envoyproxy · jwendell · Oct 22, 2025 · Oct 22, 2025 · Oct 22, 2025 · Oct 22, 2025
diff --git a/source/common/quic/BUILD b/source/common/quic/BUILD
@@ -92,18 +92,13 @@ envoy_cc_library(
     name = "quic_stat_names_lib",
     srcs = ["quic_stat_names.cc"],
     hdrs = ["quic_stat_names.h"],
-    deps = select({
-        "//bazel:disable_http3": [
-            "//envoy/stats:stats_interface",
-            "//source/common/stats:symbol_table_lib",
-        ],
-        "//conditions:default": [
-            "//envoy/stats:stats_interface",
-            "//source/common/stats:symbol_table_lib",
-            "@com_github_google_quiche//:quic_core_error_codes_lib",
-            "@com_github_google_quiche//:quic_core_types_lib",
-        ],
-    }),
+    tags = ["nofips"],
+    deps = [
+        "//envoy/stats:stats_interface",
+        "//source/common/stats:symbol_table_lib",
+        "@com_github_google_quiche//:quic_core_error_codes_lib",
+        "@com_github_google_quiche//:quic_core_types_lib",
+    ],
 )
 
 envoy_cc_library(
@@ -603,12 +598,13 @@ envoy_cc_library(
 
 envoy_cc_library(
     name = "send_buffer_monitor_lib",
-    srcs = envoy_select_enable_http3(["send_buffer_monitor.cc"]),
-    hdrs = envoy_select_enable_http3(["send_buffer_monitor.h"]),
-    deps = envoy_select_enable_http3([
+    srcs = ["send_buffer_monitor.cc"],
+    hdrs = ["send_buffer_monitor.h"],
+    tags = ["nofips"],
+    deps = [
         "//source/common/common:assert_lib",
         "@com_github_google_quiche//:quic_core_session_lib",
-    ]),
+    ],
 )
 
 envoy_cc_library(
@@ -704,13 +700,13 @@ envoy_cc_library(
 
 envoy_cc_library(
     name = "cert_compression_lib",
-    srcs = envoy_select_enable_http3(["cert_compression.cc"]),
-    hdrs = envoy_select_enable_http3(["cert_compression.h"]),
+    srcs = ["cert_compression.cc"],
+    hdrs = ["cert_compression.h"],
     external_deps = ["ssl"],
-    deps = envoy_select_enable_http3([
+    deps = [
         "//bazel/foreign_cc:zlib",
         "//source/common/common:assert_lib",
         "//source/common/common:logger_lib",
         "//source/common/runtime:runtime_lib",
-    ]),
+    ],
 )
diff --git a/source/common/runtime/runtime_features.cc b/source/common/runtime/runtime_features.cc
@@ -93,7 +93,8 @@ RUNTIME_GUARD(envoy_restart_features_move_locality_schedulers_to_lb);
 RUNTIME_GUARD(envoy_restart_features_raise_file_limits);
 RUNTIME_GUARD(envoy_restart_features_skip_backing_cluster_check_for_sds);
 RUNTIME_GUARD(envoy_restart_features_use_eds_cache_for_ads);
-RUNTIME_GUARD(envoy_restart_features_validate_http3_pseudo_headers);
+RUNTIME_GUARD(envoy_restart_features_use_fast_protobuf_hash);
+RUNTIME_GUARD(envoy_reloadable_features_enable_intermediate_ca);
 
 // Begin false flags. Most of them should come with a TODO to flip true.
 

