Enable the quic-tls API to work, even in the case of no-quic

Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/26683)

diff --git a/include/internal/quic_predef.h b/include/internal/quic_predef.h
index 7c7567b9c52e56c10872ebd18df7912cf9e59844..07d6f43e7851ef454389401ec45657de1b9e0b60 100644 (file)
--- a/include/internal/quic_predef.h
+++ b/include/internal/quic_predef.h
@@ -14,7 +14,6 @@
 
 typedef struct quic_port_st QUIC_PORT;
 typedef struct quic_channel_st QUIC_CHANNEL;
-typedef struct quic_tls_st QUIC_TLS;
 typedef struct quic_txpim_st QUIC_TXPIM;
 typedef struct quic_fifd_st QUIC_FIFD;
 typedef struct quic_cfq_st QUIC_CFQ;

diff --git a/include/internal/quic_tls.h b/include/internal/quic_tls.h
index 70a99a294c3752462a6cd427f8d8d7c0183f2ca5..5e53a45d521db82523c2b42acc2f30843929a7a1 100644 (file)
--- a/include/internal/quic_tls.h
+++ b/include/internal/quic_tls.h
@@ -11,10 +11,8 @@
 # define OSSL_QUIC_TLS_H
 
 # include <openssl/ssl.h>
-# include "internal/quic_stream.h"
-# include "internal/quic_predef.h"
 
-# ifndef OPENSSL_NO_QUIC
+typedef struct quic_tls_st QUIC_TLS;
 
 typedef struct quic_tls_args_st {
     /*
@@ -44,7 +42,6 @@ typedef struct quic_tls_args_st {
     int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg);
     void *crypto_release_rcd_cb_arg;
 
-
     /*
      * Called when a traffic secret is available for a given TLS protection
      * level.
@@ -111,6 +108,4 @@ int ossl_quic_tls_get_error(QUIC_TLS *qtls,
 int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls);
 int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls);
 
-# endif
-
 #endif

diff --git a/ssl/build.info b/ssl/build.info
index adfc966379aff4cc42b74873083f94c3a3f1995e..3443bf2818ae8329be02d7b08b00fbdcb295e7f1 100644 (file)
--- a/ssl/build.info
+++ b/ssl/build.info
@@ -1,11 +1,7 @@
-SUBDIRS=record rio
+SUBDIRS=record rio quic
 
 LIBS=../libssl
 
-IF[{- !$disabled{quic} -}]
-  SUBDIRS=quic
-ENDIF
-
 SOURCE[../libssl]=\
         pqueue.c \
         statem/statem_srvr.c statem/statem_clnt.c  s3_lib.c  s3_enc.c \

diff --git a/ssl/quic/build.info b/ssl/quic/build.info
index 88ddc5363b0962c91b2c7ad3da91a26163280c59..2eecafe6b3e8933feaadbf9fe7b8beb445f53853 100644 (file)
--- a/ssl/quic/build.info
+++ b/ssl/quic/build.info
@@ -1,24 +1,28 @@
 $LIBSSL=../../libssl
 
-SOURCE[$LIBSSL]=quic_method.c quic_impl.c quic_wire.c quic_ackm.c quic_statm.c
-SOURCE[$LIBSSL]=cc_newreno.c quic_demux.c quic_record_rx.c
-SOURCE[$LIBSSL]=quic_record_tx.c quic_record_util.c quic_record_shared.c quic_wire_pkt.c
-SOURCE[$LIBSSL]=quic_rx_depack.c
-SOURCE[$LIBSSL]=quic_fc.c uint_set.c
-SOURCE[$LIBSSL]=quic_cfq.c quic_txpim.c quic_fifd.c quic_txp.c
-SOURCE[$LIBSSL]=quic_stream_map.c
-SOURCE[$LIBSSL]=quic_sf_list.c quic_rstream.c quic_sstream.c
-SOURCE[$LIBSSL]=quic_reactor.c
-SOURCE[$LIBSSL]=quic_channel.c quic_port.c quic_engine.c
-SOURCE[$LIBSSL]=quic_tserver.c
+#QUIC TLS API is available even in the event of no-quic
 SOURCE[$LIBSSL]=quic_tls.c quic_tls_api.c
-SOURCE[$LIBSSL]=quic_thread_assist.c
-SOURCE[$LIBSSL]=quic_trace.c
-SOURCE[$LIBSSL]=quic_srtm.c quic_srt_gen.c
-SOURCE[$LIBSSL]=quic_lcidm.c quic_rcidm.c
-SOURCE[$LIBSSL]=quic_types.c
-SOURCE[$LIBSSL]=qlog_event_helpers.c
-IF[{- !$disabled{qlog} -}]
-  SOURCE[$LIBSSL]=json_enc.c qlog.c
-  SHARED_SOURCE[$LIBSSL]=../../crypto/getenv.c ../../crypto/ctype.c
+
+IF[{- !$disabled{quic} -}]
+  SOURCE[$LIBSSL]=quic_method.c quic_impl.c quic_wire.c quic_ackm.c quic_statm.c
+  SOURCE[$LIBSSL]=cc_newreno.c quic_demux.c quic_record_rx.c
+  SOURCE[$LIBSSL]=quic_record_tx.c quic_record_util.c quic_record_shared.c quic_wire_pkt.c
+  SOURCE[$LIBSSL]=quic_rx_depack.c
+  SOURCE[$LIBSSL]=quic_fc.c uint_set.c
+  SOURCE[$LIBSSL]=quic_cfq.c quic_txpim.c quic_fifd.c quic_txp.c
+  SOURCE[$LIBSSL]=quic_stream_map.c
+  SOURCE[$LIBSSL]=quic_sf_list.c quic_rstream.c quic_sstream.c
+  SOURCE[$LIBSSL]=quic_reactor.c
+  SOURCE[$LIBSSL]=quic_channel.c quic_port.c quic_engine.c
+  SOURCE[$LIBSSL]=quic_tserver.c
+  SOURCE[$LIBSSL]=quic_thread_assist.c
+  SOURCE[$LIBSSL]=quic_trace.c
+  SOURCE[$LIBSSL]=quic_srtm.c quic_srt_gen.c
+  SOURCE[$LIBSSL]=quic_lcidm.c quic_rcidm.c
+  SOURCE[$LIBSSL]=quic_types.c
+  SOURCE[$LIBSSL]=qlog_event_helpers.c
+  IF[{- !$disabled{qlog} -}]
+    SOURCE[$LIBSSL]=json_enc.c qlog.c
+    SHARED_SOURCE[$LIBSSL]=../../crypto/getenv.c ../../crypto/ctype.c
+  ENDIF
 ENDIF

