diff options
| -rw-r--r-- | doc/designs/quic-design/quic-api.md | 4 | ||||
| -rw-r--r-- | doc/designs/quic-design/quic-fault-injector.md | 30 | ||||
| -rw-r--r-- | doc/man3/SSL_accept_stream.pod | 6 | ||||
| -rw-r--r-- | doc/man3/SSL_get_version.pod | 21 | ||||
| -rw-r--r-- | doc/man3/SSL_handle_events.pod | 8 | ||||
| -rw-r--r-- | doc/man3/SSL_shutdown.pod | 8 | ||||
| -rw-r--r-- | doc/man3/SSL_stream_conclude.pod | 16 | ||||
| -rw-r--r-- | include/internal/quic_stream_map.h | 4 | ||||
| -rw-r--r-- | ssl/quic/cc_newreno.c | 2 | ||||
| -rw-r--r-- | ssl/quic/quic_ackm.c | 5 | ||||
| -rw-r--r-- | ssl/quic/quic_channel.c | 16 | ||||
| -rw-r--r-- | ssl/quic/quic_impl.c | 10 | ||||
| -rw-r--r-- | ssl/quic/quic_local.h | 2 | ||||
| -rw-r--r-- | ssl/quic/quic_reactor.c | 16 | ||||
| -rw-r--r-- | ssl/quic/quic_rstream.c | 1 | ||||
| -rw-r--r-- | ssl/quic/quic_rx_depack.c | 12 | ||||
| -rw-r--r-- | ssl/quic/quic_stream_map.c | 2 | ||||
| -rw-r--r-- | ssl/quic/quic_trace.c | 4 | ||||
| -rw-r--r-- | ssl/quic/quic_txp.c | 4 | ||||
| -rw-r--r-- | ssl/quic/quic_wire_pkt.c | 2 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 18 |
21 files changed, 84 insertions, 107 deletions
diff --git a/doc/designs/quic-design/quic-api.md b/doc/designs/quic-design/quic-api.md index c3d21514ad..332293716d 100644 --- a/doc/designs/quic-design/quic-api.md +++ b/doc/designs/quic-design/quic-api.md @@ -631,10 +631,6 @@ object (i.e., a single bytestream); those components may well already call `SSL_shutdown` and it is not desired for such calls to affect the whole connection. -**TBD:** Should we allow `SSL_shutdown_ex` on a QUIC stream SSL object to act as -`SSL_stream_conclude`? Should we require this behaviour to be explicitly -enabled? - The `args->quic_error_code` and `args->reason` fields allow the application error code and reason string for the closure of a QUIC connection to be specified. If `args` or `args->reason` is `NULL`, a zero-length string is used diff --git a/doc/designs/quic-design/quic-fault-injector.md b/doc/designs/quic-design/quic-fault-injector.md index b77e2526c2..a60763518f 100644 --- a/doc/designs/quic-design/quic-fault-injector.md +++ b/doc/designs/quic-design/quic-fault-injector.md @@ -189,8 +189,8 @@ initial API will provide a basic set of listeners and helper functions in order to provide the basis for future work. The following outlines an illustrative set of functions that will initially be -provided. A number of `TODO(QUIC)` comments are inserted to explain how we -might expand the API over time: +provided. A number of `TODO(QUIC TESTING)` comments are inserted to explain how +we might expand the API over time: ```` C /* Type to represent the Fault Injector */ @@ -295,15 +295,15 @@ int ossl_quic_fault_set_handshake_listener(OSSL_QUIC_FAULT *fault, int ossl_quic_fault_resize_handshake(OSSL_QUIC_FAULT *fault, size_t newlen); /* - * TODO(QUIC): Add listeners for specific types of frame here. E.g. we might - * expect to see an "ACK" frame listener which will be passed pre-parsed ack - * data that can be modified as required. + * TODO(QUIC TESTING): Add listeners for specific types of frame here. E.g. + * we might expect to see an "ACK" frame listener which will be passed + * pre-parsed ack data that can be modified as required. */ /* * Handshake message specific listeners. Unlike the general handshake message * listener these messages are pre-parsed and supplied with message specific - * data and exclude the handshake header + * data and exclude the handshake header. */ typedef int (*ossl_quic_fault_on_enc_ext_cb)(OSSL_QUIC_FAULT *fault, OSSL_QF_ENCRYPTED_EXTENSIONS *ee, @@ -314,7 +314,7 @@ int ossl_quic_fault_set_hand_enc_ext_listener(OSSL_QUIC_FAULT *fault, ossl_quic_fault_on_enc_ext_cb encextcb, void *encextcbarg); -/* TODO(QUIC): Add listeners for other types of handshake message here */ +/* TODO(QUIC TESTING): Add listeners for other types of handshake message here */ /* @@ -338,9 +338,9 @@ int ossl_quic_fault_delete_extension(OSSL_QUIC_FAULT *fault, size_t *extlen); /* - * TODO(QUIC): Add additional helper functions for querying extensions here (e.g. - * finding or adding them). We could also provide a "listener" API for listening - * for specific extension types + * TODO(QUIC TESTING): Add additional helper functions for querying extensions + * here (e.g. finding or adding them). We could also provide a "listener" API + * for listening for specific extension types. */ /* @@ -465,19 +465,9 @@ static int test_unknown_frame(void) if (!TEST_int_eq(SSL_get_error(cssl, ret), SSL_ERROR_SSL)) goto err; -#if 0 - /* - * TODO(QUIC): We should expect an error on the queue after this - but we - * don't have it yet. - * Note, just raising the error in the obvious place causes SSL_tick() to - * succeed, but leave a spurious error on the stack. We need to either - * allow SSL_tick() to fail, or somehow delay the raising of the error - * until the SSL_read() call. - */ if (!TEST_int_eq(ERR_GET_REASON(ERR_peek_error()), SSL_R_UNKNOWN_FRAME_TYPE_RECEIVED)) goto err; -#endif if (!TEST_true(qtest_check_server_protocol_err(qtserv))) goto err; diff --git a/doc/man3/SSL_accept_stream.pod b/doc/man3/SSL_accept_stream.pod index d2a0644561..ce7c626960 100644 --- a/doc/man3/SSL_accept_stream.pod +++ b/doc/man3/SSL_accept_stream.pod @@ -45,7 +45,8 @@ TODO(QUIC): Revise in MSMT PR to mention threading considerations. Depending on whether default stream functionality is being used, it may be necessary to explicitly configure the incoming stream policy before streams can -be accepted; see L<SSL_set_incoming_stream_policy(3)>. +be accepted; see L<SSL_set_incoming_stream_policy(3)>. See also +L<openssl-quic(7)/MODES OF OPERATION>. =begin comment @@ -67,7 +68,8 @@ a QUIC connection SSL object. =head1 SEE ALSO -L<SSL_new_stream(3)>, L<SSL_set_blocking_mode(3)>, L<SSL_free(3)> +L<openssl-quic(7)/MODES OF OPERATION>, L<SSL_new_stream(3)>, +L<SSL_set_blocking_mode(3)>, L<SSL_free(3)> =head1 HISTORY diff --git a/doc/man3/SSL_get_version.pod b/doc/man3/SSL_get_version.pod index d420ab0b63..04b8eea61d 100644 --- a/doc/man3/SSL_get_version.pod +++ b/doc/man3/SSL_get_version.pod @@ -21,14 +21,16 @@ SSL_version - get the protocol information of a connection =head1 DESCRIPTION -SSL_client_version() returns the numeric protocol version advertised by the -client in the legacy_version field of the ClientHello when initiating the -connection. Note that, for TLS, this value will never indicate a version greater -than TLSv1.2 even if TLSv1.3 is subsequently negotiated. SSL_get_version() -returns the name of the protocol used for the connection. SSL_version() returns -the numeric protocol version used for the connection. They should only be called -after the initial handshake has been completed. Prior to that the results -returned from these functions may be unreliable. +For SSL, TLS and DTLS protocols SSL_client_version() returns the numeric +protocol version advertised by the client in the legacy_version field of the +ClientHello when initiating the connection. Note that, for TLS, this value +will never indicate a version greater than TLSv1.2 even if TLSv1.3 is +subsequently negotiated. For QUIC connections it returns OSSL_QUIC1_VERSION. + +SSL_get_version() returns the name of the protocol used for the connection. +SSL_version() returns the numeric protocol version used for the connection. +They should