diff --git a/source/common/tls/cert_validator/default_validator.cc b/source/common/tls/cert_validator/default_validator.cc
@@ -88,7 +88,10 @@ absl::StatusOr<int> DefaultCertValidator::initializeSslContexts(std::vector<SSL_
 
     for (auto& ctx : contexts) {
       X509_STORE* store = SSL_CTX_get_cert_store(ctx);
-      X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
+      // RH - Restore reloadable feature check to avoid failure of RevokedIntermediateCertificate test
+      if (Runtime::runtimeFeatureEnabled("envoy.reloadable_features.enable_intermediate_ca")) {
+        X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
+      }
       bool has_crl = false;
       for (const X509_INFO* item : list.get()) {
         if (item->x509) {
@@ -143,7 +146,10 @@ absl::StatusOr<int> DefaultCertValidator::initializeSslContexts(std::vector<SSL_
 
     for (auto& ctx : contexts) {
       X509_STORE* store = SSL_CTX_get_cert_store(ctx);
-      X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
+      // RH - Restore reloadable feature check to avoid failure of RevokedIntermediateCertificate test
+      if (Runtime::runtimeFeatureEnabled("envoy.reloadable_features.enable_intermediate_ca")) {
+        X509_STORE_set_flags(store, X509_V_FLAG_PARTIAL_CHAIN);
+      }
       for (const X509_INFO* item : list.get()) {
         if (item->crl) {
           X509_STORE_add_crl(store, item->crl);

diff --git a/source/common/tls/client_context_impl.cc b/source/common/tls/client_context_impl.cc
@@ -156,7 +156,9 @@ ClientContextImpl::newSsl(const Network::TransportSocketOptionsConstSharedPtr& o
     SSL_set_renegotiate_mode(ssl_con.get(), ssl_renegotiate_freely);
   }
 
+  #if 0  // Disabled as not implemented in the bSSL layer
   SSL_set_enforce_rsa_key_usage(ssl_con.get(), enforce_rsa_key_usage_);
+  #endif
 
   if (max_session_keys_ > 0) {
     if (session_keys_single_use_) {

diff --git a/source/common/tls/context_config_impl.cc b/source/common/tls/context_config_impl.cc
@@ -26,6 +26,8 @@ namespace Tls {
 
 namespace {
 
+static const bool isFipsEnabled = ContextConfigImpl::getFipsEnabled();
+
 std::string generateCertificateHash(const std::string& cert_data) {
   Buffer::OwnedImpl buffer(cert_data);
 
@@ -378,8 +380,8 @@ const unsigned ClientContextConfigImpl::DEFAULT_MIN_VERSION = TLS1_2_VERSION;
 const unsigned ClientContextConfigImpl::DEFAULT_MAX_VERSION = TLS1_2_VERSION;
 
 const std::string ClientContextConfigImpl::DEFAULT_CIPHER_SUITES =
-    "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]:"
-    "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:"
+    "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:"
+    "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:"
     "ECDHE-ECDSA-AES256-GCM-SHA384:"
     "ECDHE-RSA-AES256-GCM-SHA384:";
 
@@ -389,10 +391,11 @@ const std::string ClientContextConfigImpl::DEFAULT_CIPHER_SUITES_FIPS =
     "ECDHE-ECDSA-AES256-GCM-SHA384:"
     "ECDHE-RSA-AES256-GCM-SHA384:";
 
-const std::string ClientContextConfigImpl::DEFAULT_CURVES = "X25519:"
-                                                            "P-256";
+const std::string ClientContextConfigImpl::DEFAULT_CURVES =
+  "X25519:P-256";
 
-const std::string ClientContextConfigImpl::DEFAULT_CURVES_FIPS = "P-256";
+const std::string ClientContextConfigImpl::DEFAULT_CURVES_FIPS =
+  "P-256";
 
 absl::StatusOr<std::unique_ptr<ClientContextConfigImpl>> ClientContextConfigImpl::create(
     const envoy::extensions::transport_sockets::tls::v3::UpstreamTlsContext& config,

diff --git a/source/common/tls/context_config_impl.h b/source/common/tls/context_config_impl.h
@@ -83,6 +83,19 @@ class ContextConfigImpl : public virtual Ssl::ContextConfig {
       const envoy::extensions::transport_sockets::tls::v3::CertificateValidationContext&
           dynamic_cvc,
       const std::string& name);
+  static bool getFipsEnabled() {
+    std::ifstream file("/proc/sys/crypto/fips_enabled");
+    if (file.fail()) {
+      return false;
+    }
+
+    std::stringstream file_string;
+    file_string << file.rdbuf();
+
+    std::string fipsEnabledText = file_string.str();
+    fipsEnabledText.erase(fipsEnabledText.find_last_not_of("\n") + 1);
+    return fipsEnabledText.compare("1") == 0;
+  }
 