diff --git a/ssl/quic/quic_channel_local.h b/ssl/quic/quic_channel_local.h
index 16d96ef7d995a3966aeeffc40808a663d99acba5..37219cadfe39a9ea3dc6ec49176f11f2ab70dc09 100644 (file)
--- a/ssl/quic/quic_channel_local.h
+++ b/ssl/quic/quic_channel_local.h
@@ -10,6 +10,7 @@
 #  include "internal/quic_predef.h"
 #  include "internal/quic_fc.h"
 #  include "internal/quic_stream_map.h"
+#  include "internal/quic_tls.h"
 
 /*
  * QUIC Channel Structure

diff --git a/ssl/quic/quic_tls.c b/ssl/quic/quic_tls.c
index 5de711ab06ed410f56000931ceb3e1d9c19e968c..6cd656ea422758ec9b6d1363e27fe6f4dbbddd60 100644 (file)
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@@ -11,6 +11,7 @@
 #include "internal/quic_tls.h"
 #include "../ssl_local.h"
 #include "internal/quic_error.h"
+#include "internal/quic_types.h"
 
 #define QUIC_TLS_FATAL(rl, ad, err) \
     do { \
@@ -143,6 +144,7 @@ quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
         qdir = 1;
 
     if (rl->qtls->args.ossl_quic) {
+#ifndef OPENSSL_NO_QUIC
         /*
          * We only look up the suite_id/MD for internal callers. Not used in the
          * public API. We assume that a 3rd party QUIC stack will want to
@@ -166,6 +168,10 @@ quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
             QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
             goto err;
         }
+#else
+        if (!ossl_assert("Should not happen" == NULL))
+            goto err;
+#endif
     }
 
     if (!rl->qtls->args.yield_secret_cb(level, qdir, suite_id,
@@ -632,7 +638,7 @@ QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args)
     if (qtls == NULL)
         return NULL;
 
-    if ((qtls->error_state = OSSL_ERR_STATE_new()) == NULL) {
+    if (args->ossl_quic && (qtls->error_state = OSSL_ERR_STATE_new()) == NULL) {
         OPENSSL_free(qtls);
         return NULL;
     }
@@ -660,23 +666,27 @@ static int raise_error(QUIC_TLS *qtls, uint64_t error_code,
      * with any underlying libssl errors underneath it (but our cover error may
      * be the only error in some cases). Then capture this into an ERR_STATE so
      * we can report it later if need be when the QUIC_CHANNEL asks for it.
+     * For external QUIC TLS we just raise the error.
      */
     ERR_new();
     ERR_set_debug(src_file, src_line, src_func);
     ERR_set_error(ERR_LIB_SSL, SSL_R_QUIC_HANDSHAKE_LAYER_ERROR,
                   "handshake layer error, error code %llu (0x%llx) (\"%s\")",
                   error_code, error_code, error_msg);
-    OSSL_ERR_STATE_save_to_mark(qtls->error_state);
 
-    /*
-     * We record the error information reported via the QUIC protocol
-     * separately.
-     */
-    qtls->error_code        = error_code;
-    qtls->error_msg         = error_msg;
-    qtls->inerror           = 1;
+    if (qtls->args.ossl_quic) {
+        OSSL_ERR_STATE_save_to_mark(qtls->error_state);
 