only be called after the initial handshake has been completed. +Prior to that the results returned from these functions may be unreliable. SSL_is_dtls() returns 1 if the connection is using DTLS or 0 if not. @@ -125,8 +127,7 @@ The connection uses the DTLSv1.2 protocol =item OSSL_QUIC1_VERSION -The connection uses the QUICv1 protocol (never returned for -SSL_client_version()). +The connection uses the QUICv1 protocol. =back diff --git a/doc/man3/SSL_handle_events.pod b/doc/man3/SSL_handle_events.pod index e02eb33ee1..64ed20dc41 100644 --- a/doc/man3/SSL_handle_events.pod +++ b/doc/man3/SSL_handle_events.pod @@ -64,11 +64,9 @@ will be made to the object for a substantial period of time. So long as at least one call to the SSL object is blocking, no such call is needed. However, SSL_handle_events() may optionally be used on a QUIC connection object if desired. -=begin comment - -TODO(QUIC): Update the above paragraph once we support thread assisted mode. - -=end comment +With the thread-assisted mode of operation L<OSSL_QUIC_client_thread_method(3)> +it is unnecessary to call SSL_handle_events() as the assist thread handles the QUIC +connection events. =back diff --git a/doc/man3/SSL_shutdown.pod b/doc/man3/SSL_shutdown.pod index f0bdc5dd74..e297c23f79 100644 --- a/doc/man3/SSL_shutdown.pod +++ b/doc/man3/SSL_shutdown.pod @@ -105,12 +105,6 @@ zero-initialised B<SSL_SHUTDOWN_EX_ARGS> structure. When used with a non-QUIC SSL object, the arguments are ignored and the call functions identically to SSL_shutdown(). -=begin comment - -TODO(QUIC): Once streams are implemented, revise this text - -=end comment - When used with a QUIC connection SSL object, SSL_shutdown_ex() initiates a QUIC immediate close. The I<quic_error_code> field can be used to specify a 62-bit application error code to be signalled via QUIC. The value specified must be in @@ -263,6 +257,8 @@ BIOs. It can also occur when not all data was read using SSL_read(). +This value is also returned when called on QUIC stream SSL objects. + =back =head1 SEE ALSO diff --git a/doc/man3/SSL_stream_conclude.pod b/doc/man3/SSL_stream_conclude.pod index a357372212..9473ad0b9e 100644 --- a/doc/man3/SSL_stream_conclude.pod +++ b/doc/man3/SSL_stream_conclude.pod @@ -13,8 +13,8 @@ SSL_stream_conclude - conclude the sending part of a QUIC stream =head1 DESCRIPTION SSL_stream_conclude() signals the normal end-of-stream condition for the send -part of a QUIC stream. If called on a QUIC connection SSL object, it signals the -end of the single stream to the peer. +part of a QUIC stream. If called on a QUIC connection SSL object with an +associated default stream, it signals the end of the single stream to the peer. Any data already queued for transmission via a call to SSL_write() will still be written in a reliable manner before the end-of-stream is signalled, assuming the @@ -32,23 +32,17 @@ I<flags> is reserved and should be set to 0. Only the first call to this function has any effect for a given stream; subsequent calls are no-ops. This is considered a success case. -=begin comment - -TODO(QUIC): Once streams are implemented, revise this text - -=end comment - -This function is not supported on non-QUIC SSL objects. +This function is not supported on an object other than a QUIC stream SSL object. =head1 RETURN VALUES Returns 1 on success and 0 on failure. -Returns 0 if called on a non-QUIC SSL object. +Returns 0 if called on an SSL object not representing a QUIC stream. =head1 SEE ALSO -L<ssl(7)>, L<SSL_shutdown_ex(3)> +L<openssl-quic(7)>, L<ssl(7)>, L<SSL_shutdown_ex(3)> =head1 HISTORY diff --git a/include/internal/quic_stream_map.h b/include/internal/quic_stream_map.h index 74bfed7c8b..10b3cfa32c 