 protected:
   ContextConfigImpl(const envoy::extensions::transport_sockets::tls::v3::CommonTlsContext& config,

diff --git a/source/common/tls/context_impl.cc b/source/common/tls/context_impl.cc
@@ -182,7 +182,9 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c
         // even request client certs. So, instead, we should configure a callback to skip
         // validation and always supply the callback to boring SSL.
         SSL_CTX_set_custom_verify(ctx, verify_mode, customVerifyCallback);
+#if 0  // Disabled as not implememnted in the bSSL layer
         SSL_CTX_set_reverify_on_resume(ctx, /*reverify_on_resume_enabled)=*/1);
+#endif
       }
     }
   }
@@ -324,6 +326,7 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c
   parsed_alpn_protocols_ = parseAlpnProtocols(config.alpnProtocols(), creation_status);
   SET_AND_RETURN_IF_NOT_OK(creation_status, creation_status);
 
+
   // Register stat names based on lists reported by BoringSSL.
   std::vector<const char*> list(SSL_get_all_cipher_names(nullptr, 0));
   SSL_get_all_cipher_names(list.data(), list.size());
@@ -333,6 +336,7 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c
   SSL_get_all_curve_names(list.data(), list.size());
   stat_name_set_->rememberBuiltins(list);
 
+
   list.resize(SSL_get_all_signature_algorithm_names(nullptr, 0));
   SSL_get_all_signature_algorithm_names(list.data(), list.size());
   stat_name_set_->rememberBuiltins(list);
@@ -362,6 +366,7 @@ ContextImpl::ContextImpl(Stats::Scope& scope, const Envoy::Ssl::ContextConfig& c
     }
   }
 
+
   // Compliance policy must be applied last to have a defined behavior.
   if (const auto policy = config.compliancePolicy(); policy.has_value()) {
     switch (policy.value()) {
@@ -561,9 +566,11 @@ void ContextImpl::logHandshake(SSL* ssl) const {
   // Increment the `was_key_usage_invalid_` stats to indicate the given cert would have triggered an
   // error but is allowed because the enforcement that rsa key usage and tls usage need to be
   // matched has been disabled.
+#if 0  // Disabled as SSL_was_key_usage_invalid() is not implememnted in the bSSL layer
   if (SSL_was_key_usage_invalid(ssl)) {
     stats_.was_key_usage_invalid_.inc();
   }
+#endif
 }
 
 std::vector<Ssl::PrivateKeyMethodProviderSharedPtr> ContextImpl::getPrivateKeyMethodProviders() {

diff --git a/source/common/tls/io_handle_bio.cc b/source/common/tls/io_handle_bio.cc
@@ -18,6 +18,30 @@ inline Envoy::Network::IoHandle* bio_io_handle(BIO* bio) {
   return reinterpret_cast<Envoy::Network::IoHandle*>(BIO_get_data(bio));
 }
 
+// NOLINTNEXTLINE(readability-identifier-naming)
+int io_handle_new(BIO* bio) {
+  BIO_set_init(bio, 0);
+  BIO_set_data(bio, nullptr);
+  BIO_clear_flags(bio, ~0);
+  return 1;
+}
+
+// NOLINTNEXTLINE(readability-identifier-naming)
+int io_handle_free(BIO* bio) {
+  if (bio == nullptr) {
+    return 0;
+  }
+
+  if (BIO_get_shutdown(bio)) {
+    if (BIO_get_init(bio)) {
+      bio_io_handle(bio)->close();
+    }
+    BIO_set_init(bio, 0);
+    BIO_clear_flags(bio, ~0);
+  }
+  return 1;
+}
+
 // NOLINTNEXTLINE(readability-identifier-naming)
 int io_handle_read(BIO* b, char* out, int outl) {
   if (out == nullptr) {
@@ -61,10 +85,22 @@ int io_handle_write(BIO* b, const char* in, int inl) {
 }
 
