diff options
author | Matt Caswell <matt@openssl.org> | 2023-03-29 16:25:00 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-04-04 09:06:18 +1000 |
commit | 50769b15ea76123406b5ccebe85b2402e64e9fc6 (patch) | |
tree | b16643909c459aa6c1dd2ca246d9e4915205b52f | |
parent | a76ccb9d0ddc24f6551afbc220b41fb3c4e64c6a (diff) |
Make sure we can query the SSL object for version info when using QUIC
We have the existing functions SSL_version(), SSL_get_version() and
SSL_is_dtls(). We extend the first two to return something sensible when
using QUIC. We additionally provide the new functions SSL_is_tls() and
SSL_is_quic() to provide a mechanism to figure out what protocol we are
using.
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20650)
-rw-r--r-- | include/openssl/prov_ssl.h | 4 | ||||
-rw-r--r-- | include/openssl/ssl.h.in | 2 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 40 | ||||
-rw-r--r-- | util/libssl.num | 2 |
4 files changed, 48 insertions, 0 deletions
diff --git a/include/openssl/prov_ssl.h b/include/openssl/prov_ssl.h index d3e0896c8e..b120ca4be4 100644 --- a/include/openssl/prov_ssl.h +++ b/include/openssl/prov_ssl.h @@ -19,6 +19,7 @@ extern "C" { # define SSL_MAX_MASTER_KEY_LENGTH 48 +/* SSL/TLS uses a 2 byte unsigned version number */ # define SSL3_VERSION 0x0300 # define TLS1_VERSION 0x0301 # define TLS1_1_VERSION 0x0302 @@ -28,6 +29,9 @@ extern "C" { # define DTLS1_2_VERSION 0xFEFD # define DTLS1_BAD_VER 0x0100 +/* QUIC uses a 4 byte unsigned version number */ +# define OSSL_QUIC1_VERSION 0x0000001 + # ifdef __cplusplus } # endif diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index 5cf6b319dc..38dc3e5172 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -1798,6 +1798,8 @@ __owur int SSL_CTX_set_session_id_context(SSL_CTX *ctx, SSL *SSL_new(SSL_CTX *ctx); int SSL_up_ref(SSL *s); int SSL_is_dtls(const SSL *s); +int SSL_is_tls(const SSL *s); +int SSL_is_quic(const SSL *s); __owur int SSL_set_session_id_context(SSL *ssl, const unsigned char *sid_ctx, unsigned int sid_ctx_len); diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index efd89cf461..eac7fd659e 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -928,12 +928,41 @@ int SSL_is_dtls(const SSL *s) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); +#ifndef OPENSSL_NO_QUIC + if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_STREAM) + return 0; +#endif + if (sc == NULL) return 0; return SSL_CONNECTION_IS_DTLS(sc) ? 1 : 0; } +int SSL_is_tls(const SSL *s) +{ + SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); + +#ifndef OPENSSL_NO_QUIC + if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_STREAM) + return 0; +#endif + + if (sc == NULL) + return 0; + + return SSL_CONNECTION_IS_DTLS(sc) ? 0 : 1; +} + +int SSL_is_quic(const SSL *s) +{ +#ifndef OPENSSL_NO_QUIC + if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_STREAM) + return 1; +#endif + return 0; +} + int SSL_up_ref(SSL *s) { int i; @@ -4741,6 +4770,12 @@ const char *SSL_get_version(const SSL *s) { const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); +#ifndef OPENSSL_NO_QUIC + /* We only support QUICv1 - so if its QUIC its QUICv1 */ + if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_STREAM) + return "QUICv1"; +#endif + if (sc == NULL) return NULL; @@ -5077,6 +5112,11 @@ int SSL_version(const SSL *s) { const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); +#ifndef OPENSSL_NO_QUIC + /* We only support QUICv1 - so if its QUIC its QUICv1 */ + if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_STREAM) + return OSSL_QUIC1_VERSION; +#endif /* TODO(QUIC): Do we want to report QUIC version this way instead? */ if (sc == NULL) return 0; diff --git a/util/libssl.num b/util/libssl.num index 6bb916d63e..6e60aa8e93 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -558,3 +558,5 @@ SSL_get_negotiated_client_cert_type ? 3_2_0 EXIST::FUNCTION: SSL_get_negotiated_server_cert_type ? 3_2_0 EXIST::FUNCTION: SSL_add_expected_rpk ? 3_2_0 EXIST::FUNCTION: d2i_SSL_SESSION_ex ? 3_2_0 EXIST::FUNCTION: +SSL_is_tls ? 3_2_0 EXIST::FUNCTION: +SSL_is_quic ? 3_2_0 EXIST::FUNCTION: |