100644 --- a/include/internal/quic_stream_map.h +++ b/include/internal/quic_stream_map.h @@ -297,8 +297,8 @@ struct quic_stream_st { * reasonably certain no benefit would be gained by sending * STOP_SENDING.] * - * TODO(QUIC): Implement the latter case (currently we just - * always do STOP_SENDING). + * TODO(QUIC FUTURE): Implement the latter case (currently we + just always do STOP_SENDING). * * and; * diff --git a/ssl/quic/cc_newreno.c b/ssl/quic/cc_newreno.c index de4c10c6a2..1fe37c276e 100644 --- a/ssl/quic/cc_newreno.c +++ b/ssl/quic/cc_newreno.c @@ -36,7 +36,7 @@ typedef struct ossl_cc_newreno_st { #define MIN_MAX_INIT_WND_SIZE 14720 /* RFC 9002 s. 7.2 */ -/* TODO(QUIC): Pacing support. */ +/* TODO(QUIC FUTURE): Pacing support. */ static void newreno_set_max_dgram_size(OSSL_CC_NEWRENO *nr, size_t max_dgram_size); diff --git a/ssl/quic/quic_ackm.c b/ssl/quic/quic_ackm.c index 9e22bf2fc0..7c567eae77 100644 --- a/ssl/quic/quic_ackm.c +++ b/ssl/quic/quic_ackm.c @@ -927,7 +927,7 @@ static int ackm_set_loss_detection_timer(OSSL_ACKM *ackm) static int ackm_in_persistent_congestion(OSSL_ACKM *ackm, const OSSL_ACKM_TX_PKT *lpkt) { - /* TODO(QUIC): Persistent congestion not currently implemented. */ + /* TODO(QUIC FUTURE): Persistent congestion not currently implemented. */ return 0; } @@ -1284,7 +1284,8 @@ static void ackm_queue_probe_anti_deadlock_initial(OSSL_ACKM *ackm) static void ackm_queue_probe(OSSL_ACKM *ackm, int pkt_space) { /* - * TODO(QUIC): We are allowed to send either one or two probe packets here. + * TODO(QUIC FUTURE): We are allowed to send either one or two probe + * packets here. * Determine a strategy for when we should send two probe packets. */ ++ackm->pending_probe.pto[pkt_space]; diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 54ccf5d316..af3a1d051a 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -21,8 +21,8 @@ * not suitable for network use. In particular, it does not implement address * validation, anti-amplification or retry logic. * - * TODO(QUIC): Implement address validation and anti-amplification - * TODO(QUIC): Implement retry logic + * TODO(QUIC SERVER): Implement address validation and anti-amplification + * TODO(QUIC SERVER): Implement retry logic */ #define INIT_DCID_LEN 8 @@ -1380,7 +1380,7 @@ static int ch_on_transport_params(const unsigned char *params, case QUIC_TPARAM_PREFERRED_ADDR: { - /* TODO(QUIC): Handle preferred address. */ + /* TODO(QUIC FUTURE): Handle preferred address. */ QUIC_PREFERRED_ADDR pfa; /* @@ -1684,7 +1684,7 @@ static void ch_tick(QUIC_TICK_RESULT *res, void *arg, uint32_t flags) * again because packets that were not previously processable and * were deferred might now be processable. * - * TODO(QUIC): Consider handling this in the yield_secret callback. + * TODO(QUIC FUTURE): Consider handling this in the yield_secret callback. */ } while (ch->have_new_rx_secret); } @@ -1985,7 +1985,7 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch) return; /* - * TODO(QUIC): Theoretically this should probably be in the QRX. + * TODO(QUIC FUTURE): Theoretically this should probably be in the QRX. * However because validation is dependent on context (namely the * client's initial DCID) we can't do this cleanly. In the future we * should probably add a callback to the QRX to let it call us (via @@ -2011,8 +2011,8 @@ static void ch_rx_handle_packet(QUIC_CHANNEL *ch) return; /* - * TODO(QUIC): Implement 0-RTT on the server side. We currently do - * not need to implement this as a client can only do 0-RTT if we + * TODO(QUIC 0RTT): Implement 0-RTT on the server side. We currently + * do not need to implement this as a client can only do 0-RTT if we * have given