Enable the quic-tls API to work, even in the case of no-quic

Reviewed-by: Tim Hudson <tjh@openssl.org> Reviewed-by: Neil Horman <nhorman@openssl.org> Reviewed-by: Tomas Mraz <tomas@openssl.org> (Merged from https://github.com/openssl/openssl/pull/26683)
2025-04-12 20:30:52 +08:00 · 2025-01-03 15:57:47 +00:00 · 2025-01-03 15:57:47 +00:00 · c21e213b97
commit c21e213b97
parent 0c3e1f25b2
9 changed files with 61 additions and 48 deletions
--- a/include/internal/quic_predef.h
+++ b/include/internal/quic_predef.h
@ -14,7 +14,6 @@

 typedef struct quic_port_st QUIC_PORT;
 typedef struct quic_channel_st QUIC_CHANNEL;
-typedef struct quic_tls_st QUIC_TLS;
 typedef struct quic_txpim_st QUIC_TXPIM;
 typedef struct quic_fifd_st QUIC_FIFD;
 typedef struct quic_cfq_st QUIC_CFQ;
--- a/include/internal/quic_tls.h
+++ b/include/internal/quic_tls.h
@ -11,10 +11,8 @@
 # define OSSL_QUIC_TLS_H

 # include <openssl/ssl.h>
-# include "internal/quic_stream.h"
-# include "internal/quic_predef.h"

-# ifndef OPENSSL_NO_QUIC
+typedef struct quic_tls_st QUIC_TLS;

 typedef struct quic_tls_args_st {
    /*
@ -44,7 +42,6 @@ typedef struct quic_tls_args_st {
    int (*crypto_release_rcd_cb)(size_t bytes_read, void *arg);
    void *crypto_release_rcd_cb_arg;

-
    /*
     * Called when a traffic secret is available for a given TLS protection
     * level.
@ -111,6 +108,4 @@ int ossl_quic_tls_get_error(QUIC_TLS *qtls,
 int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls);
 int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls);

-# endif
-
 #endif
--- a/ssl/build.info
+++ b/ssl/build.info
@ -1,11 +1,7 @@
-SUBDIRS=record rio
+SUBDIRS=record rio quic

 LIBS=../libssl

-IF[{- !$disabled{quic} -}]
-  SUBDIRS=quic
-ENDIF
-
 SOURCE[../libssl]=\
        pqueue.c \
        statem/statem_srvr.c statem/statem_clnt.c  s3_lib.c  s3_enc.c \
--- a/ssl/quic/build.info
+++ b/ssl/quic/build.info
@ -1,24 +1,28 @@
 $LIBSSL=../../libssl

