1 on success or 0 on failure.
+ */
+int ossl_quic_gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len,
+                               QUIC_CONN_ID *cid);
+
 #  define QUIC_MIN_INITIAL_DGRAM_LEN  1200
 
 #  define QUIC_DEFAULT_ACK_DELAY_EXP  3

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index 0b1eea2babd3c16dcad521cdb9289c1cd1e27c71..aed911ad9fdcc03a92e4c479f03fd40535cdede5 100644 (file)
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -102,22 +102,6 @@ static void ch_raise_version_neg_failure(QUIC_CHANNEL *ch);
 
 DEFINE_LHASH_OF_EX(QUIC_SRT_ELEM);
 
-static int gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, QUIC_CONN_ID *cid)
-{
-    if (len > QUIC_MAX_CONN_ID_LEN)
-        return 0;
-
-    cid->id_len = (unsigned char)len;
-
-    if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) {
-        ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
-        cid->id_len = 0;
-        return 0;
-    }
-
-    return 1;
-}
-
 /*
  * QUIC Channel Initialization and Teardown
  * ========================================
@@ -145,7 +129,8 @@ static int ch_init(QUIC_CHANNEL *ch)
 
     /* For clients, generate our initial DCID. */
     if (!ch->is_server
-        && !gen_rand_conn_id(ch->port->libctx, tx_init_dcid_len, &ch->init_dcid))
+        && !ossl_quic_gen_rand_conn_id(ch->port->libctx, tx_init_dcid_len,
+                                       &ch->init_dcid))
         goto err;
 
     /* We plug in a network write BIO to the QTX later when we get one. */

diff --git a/ssl/quic/quic_lcidm.c b/ssl/quic/quic_lcidm.c
index a3315164c7cb03adc6ed56d2d4cb4f42066dfa8e..e5948b95e90c238bc54f4a268654a981d4c42f84 100644 (file)
--- a/ssl/quic/quic_lcidm.c
+++ b/ssl/quic/quic_lcidm.c
@@ -287,26 +287,6 @@ size_t ossl_quic_lcidm_get_num_active_lcid(const QUIC_LCIDM *lcidm,
     return conn->num_active_lcid;
 }
 
-#ifndef FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
-
-static int gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len, QUIC_CONN_ID *cid)
-{
-    if (len > QUIC_MAX_CONN_ID_LEN)
-        return 0;
-
-    cid->id_len = (unsigned char)len;
-
-    if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) {
-        ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
-        cid->id_len = 0;
-        return 0;
-    }
-
-    return 1;
-}
-
-#endif
-
 static int lcidm_generate_cid(QUIC_LCIDM *lcidm,
                               QUIC_CONN_ID *cid)
 {
@@ -322,7 +302,7 @@ static int lcidm_generate_cid(QUIC_LCIDM *lcidm,
 
     return 1;
 #else
-    return gen_rand_conn_id(lcidm->libctx, lcidm->lcid_len, cid);
+    return ossl_quic_gen_rand_conn_id(lcidm->libctx, lcidm->lcid_len, cid);
 #endif
 }
 

diff --git a/ssl/quic/quic_wire.c b/ssl/quic/quic_wire.c
index 425e7efc2ede631679ea11a49c8adc08a05dd46f..faf80cfd07a88ccdb6e747d9f1ef67d48e99ac57 100644 (file)
--- a/ssl/quic/quic_wire.c
+++ b/ssl/quic/quic_wire.c
@@ -9,6 +9,7 @@
 
 #include <openssl/macros.h>
 #include <openssl/objects.h>
+#include <openssl/rand.h>
 #include "internal/quic_ssl.h"
 #include "internal/quic_vlint.h"
 #include "internal/quic_wire.h"
@@ -1076,3 +1077,20 @@ const char *ossl_quic_err_to_string(uint64_t error_code)
         return NULL;
     }
 }
+
+int ossl_quic_gen_rand_conn_id(OSSL_LIB_CTX *libctx, size_t len,
+                               QUIC_CONN_ID *cid)
+{
+    if (len > QUIC_MAX_CONN_ID_LEN)
+        return 0;
+
+    cid->id_len = (unsigned char)len;
+
+    if (RAND_bytes_ex(libctx, cid->id, len, len * 8) != 1) {
+        ERR_raise(ERR_LIB_SSL, ERR_R_RAND_LIB);
+        cid->id_len = 0;
+        return 0;
+    }
+
+    return 1;
+}