QUIC SSL: Block SSL_clear

Reviewed-by: Tomas Mraz <tomas@openssl.org> Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/20061)
2024-12-03 05:41:46 +08:00 · 2023-01-16 15:36:42 +00:00 · 2023-01-16 15:36:42 +00:00 · 5f69db396c
commit 5f69db396c
parent 764817c4aa
3 changed files with 10 additions and 4 deletions
--- a/doc/man3/SSL_clear.pod
+++ b/doc/man3/SSL_clear.pod
@ -34,6 +34,8 @@ server method, even if TLS_*_methods were chosen on startup. This
 will might lead to connection failures (see L<SSL_new(3)>)
 for a description of the method's properties.

+This function is not supported on QUIC SSL objects.
+
 =head1 WARNINGS

 SSL_clear() resets the SSL object to allow for another connection. The
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@ -493,7 +493,7 @@ void ossl_quic_deinit(SSL *s)
    /* No-op. */
 }

-/* SSL_reset */
+/* SSL_clear (ssl_reset method) */
 int ossl_quic_reset(SSL *s)
 {
    QCTX ctx;
@ -501,11 +501,11 @@ int ossl_quic_reset(SSL *s)
    if (!expect_quic(s, &ctx))
        return 0;

-    /* TODO(QUIC); Currently a no-op. */
-    return 1;
+    /* Not supported. */
+    return 0;
 }

-/* SSL_clear */
+/* ssl_clear method (unused) */
 int ossl_quic_clear(SSL *s)
 {
    QCTX ctx;
--- a/test/quicapitest.c
+++ b/test/quicapitest.c
@ -518,6 +518,10 @@ static int test_quic_forbidden_options(void)
    if (!TEST_ptr_null(SSL_dup(ssl)))
        goto err;

+    /* No clear */
+    if (!TEST_false(SSL_clear(ssl)))
+        goto err;
+
    testresult = 1;
 err:
    SSL_free(ssl);