-SOURCE[$LIBSSL]=quic_method.c quic_impl.c quic_wire.c quic_ackm.c quic_statm.c
-SOURCE[$LIBSSL]=cc_newreno.c quic_demux.c quic_record_rx.c
-SOURCE[$LIBSSL]=quic_record_tx.c quic_record_util.c quic_record_shared.c quic_wire_pkt.c
-SOURCE[$LIBSSL]=quic_rx_depack.c
-SOURCE[$LIBSSL]=quic_fc.c uint_set.c
-SOURCE[$LIBSSL]=quic_cfq.c quic_txpim.c quic_fifd.c quic_txp.c
-SOURCE[$LIBSSL]=quic_stream_map.c
-SOURCE[$LIBSSL]=quic_sf_list.c quic_rstream.c quic_sstream.c
-SOURCE[$LIBSSL]=quic_reactor.c
-SOURCE[$LIBSSL]=quic_channel.c quic_port.c quic_engine.c
-SOURCE[$LIBSSL]=quic_tserver.c
+#QUIC TLS API is available even in the event of no-quic
 SOURCE[$LIBSSL]=quic_tls.c quic_tls_api.c
-SOURCE[$LIBSSL]=quic_thread_assist.c
-SOURCE[$LIBSSL]=quic_trace.c
-SOURCE[$LIBSSL]=quic_srtm.c quic_srt_gen.c
-SOURCE[$LIBSSL]=quic_lcidm.c quic_rcidm.c
-SOURCE[$LIBSSL]=quic_types.c
-SOURCE[$LIBSSL]=qlog_event_helpers.c
-IF[{- !$disabled{qlog} -}]
-  SOURCE[$LIBSSL]=json_enc.c qlog.c
-  SHARED_SOURCE[$LIBSSL]=../../crypto/getenv.c ../../crypto/ctype.c
+
+IF[{- !$disabled{quic} -}]
+  SOURCE[$LIBSSL]=quic_method.c quic_impl.c quic_wire.c quic_ackm.c quic_statm.c
+  SOURCE[$LIBSSL]=cc_newreno.c quic_demux.c quic_record_rx.c
+  SOURCE[$LIBSSL]=quic_record_tx.c quic_record_util.c quic_record_shared.c quic_wire_pkt.c
+  SOURCE[$LIBSSL]=quic_rx_depack.c
+  SOURCE[$LIBSSL]=quic_fc.c uint_set.c
+  SOURCE[$LIBSSL]=quic_cfq.c quic_txpim.c quic_fifd.c quic_txp.c
+  SOURCE[$LIBSSL]=quic_stream_map.c
+  SOURCE[$LIBSSL]=quic_sf_list.c quic_rstream.c quic_sstream.c
+  SOURCE[$LIBSSL]=quic_reactor.c
+  SOURCE[$LIBSSL]=quic_channel.c quic_port.c quic_engine.c
+  SOURCE[$LIBSSL]=quic_tserver.c
+  SOURCE[$LIBSSL]=quic_thread_assist.c
+  SOURCE[$LIBSSL]=quic_trace.c
+  SOURCE[$LIBSSL]=quic_srtm.c quic_srt_gen.c
+  SOURCE[$LIBSSL]=quic_lcidm.c quic_rcidm.c
+  SOURCE[$LIBSSL]=quic_types.c
+  SOURCE[$LIBSSL]=qlog_event_helpers.c
+  IF[{- !$disabled{qlog} -}]
+    SOURCE[$LIBSSL]=json_enc.c qlog.c
+    SHARED_SOURCE[$LIBSSL]=../../crypto/getenv.c ../../crypto/ctype.c
+  ENDIF
 ENDIF
--- a/ssl/quic/quic_channel_local.h
+++ b/ssl/quic/quic_channel_local.h
@ -10,6 +10,7 @@
 #  include "internal/quic_predef.h"
 #  include "internal/quic_fc.h"
 #  include "internal/quic_stream_map.h"
+#  include "internal/quic_tls.h"

 /*
 * QUIC Channel Structure
--- a/ssl/quic/quic_tls.c
+++ b/ssl/quic/quic_tls.c
@ -11,6 +11,7 @@
 #include "internal/quic_tls.h"
 #include "../ssl_local.h"
 #include "internal/quic_error.h"
+#include "internal/quic_types.h"

 #define QUIC_TLS_FATAL(rl, ad, err) \
    do { \
@ -143,6 +144,7 @@ quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
        qdir = 1;

    if (rl->qtls->args.ossl_quic) {
+#ifndef OPENSSL_NO_QUIC
        /*
         * We only look up the suite_id/MD for internal callers. Not used in the
         * public API. We assume that a 3rd party QUIC stack will want to
@ -166,6 +168,10 @@ quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers,
            QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR);
            goto err;
        }
+#else
+        if (!ossl_assert("Should not happen" == NULL))
+            goto err;
+#endif
    }

    if (!rl->qtls->args.yield_secret_cb(level, qdir, suite_id,
@ -632,7 +638,7 @@ QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args)
    if (qtls == NULL)
        return NULL;

-    if ((qtls->error_state = OSSL_ERR_STATE_new()) == NULL) {
+    if (args->ossl_quic && (qtls->error_state = OSSL_ERR_STATE_new()) == NULL) {
        OPENSSL_free(qtls);
        return NULL;
    }
@ -660,23 +666,27 @@ static int raise_error(QUIC_TLS *qtls, uint64_t error_code,
     * with any underlying libssl errors underneath it (but our cover error may
     * be the only error in some cases). Then capture this into an ERR_STATE so
     * we can report it later if need be when the QUIC_CHANNEL asks for it.
+     * For external QUIC TLS we just raise the error.
     */
    ERR_new();
    ERR_set_debug(src_file, src_line, src_func);
    ERR_set_error(ERR_LIB_SSL, SSL_R_QUIC_HANDSHAKE_LAYER_ERROR,
                  "handshake layer error, error code %llu (0x%llx) (\"%s\")",
                  error_code, error_code, error_msg);
-    OSSL_ERR_STATE_save_to_mark(qtls->error_state);

