QUIC TLS: Prohibit SRTP-related calls for QUIC TLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

diff --git a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
index 046cdb8afee046283806d2b978f48f7e8cca9ba1..1e98842b7038ebc3a91e890a4e1795cf8efe25f8 100644 (file)
--- a/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
+++ b/doc/man3/SSL_CTX_set_tlsext_use_srtp.pod
@@ -116,6 +116,8 @@ master key length and the salt length as defined for the protection profile in
 use. This provides the client write master key, the server write master key, the
 client write master salt and the server write master salt in that order.
 
+These functions cannot be used with QUIC SSL objects.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success

diff --git a/ssl/d1_srtp.c b/ssl/d1_srtp.c
index 557336a0640d63bb4c68659d0a28244d4da10226..13f6bbd0a048996a0d645aa651cb2c170c4326f6 100644 (file)
--- a/ssl/d1_srtp.c
+++ b/ssl/d1_srtp.c
@@ -139,6 +139,9 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
 {
+    if (IS_QUIC_METHOD(ctx->method))
+        return 1;
+
     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
 }
 
@@ -147,7 +150,7 @@ int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
     if (sc == NULL)
-        return 0;
+        return 1;
 
     return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
 }

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 9d2624102ebbfcc1848889d26576d7cdd349b8ed..7f79d2b4ade8e8778edfe021adf75e0ff13e5d15 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -323,8 +323,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
     if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
          goto err;
     /* override the user_ssl of the inner connection */
-    sc->user_ssl = ssl_base;
-    sc->flags   |= TLS1_FLAGS_QUIC;
+    sc->user_ssl  = ssl_base;
+    sc->s3.flags |= TLS1_FLAGS_QUIC;
 
 #if defined(OPENSSL_THREADS)
     if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)

diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index 46b0e72014c7f87b1d3ad99438224128124184b2..50bc472945600558aca1a4a543fc3bd7354f9f17 100644 (file)
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -216,7 +216,8 @@ void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
 int ossl_quic_trace(int write_p, int version, int content_type,
                     const void *buf, size_t msglen, SSL *ssl, void *arg);
 
-#  define OSSL_QUIC_ANY_VERSION 0xFFFFF
+#  define OSSL_QUIC_ANY_VERSION     0x5155
+#  define IS_QUIC_METHOD(m)         ((m)->version == OSSL_QUIC_ANY_VERSION)
 
 #  define QUIC_CONNECTION_FROM_SSL_int(ssl, c)   \
      ((ssl) == NULL ? NULL                       \

diff --git a/test/quicapitest.c b/test/quicapitest.c
index 957736eb9d82f10df0a3749d3d7c84ed1d0aa407..0d6565e55af49787b6cbcaafa116357f32adfcf4 100644 (file)
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@@ -313,6 +313,36 @@ static int test_ssl_trace(void)
 }
 #endif
 
+/*
+ * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
+ */
+static int test_quic_forbidden_apis(void)
+{
+    int testresult = 0;
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+
+    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
+        goto err;
+
+    /* This function returns 0 on success and 1 on error, and should fail. */
+    if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
+        goto err;
+
+    if (!TEST_ptr(ssl = SSL_new(ctx)))
+        goto err;
+
+    /* This function returns 0 on success and 1 on error, and should fail. */
+    if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
+        goto err;
+
+    testresult = 1;
+err:
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+    return testresult;
+}
+
 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
 
 int setup_tests(void)
@@ -374,7 +404,7 @@ int setup_tests(void)
 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
     ADD_TEST(test_ssl_trace);
 #endif
-
+    ADD_TEST(test_quic_forbidden_apis);
     return 1;
  err:
     cleanup_tests();