it permission to in a previous session. */ break; @@ -2124,7 +2124,7 @@ static void ch_default_packet_handler(QUIC_URXE *e, void *arg) case QUIC_VERSION_NONE: default: /* Unknown version or proactive version negotiation request, bail. */ - /* TODO(QUIC): Handle version negotiation on server side */ + /* TODO(QUIC SERVER): Handle version negotiation on server side */ goto undesirable; } diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 89475f3889..ca00fcd476 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -375,7 +375,7 @@ SSL *ossl_quic_new(SSL_CTX *ctx) = (ssl_base->method == OSSL_QUIC_client_thread_method()); #endif - qc->as_server = 0; /* TODO(QUIC): server support */ + qc->as_server = 0; /* TODO(QUIC SERVER): add server support */ qc->as_server_state = qc->as_server; qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; @@ -547,7 +547,7 @@ int ossl_quic_clear(SSL *s) if (!expect_quic(s, &ctx)) return 0; - /* TODO(QUIC): Currently a no-op. */ + /* TODO(QUIC FUTURE): Currently a no-op. */ return 1; } @@ -1172,7 +1172,6 @@ int ossl_quic_conn_shutdown(SSL *s, uint64_t flags, return -1; if (ctx.is_stream) - /* TODO(QUIC): Semantics currently undefined for QSSOs */ return -1; quic_lock(ctx.qc); @@ -1412,7 +1411,6 @@ static int quic_do_handshake(QCTX *ctx) } if (qc->as_server != qc->as_server_state) { - /* TODO(QUIC): Must match the method used to create the QCSO */ QUIC_RAISE_NON_NORMAL_ERROR(ctx, ERR_R_PASSED_INVALID_ARGUMENT, NULL); return -1; /* Non-protocol error */ } @@ -1800,8 +1798,8 @@ static void quic_post_write(QUIC_XSO *xso, int did_append, int do_tick) /* * Try and send. * - * TODO(QUIC): It is probably inefficient to try and do this immediately, - * plus we should eventually consider Nagle's algorithm. + * TODO(QUIC FUTURE): It is probably inefficient to try and do this + * immediately, plus we should eventually consider Nagle's algorithm. */ if (do_tick) ossl_quic_reactor_tick(ossl_quic_channel_get_reactor(xso->conn->ch), 0); diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index eb6d3e4e6f..d00a63d556 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -293,7 +293,7 @@ const SSL_METHOD *func_name(void) \ ossl_quic_free, \ ossl_quic_reset, \ ossl_quic_init, \ - ossl_quic_clear, \ + NULL /* clear */, \ ossl_quic_deinit, \ q_accept, \ q_connect, \ diff --git a/ssl/quic/quic_reactor.c b/ssl/quic/quic_reactor.c index ef447b78c3..f89337b38e 100644 --- a/ssl/quic/quic_reactor.c +++ b/ssl/quic/quic_reactor.c @@ -342,14 +342,14 @@ int ossl_quic_reactor_block_until_pred(QUIC_REACTOR *rtor, * things again. If poll_two_fds returns 0, this is some other * non-timeout failure and we should stop here. * - * TODO(QUIC): In the future we could avoid unnecessary syscalls by - * not retrying network I/O that isn't ready based on the result of - * the poll call. However this might be difficult because it - * requires we do the call to poll(2) or equivalent syscall - * ourselves, whereas in the general case the application does the - * polling and just calls SSL_handle_events(). Implementing this - * optimisation in the future will probably therefore require API - * changes. + * TODO(QUIC FUTURE): In the future we could avoid unnecessary + * syscalls by not retrying network I/O that isn't ready based + * on the result of the poll call. However this might be difficult + * because it requires we do the call to poll(2) or equivalent + * syscall ourselves, whereas in the general case the application + * does the polling and just calls SSL_handle_events(). + * Implementing this optimisation in the future will probably + * therefore require API changes. */ return 0; } diff --git a/ssl/quic/quic_rstream.c b/ssl/quic/quic_rstream.c