 // NOLINTNEXTLINE(readability-identifier-naming)
-long io_handle_ctrl(BIO*, int cmd, long, void*) {
+long io_handle_ctrl(BIO* b, int cmd, long num, void*) {
   long ret = 1;
 
   switch (cmd) {
+  case BIO_C_SET_FD:
+    RELEASE_ASSERT(false, "should not be called");
+    break;
+  case BIO_C_GET_FD:
+    RELEASE_ASSERT(false, "should not be called");
+    break;
+  case BIO_CTRL_GET_CLOSE:
+    ret = BIO_get_shutdown(b);
+    break;
+  case BIO_CTRL_SET_CLOSE:
+    BIO_set_shutdown(b, int(num));
+    break;
   case BIO_CTRL_FLUSH:
     ret = 1;
     break;
@@ -75,6 +111,7 @@ long io_handle_ctrl(BIO*, int cmd, long, void*) {
   return ret;
 }
 
+
 // NOLINTNEXTLINE(readability-identifier-naming)
 const BIO_METHOD* BIO_s_io_handle(void) {
   static const BIO_METHOD* method = [&] {
@@ -83,6 +120,8 @@ const BIO_METHOD* BIO_s_io_handle(void) {
     RELEASE_ASSERT(BIO_meth_set_read(ret, io_handle_read), "");
     RELEASE_ASSERT(BIO_meth_set_write(ret, io_handle_write), "");
     RELEASE_ASSERT(BIO_meth_set_ctrl(ret, io_handle_ctrl), "");
+    RELEASE_ASSERT(BIO_meth_set_create(ret, io_handle_new), "");
+    RELEASE_ASSERT(BIO_meth_set_destroy(ret, io_handle_free), "");
     return ret;
   }();
   return method;
@@ -99,6 +138,7 @@ BIO* BIO_new_io_handle(Envoy::Network::IoHandle* io_handle) {
 
   // Initialize the BIO
   BIO_set_data(b, io_handle);
+  BIO_set_shutdown(b, 0);
   BIO_set_init(b, 1);
 
   return b;

diff --git a/source/common/tls/ocsp/asn1_utility.cc b/source/common/tls/ocsp/asn1_utility.cc
@@ -88,12 +88,10 @@ absl::StatusOr<std::string> Asn1Utility::parseInteger(CBS& cbs) {
   CSmartPtr<ASN1_INTEGER, freeAsn1Integer> asn1_integer(
       c2i_ASN1_INTEGER(nullptr, &head, CBS_len(&num)));
   if (asn1_integer != nullptr) {
-    BIGNUM num_bn;
-    BN_init(&num_bn);
-    ASN1_INTEGER_to_BN(asn1_integer.get(), &num_bn);
+    bssl::UniquePtr<BIGNUM> num_bn {BN_new()};
+    ASN1_INTEGER_to_BN(asn1_integer.get(), num_bn.get());
 
-    CSmartPtr<char, freeOpensslString> char_hex_number(BN_bn2hex(&num_bn));
-    BN_free(&num_bn);
+    CSmartPtr<char, freeOpensslString> char_hex_number(BN_bn2hex(num_bn.get()));
     if (char_hex_number != nullptr) {
       std::string hex_number(char_hex_number.get());
       return hex_number;

diff --git a/source/common/tls/server_context_config_impl.cc b/source/common/tls/server_context_config_impl.cc
@@ -86,12 +86,15 @@ bool getStatelessSessionResumptionDisabled(
 
