From f082205bcfc8e361e53bb2f39f46b46097ec784a Mon Sep 17 00:00:00 2001 From: Hugo Landau Date: Mon, 16 Jan 2023 15:18:55 +0000 Subject: [PATCH] QUIC TLS: Prohibit SRTP-related calls for QUIC TLS Reviewed-by: Tomas Mraz Reviewed-by: Matt Caswell Reviewed-by: Paul Dale (Merged from https://github.com/openssl/openssl/pull/20061) --- doc/man3/SSL_CTX_set_tlsext_use_srtp.pod | 2 ++ ssl/d1_srtp.c | 5 +++- ssl/quic/quic_impl.c | 4 +-- ssl/quic/quic_local.h | 3 ++- test/quicapitest.c | 32 +++++++++++++++++++++++- 5 files changed, 41 insertions(+), 5 deletions(-) diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod index 046cdb8afe..1e98842b70 100644 --- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod +++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod @@ -116,6 +116,8 @@ master key length and the salt length as defined for the protection profile in use. This provides the client write master key, the server write master key, the client write master salt and the server write master salt in that order. +These functions cannot be used with QUIC SSL objects. + =head1 RETURN VALUES SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c index 557336a064..13f6bbd0a0 100644 --- a/ssl/d1_srtp.c +++ b/ssl/d1_srtp.c @@ -139,6 +139,9 @@ static int ssl_ctx_make_profiles(const char *profiles_string, int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles) { + if (IS_QUIC_METHOD(ctx->method)) + return 1; + return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles); } @@ -147,7 +150,7 @@ int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles) SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); if (sc == NULL) - return 0; + return 1; return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles); } diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 9d2624102e..7f79d2b4ad 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -323,8 +323,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx) if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) goto err; /* override the user_ssl of the inner connection */ - sc->user_ssl = ssl_base; - sc->flags |= TLS1_FLAGS_QUIC; + sc->user_ssl = ssl_base; + sc->s3.flags |= TLS1_FLAGS_QUIC; #if defined(OPENSSL_THREADS) if ((qc->mutex = ossl_crypto_mutex_new()) == NULL) diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index 46b0e72014..50bc472945 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -216,7 +216,8 @@ void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc, int ossl_quic_trace(int write_p, int version, int content_type, const void *buf, size_t msglen, SSL *ssl, void *arg); -# define OSSL_QUIC_ANY_VERSION 0xFFFFF +# define OSSL_QUIC_ANY_VERSION 0x5155 +# define IS_QUIC_METHOD(m) ((m)->version == OSSL_QUIC_ANY_VERSION) # define QUIC_CONNECTION_FROM_SSL_int(ssl, c) \ ((ssl) == NULL ? NULL \ diff --git a/test/quicapitest.c b/test/quicapitest.c index 957736eb9d..0d6565e55a 100644 --- a/test/quicapitest.c +++ b/test/quicapitest.c @@ -313,6 +313,36 @@ static int test_ssl_trace(void) } #endif +/* + * Test that handshake-layer APIs which shouldn't work don't work with QUIC. + */ +static int test_quic_forbidden_apis(void) +{ + int testresult = 0; + SSL_CTX *ctx = NULL; + SSL *ssl = NULL; + + if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method()))) + goto err; + + /* This function returns 0 on success and 1 on error, and should fail. */ + if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM"))) + goto err; + + if (!TEST_ptr(ssl = SSL_new(ctx))) + goto err; + + /* This function returns 0 on success and 1 on error, and should fail. */ + if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM"))) + goto err; + + testresult = 1; +err: + SSL_free(ssl); + SSL_CTX_free(ctx); + return testresult; +} + OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n") int setup_tests(void) @@ -374,7 +404,7 @@ int setup_tests(void) #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB) ADD_TEST(test_ssl_trace); #endif - + ADD_TEST(test_quic_forbidden_apis); return 1; err: cleanup_tests(); -- 2.34.1