index 0b3c870661..c51bc2014c 100644 --- a/ssl/quic/quic_rstream.c +++ b/ssl/quic/quic_rstream.c @@ -280,7 +280,6 @@ int ossl_quic_rstream_move_to_rbuf(QUIC_RSTREAM *qrs) int ossl_quic_rstream_resize_rbuf(QUIC_RSTREAM *qrs, size_t rbuf_size) { - /* TODO(QUIC): Do we need to distinguish different error conditions ? */ if (ossl_sframe_list_is_head_locked(&qrs->fl)) return 0; diff --git a/ssl/quic/quic_rx_depack.c b/ssl/quic/quic_rx_depack.c index 9e10a0a032..a20aac61bf 100644 --- a/ssl/quic/quic_rx_depack.c +++ b/ssl/quic/quic_rx_depack.c @@ -332,7 +332,7 @@ static int depack_do_frame_new_token(PACKET *pkt, QUIC_CHANNEL *ch, return 0; } - /* TODO(QUIC): ADD CODE to send |token| to the session manager */ + /* TODO(QUIC FUTURE): ADD CODE to send |token| to the session manager */ return 1; } @@ -881,7 +881,7 @@ static int depack_do_frame_retire_conn_id(PACKET *pkt, * currently non-conformant and for internal testing use; simply handle it * as a no-op in this case. * - * TODO(QUIC): Revise and implement correctly for server support. + * TODO(QUIC SERVER): Revise and implement correctly for server support. */ if (!ch->is_server) { ossl_quic_channel_raise_protocol_error(ch, @@ -968,7 +968,7 @@ static int depack_do_frame_path_response(PACKET *pkt, return 0; } - /* TODO(QUIC): ADD CODE to send |frame_data| to the ch manager */ + /* TODO(QUIC MULTIPATH): ADD CODE to send |frame_data| to the ch manager */ return 1; } @@ -1378,8 +1378,8 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) /* Initialize |ackm_data| (and reinitialize |ok|)*/ memset(&ackm_data, 0, sizeof(ackm_data)); /* - * TODO(QUIC): ASSUMPTION: All packets that aren't special case have a - * packet number + * ASSUMPTION: All packets that aren't special case have a + * packet number. */ ackm_data.pkt_num = qpacket->pn; ackm_data.time = qpacket->time; @@ -1413,7 +1413,7 @@ int ossl_quic_handle_frames(QUIC_CHANNEL *ch, OSSL_QRX_PKT *qpacket) ok = 1; end: /* - * TODO(QUIC): ASSUMPTION: If this function is called at all, |qpacket| is + * ASSUMPTION: If this function is called at all, |qpacket| is * a legitimate packet, even if its contents aren't. * Therefore, we call ossl_ackm_on_rx_packet() unconditionally, as long as * |ackm_data| has at least been initialized. diff --git a/ssl/quic/quic_stream_map.c b/ssl/quic/quic_stream_map.c index b23429a378..5d4354a2df 100644 --- a/ssl/quic/quic_stream_map.c +++ b/ssl/quic/quic_stream_map.c @@ -290,7 +290,7 @@ static ossl_unused int qsm_send_part_permits_gc(const QUIC_STREAM *qs) static int qsm_ready_for_gc(QUIC_STREAM_MAP *qsm, QUIC_STREAM *qs) { - int recv_stream_fully_drained = 0; /* TODO(QUIC): Optimisation */ + int recv_stream_fully_drained = 0; /* TODO(QUIC FUTURE): Optimisation */ /* * If sstream has no FIN, we auto-reset it at marked-for-deletion time, so diff --git a/ssl/quic/quic_trace.c b/ssl/quic/quic_trace.c index 5a57e675f9..d881140294 100644 --- a/ssl/quic/quic_trace.c +++ b/ssl/quic/quic_trace.c @@ -578,8 +578,8 @@ int ossl_quic_trace(int write_p, int version, int content_type, return 0; /* Decode the packet header */ /* - * TODO(QUIC): We need to query the short connection id len here, - * e.g. via some API SSL_get_short_conn_id_len() + * TODO(QUIC SERVER): We need to query the short connection id len + * here, e.g. via some API SSL_get_short_conn_id_len() */ if (ossl_quic_wire_decode_pkt_hdr(&pkt, 0, 0, 1, &hdr, NULL) != 1) return 0; diff --git a/ssl/quic/quic_txp.c b/ssl/quic/quic_txp.c index 4768cd856b..1107a0778d 100644 --- a/ssl/quic/quic_txp.c +++ b/ssl/quic/quic_txp.c @@ -1276,7 +1276,7 @@ static int txp_should_try_staging(OSSL_QUIC_TX_PACKETISER *txp, * This is not a major concern for clients, since if a client