 } // namespace
 
-const unsigned ServerContextConfigImpl::DEFAULT_MIN_VERSION = TLS1_2_VERSION;
+static const bool isFipsEnabled = ContextConfigImpl::getFipsEnabled();
+
+const unsigned ServerContextConfigImpl::DEFAULT_MIN_VERSION = TLS1_VERSION;
+
 const unsigned ServerContextConfigImpl::DEFAULT_MAX_VERSION = TLS1_3_VERSION;
 
 const std::string ServerContextConfigImpl::DEFAULT_CIPHER_SUITES =
-    "[ECDHE-ECDSA-AES128-GCM-SHA256|ECDHE-ECDSA-CHACHA20-POLY1305]:"
-    "[ECDHE-RSA-AES128-GCM-SHA256|ECDHE-RSA-CHACHA20-POLY1305]:"
+    "ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:"
+    "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-CHACHA20-POLY1305:"
     "ECDHE-ECDSA-AES256-GCM-SHA384:"
     "ECDHE-RSA-AES256-GCM-SHA384:";
 
@@ -101,10 +104,11 @@ const std::string ServerContextConfigImpl::DEFAULT_CIPHER_SUITES_FIPS =
     "ECDHE-ECDSA-AES256-GCM-SHA384:"
     "ECDHE-RSA-AES256-GCM-SHA384:";
 
-const std::string ServerContextConfigImpl::DEFAULT_CURVES = "X25519:"
-                                                            "P-256";
+const std::string ServerContextConfigImpl::DEFAULT_CURVES =
+  "X25519:P-256";
 
-const std::string ServerContextConfigImpl::DEFAULT_CURVES_FIPS = "P-256";
+const std::string ServerContextConfigImpl::DEFAULT_CURVES_FIPS =
+  "P-256" ; 
 
 absl::StatusOr<std::unique_ptr<ServerContextConfigImpl>> ServerContextConfigImpl::create(
     const envoy::extensions::transport_sockets::tls::v3::DownstreamTlsContext& config,

diff --git a/source/common/tls/ssl_handshaker.cc b/source/common/tls/ssl_handshaker.cc
@@ -151,11 +151,10 @@ Network::PostIoAction SslHandshakerImpl::doHandshake() {
     case SSL_ERROR_WANT_READ:
     case SSL_ERROR_WANT_WRITE:
       return PostIoAction::KeepOpen;
-    case SSL_ERROR_PENDING_CERTIFICATE:
-    case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
-    case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
-      state_ = Ssl::SocketState::HandshakeInProgress;
-      return PostIoAction::KeepOpen;
+    // case SSL_ERROR_WANT_PRIVATE_KEY_OPERATION:
+    // case SSL_ERROR_WANT_CERTIFICATE_VERIFY:
+    //   state_ = Ssl::SocketState::HandshakeInProgress;
+    //   return PostIoAction::KeepOpen;
     default:
       handshake_callbacks_->onFailure();
       return PostIoAction::Close;

diff --git a/source/common/tls/ssl_socket.cc b/source/common/tls/ssl_socket.cc
@@ -146,6 +146,14 @@ Network::IoResult SslSocket::doRead(Buffer::Instance& read_buffer) {
             break;
           }
           FALLTHRU;
+        case SSL_ERROR_SSL:
+          // If EAGAIN treat it as if it's SSL_ERROR_WANT_READ
+          if (errno == EAGAIN) {
+            ENVOY_CONN_LOG(debug, "errno:{}:{}", callbacks_->connection(), errno,
+                           Envoy::errorDetails(errno));
+            break;
+          }
+          FALLTHRU;
         case SSL_ERROR_WANT_WRITE:
           // Renegotiation has started. We don't handle renegotiation so just fall through.
         default:
@@ -295,6 +303,15 @@ Network::IoResult SslSocket::doWrite(Buffer::Instance& write_buffer, bool end_st
       case SSL_ERROR_WANT_WRITE:
         bytes_to_retry_ = bytes_to_write;
         break;
+      case SSL_ERROR_SSL:
+        // If EAGAIN treat it as if it's SSL_ERROR_WANT_WRITE
+        if (errno == EAGAIN) {
+          ENVOY_CONN_LOG(debug, "errno:{}:{}", callbacks_->connection(), errno,
+                         Envoy::errorDetails(errno));
+          bytes_to_retry_ = bytes_to_write;
+          break;
+        }
+      FALLTHRU;
       case SSL_ERROR_WANT_READ:
       // Renegotiation has started. We don't handle renegotiation so just fall through.
       default: