diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 0fbea9ea6..da79a08a9 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -212,7 +212,19 @@ extern "C" { // hasn't been a problem in practice since it's QUIC-only). Drafts 33 onward // use the value 57 which was officially registered with IANA. #define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5 -#define TLSEXT_TYPE_quic_transport_parameters 57 +#define TLSEXT_TYPE_quic_transport_parameters_standard 57 + +// TLSEXT_TYPE_quic_transport_parameters is an alias for +// |TLSEXT_TYPE_quic_transport_parameters_legacy|. It will switch to +// |TLSEXT_TYPE_quic_transport_parameters_standard| at a later date. +// +// Callers using |SSL_set_quic_use_legacy_codepoint| should use +// |TLSEXT_TYPE_quic_transport_parameters_legacy| or +// |TLSEXT_TYPE_quic_transport_parameters_standard| rather than this constant. +// When the default code point is switched to the standard one, this value will +// be updated and we will transition callers back to the unsuffixed constant. +#define TLSEXT_TYPE_quic_transport_parameters \ + TLSEXT_TYPE_quic_transport_parameters_legacy // ExtensionType value from RFC8879 #define TLSEXT_TYPE_cert_compression 27 diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index d1d525cc7..637f4d5c6 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -6149,6 +6149,31 @@ TEST_F(QUICMethodTest, QuicLegacyCodepointServerOnly) { ASSERT_TRUE(RunQUICHandshakesAndExpectError(ExpectedError::kServerError)); } +// Test that the default QUIC code point is consistent with +// |TLSEXT_TYPE_quic_transport_parameters|. This test ensures we remember to +// update the two values together. +TEST_F(QUICMethodTest, QuicCodePointDefault) { + const SSL_QUIC_METHOD quic_method = DefaultQUICMethod(); + ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method)); + ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method)); + SSL_CTX_set_select_certificate_cb( + server_ctx_.get(), + [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { + const uint8_t *data; + size_t len; + if (!SSL_early_callback_ctx_extension_get( + client_hello, TLSEXT_TYPE_quic_transport_parameters, &data, + &len)) { + ADD_FAILURE() << "Could not find quic_transport_parameters extension"; + return ssl_select_cert_error; + } + return ssl_select_cert_success; + }); + + ASSERT_TRUE(CreateClientAndServer()); + ASSERT_TRUE(CompleteHandshakesForQUIC()); +} + extern "C" { int BORINGSSL_enum_c_type_test(void); } diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 5ca961099..342c17021 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -2794,7 +2794,7 @@ static bool ext_quic_transport_params_add_clienthello_impl( return true; } - uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters; + uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard; if (hs->config->quic_use_legacy_codepoint) { extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy; } @@ -2930,7 +2930,7 @@ static bool ext_quic_transport_params_add_serverhello_impl( return true; } - uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters; + uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard; if (hs->config->quic_use_legacy_codepoint) { extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy; } @@ -3399,7 +3399,7 @@ static const struct tls_extension kExtensions[] = { dont_add_serverhello, }, { - TLSEXT_TYPE_quic_transport_parameters, + TLSEXT_TYPE_quic_transport_parameters_standard, NULL, ext_quic_transport_params_add_clienthello, ext_quic_transport_params_parse_serverhello,