-    ERR_pop_to_mark();
+        /*
+         * We record the error information reported via the QUIC protocol
+         * separately.
+         */
+        qtls->error_code        = error_code;
+        qtls->error_msg         = error_msg;
+        qtls->inerror           = 1;
+
+        ERR_pop_to_mark();
+    }
     return 0;
 }
 
@@ -684,8 +694,13 @@ static int raise_error(QUIC_TLS *qtls, uint64_t error_code,
     raise_error((qtls), (error_code), (error_msg), \
                 OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC)
 
-#define RAISE_INTERNAL_ERROR(qtls) \
+#ifndef OPENSSL_NO_QUIC
+# define RAISE_INTERNAL_ERROR(qtls) \
     RAISE_ERROR((qtls), OSSL_QUIC_ERR_INTERNAL_ERROR, "internal error")
+#else
+# define RAISE_INTERNAL_ERROR(qtls) \
+    RAISE_ERROR((qtls), 0x01, "internal error")
+#endif
 
 int ossl_quic_tls_configure(QUIC_TLS *qtls)
 {
@@ -699,7 +714,7 @@ int ossl_quic_tls_configure(QUIC_TLS *qtls)
 
     if (!ossl_tls_add_custom_ext_intern(NULL, &sc->cert->custext,
                                         qtls->args.is_server ? ENDPOINT_SERVER
-                                                                : ENDPOINT_CLIENT,
+                                                             : ENDPOINT_CLIENT,
                                         TLSEXT_TYPE_quic_transport_parameters,
                                         SSL_EXT_TLS1_3_ONLY
                                         | SSL_EXT_CLIENT_HELLO
@@ -714,6 +729,7 @@ int ossl_quic_tls_configure(QUIC_TLS *qtls)
     return 1;
 }
 
+#ifndef OPENSSL_NO_QUIC
 int ossl_quic_tls_tick(QUIC_TLS *qtls)
 {
     int ret, err;
@@ -829,6 +845,7 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
     ERR_pop_to_mark();
     return 1;
 }
+#endif
 
 int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
                                        const unsigned char *transport_params,

diff --git a/ssl/quic/quic_tls_api.c b/ssl/quic/quic_tls_api.c
index 504cfe3667a0dd2ce4e56a2bb61e3c87e33a6be1..11b008c64ec7078910395c3a92a54037a9a5d53b 100644 (file)
--- a/ssl/quic/quic_tls_api.c
+++ b/ssl/quic/quic_tls_api.c
@@ -139,7 +139,7 @@ int SSL_set_quic_tls_cbs(SSL *s, const OSSL_DISPATCH *qtdis, void *arg)
     }
 
     if (!tls_callbacks_from_dispatch(&sc->qtcb, qtdis))
-        /* ERR_raise already called*/
+        /* ERR_raise already called */
         return 0;
 
     sc->qtarg = arg;

diff --git a/ssl/ssl_local.h b/ssl/ssl_local.h
index ec8d934f32ea28ce9758230139000e4c321e7a33..45d898bc55ab712f340f6f41b1b8c47b9eff6b45 100644 (file)
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@@ -39,6 +39,7 @@
 # include "internal/cryptlib.h"
 # include "record/record.h"
 # include "internal/quic_predef.h"
+# include "internal/quic_tls.h"
 
 # ifdef OPENSSL_BUILD_SHLIBSSL
 #  undef OPENSSL_EXTERN

diff --git a/test/sslapitest.c b/test/sslapitest.c
index 9428c1f59ddfe5525dc5caeaf94fb3adf16088aa..373f4e69928cbf0d4ce7a8a61c5359a0e622393c 100644 (file)
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@@ -12403,7 +12403,7 @@ static int test_alpn(int idx)
     return testresult;
 }
 
-#if !defined(OPENSSL_NO_QUIC) && !defined(OSSL_NO_USABLE_TLS1_3)
+#if !defined(OSSL_NO_USABLE_TLS1_3)
 struct quic_tls_test_data {
     struct quic_tls_test_data *peer;
     uint32_t renc_level;
@@ -12622,7 +12622,7 @@ static int test_quic_tls(void)
 
     return testresult;
 }
-#endif /* !defined(OPENSSL_NO_QUIC) && !defined(OSSL_NO_USABLE_TLS1_3) */
+#endif /* !defined(OSSL_NO_USABLE_TLS1_3) */
 
 OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")
 
@@ -12946,7 +12946,7 @@ int setup_tests(void)
     ADD_ALL_TESTS(test_npn, 5);
 #endif
     ADD_ALL_TESTS(test_alpn, 4);
-#if !defined(OPENSSL_NO_QUIC) && !defined(OSSL_NO_USABLE_TLS1_3)
+#if !defined(OSSL_NO_USABLE_TLS1_3)
     ADD_TEST(test_quic_tls);
 #endif
     return 1;