has a 1-RTT EL * provisioned the server is guaranteed to also have a 1-RTT EL provisioned. * - * TODO(QUIC): Revisit this when server support is added. + * TODO(QUIC SERVER): Revisit this when server support is added. */ if (*conn_close_enc_level > enc_level && *conn_close_enc_level != QUIC_ENC_LEVEL_1RTT) @@ -1402,7 +1402,7 @@ static int sstream_is_pending(QUIC_SSTREAM *sstream) /* Determine how many bytes we should use for the encoded PN. */ static size_t txp_determine_pn_len(OSSL_QUIC_TX_PACKETISER *txp) { - return 4; /* TODO(QUIC) */ + return 4; /* TODO(QUIC FUTURE) */ } /* Determine plaintext packet payload length from payload length. */ diff --git a/ssl/quic/quic_wire_pkt.c b/ssl/quic/quic_wire_pkt.c index a96843aa9f..5185d7821b 100644 --- a/ssl/quic/quic_wire_pkt.c +++ b/ssl/quic/quic_wire_pkt.c @@ -854,7 +854,7 @@ int ossl_quic_calculate_retry_integrity_tag(OSSL_LIB_CTX *libctx, return 0; /* Create and initialise cipher context. */ - /* TODO(QUIC): Cipher fetch caching. */ + /* TODO(QUIC FUTURE): Cipher fetch caching. */ if ((cipher = EVP_CIPHER_fetch(libctx, "AES-128-GCM", propq)) == NULL) goto err; diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index 93c0b00bb5..c3a7882a5b 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -609,7 +609,6 @@ int ossl_ssl_connection_reset(SSL *s) ossl_statem_clear(sc); - /* TODO(QUIC): Version handling not yet clear */ sc->version = s->method->version; sc->client_version = sc->version; sc->rwstate = SSL_NOTHING; @@ -1997,7 +1996,7 @@ STACK_OF(X509) *SSL_get_peer_cert_chain(const SSL *s) int SSL_copy_session_id(SSL *t, const SSL *f) { int i; - /* TODO(QUIC): Not allowed for QUIC currently. */ + /* TODO(QUIC FUTURE): Not allowed for QUIC currently. */ SSL_CONNECTION *tsc = SSL_CONNECTION_FROM_SSL_ONLY(t); const SSL_CONNECTION *fsc = SSL_CONNECTION_FROM_CONST_SSL_ONLY(f); @@ -2654,7 +2653,7 @@ int SSL_write_early_data(SSL *s, const void *buf, size_t num, size_t *written) uint32_t partialwrite; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); - /* TODO(QUIC): This will need special handling for QUIC */ + /* TODO(QUIC 0RTT): This will need special handling for QUIC */ if (sc == NULL) return 0; @@ -2904,7 +2903,7 @@ long SSL_ctrl(SSL *s, int cmd, long larg, void *parg) long l; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); - /* TODO(QUIC): Special handling for some ctrls will be needed */ + /* TODO(QUIC FUTURE): Special handling for some ctrls will be needed */ if (sc == NULL) return 0; @@ -4873,7 +4872,7 @@ SSL *SSL_dup(SSL *s) { SSL *ret; int i; - /* TODO(QUIC): Add a SSL_METHOD function for duplication */ + /* TODO(QUIC FUTURE): Add a SSL_METHOD function for duplication */ SSL_CONNECTION *retsc; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); @@ -5174,7 +5173,6 @@ int SSL_version(const SSL *s) if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO) return OSSL_QUIC1_VERSION; #endif - /* TODO(QUIC): Do we want to report QUIC version this way instead? */ if (sc == NULL) return 0; @@ -5185,7 +5183,11 @@ int SSL_client_version(const SSL *s) { const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); - /* TODO(QUIC): Do we want to report QUIC version this way instead? */ +#ifndef OPENSSL_NO_QUIC + /* We only support QUICv1 - so if its QUIC its QUICv1 */ + if (s->type == SSL_TYPE_QUIC_CONNECTION || s->type == SSL_TYPE_QUIC_XSO) + return OSSL_QUIC1_VERSION; +#endif if (sc == NULL) return 0; @@ -5202,7 +5204,7 @@ SSL_CTX *SSL_set_SSL_CTX(SSL *ssl, SSL_CTX *ctx) CERT *new_cert; SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(ssl); - /* TODO(QUIC): Do we need this for QUIC support? */ + /* TODO(QUIC FUTURE): Add support for QUIC */ if (sc == NULL) return NULL; |