-    /*
-     * We record the error information reported via the QUIC protocol
-     * separately.
-     */
-    qtls->error_code        = error_code;
-    qtls->error_msg         = error_msg;
-    qtls->inerror           = 1;
+    if (qtls->args.ossl_quic) {
+        OSSL_ERR_STATE_save_to_mark(qtls->error_state);

-    ERR_pop_to_mark();
+        /*
+         * We record the error information reported via the QUIC protocol
+         * separately.
+         */
+        qtls->error_code        = error_code;
+        qtls->error_msg         = error_msg;
+        qtls->inerror           = 1;
+
+        ERR_pop_to_mark();
+    }
    return 0;
 }

@ -684,8 +694,13 @@ static int raise_error(QUIC_TLS *qtls, uint64_t error_code,
    raise_error((qtls), (error_code), (error_msg), \
                OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC)

-#define RAISE_INTERNAL_ERROR(qtls) \
+#ifndef OPENSSL_NO_QUIC
+# define RAISE_INTERNAL_ERROR(qtls) \
    RAISE_ERROR((qtls), OSSL_QUIC_ERR_INTERNAL_ERROR, "internal error")
+#else
+# define RAISE_INTERNAL_ERROR(qtls) \
+    RAISE_ERROR((qtls), 0x01, "internal error")
+#endif

 int ossl_quic_tls_configure(QUIC_TLS *qtls)
 {
@ -699,7 +714,7 @@ int ossl_quic_tls_configure(QUIC_TLS *qtls)

    if (!ossl_tls_add_custom_ext_intern(NULL, &sc->cert->custext,
                                        qtls->args.is_server ? ENDPOINT_SERVER
-                                                                : ENDPOINT_CLIENT,
+                                                             : ENDPOINT_CLIENT,
                                        TLSEXT_TYPE_quic_transport_parameters,
                                        SSL_EXT_TLS1_3_ONLY
                                        | SSL_EXT_CLIENT_HELLO
@ -714,6 +729,7 @@ int ossl_quic_tls_configure(QUIC_TLS *qtls)
    return 1;
 }

+#ifndef OPENSSL_NO_QUIC
 int ossl_quic_tls_tick(QUIC_TLS *qtls)
 {
    int ret, err;
@ -829,6 +845,7 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
    ERR_pop_to_mark();
    return 1;
 }
+#endif

 int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls,
                                       const unsigned char *transport_params,
--- a/ssl/quic/quic_tls_api.c
+++ b/ssl/quic/quic_tls_api.c
@ -139,7 +139,7 @@ int SSL_set_quic_tls_cbs(SSL *s, const OSSL_DISPATCH *qtdis, void *arg)
    }

    if (!tls_callbacks_from_dispatch(&sc->qtcb, qtdis))
-        /* ERR_raise already called*/
+        /* ERR_raise already called */
        return 0;

    sc->qtarg = arg;
--- a/ssl/ssl_local.h
+++ b/ssl/ssl_local.h
@ -39,6 +39,7 @@
 # include "internal/cryptlib.h"
 # include "record/record.h"
 # include "internal/quic_predef.h"
+# include "internal/quic_tls.h"

 # ifdef OPENSSL_BUILD_SHLIBSSL
 #  undef OPENSSL_EXTERN
--- a/test/sslapitest.c
+++ b/test/sslapitest.c
@ -12403,7 +12403,7 @@ static int test_alpn(int idx)
    return testresult;
 }

-#if !defined(OPENSSL_NO_QUIC) && !defined(OSSL_NO_USABLE_TLS1_3)
+#if !defined(OSSL_NO_USABLE_TLS1_3)
 struct quic_tls_test_data {
    struct quic_tls_test_data *peer;
    uint32_t renc_level;
@ -12622,7 +12622,7 @@ static int test_quic_tls(void)

    return testresult;
 }
-#endif /* !defined(OPENSSL_NO_QUIC) && !defined(OSSL_NO_USABLE_TLS1_3) */
+#endif /* !defined(OSSL_NO_USABLE_TLS1_3) */

 OPT_TEST_DECLARE_USAGE("certfile privkeyfile srpvfile tmpfile provider config dhfile\n")

@ -12946,7 +12946,7 @@ int setup_tests(void)
    ADD_ALL_TESTS(test_npn, 5);
 #endif
    ADD_ALL_TESTS(test_alpn, 4);
-#if !defined(OPENSSL_NO_QUIC) && !defined(OSSL_NO_USABLE_TLS1_3)
+#if !defined(OSSL_NO_USABLE_TLS1_3)
    ADD_TEST(test_quic_tls);
 #endif
    return 1;