From c47bfce062cc5a1b462176be626338224ae2a346 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 20 Jan 2021 17:10:32 -0500 Subject: [PATCH] Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now. QUICHE currently does not know to call SSL_set_quic_use_legacy_codepoint, picking up the current default of the legacy code point. It then assumes that the TLSEXT_TYPE_quic_transport_parameters constant may be used to extract transport parameters, so after https://boringssl-review.googlesource.com/c/boringssl/+/44704, it breaks. To smooth over the transition, we now define three constants: TLSEXT_TYPE_quic_transport_parameters_legacy, TLSEXT_TYPE_quic_transport_parameters_standard, and the old constant. The old constant will match whatever the default is (for now, legacy) so the default is self-consistent. Then plan is then: 1. BoringSSL switches to the state in this CL: the default code point and constant are the legacy one, but there are APIs to specify the code point. This will not affect QUICHE, which only uses the defaults. 2. QUICHE calls SSL_set_quic_use_legacy_codepoint and uses the corresponding _legacy or _standard constant. It should *not* use the unsuffixed constant at this point. 3. BoringSSL switches the default setting and the constant to the standard code point. This will not affect QUICHE, which explicitly configures the code point it wants. 4. Optional: BoringSSL won't switch the default back to legacy, so QUICHE can switch _standard to unsuffixed and BoringSSL can remove the _standard alias (but not the function) early. 5. When QUICHE no longer needs both code points, it unwinds the SSL_set_quic_use_legacy_codepoint code and switches back to the unsuffixed constant. 6. BoringSSL removes all this scaffolding now that it's no longer needed. Update-Note: This this fixes a compatibility issue with https://boringssl-review.googlesource.com/c/boringssl/+/44704. Change-Id: I9f75845aba58ba93e9665cd6f05bcd080eb5f139 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45124 Reviewed-by: David Schinazi Reviewed-by: David Benjamin Commit-Queue: David Benjamin --- include/openssl/tls1.h | 14 +++++++++++++- ssl/ssl_test.cc | 25 +++++++++++++++++++++++++ ssl/t1_lib.cc | 6 +++--- 3 files changed, 41 insertions(+), 4 deletions(-) diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h index 0fbea9ea6..da79a08a9 100644 --- a/include/openssl/tls1.h +++ b/include/openssl/tls1.h @@ -212,7 +212,19 @@ extern "C" { // hasn't been a problem in practice since it's QUIC-only). Drafts 33 onward // use the value 57 which was officially registered with IANA. #define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5 -#define TLSEXT_TYPE_quic_transport_parameters 57 +#define TLSEXT_TYPE_quic_transport_parameters_standard 57 + +// TLSEXT_TYPE_quic_transport_parameters is an alias for +// |TLSEXT_TYPE_quic_transport_parameters_legacy|. It will switch to +// |TLSEXT_TYPE_quic_transport_parameters_standard| at a later date. +// +// Callers using |SSL_set_quic_use_legacy_codepoint| should use +// |TLSEXT_TYPE_quic_transport_parameters_legacy| or +// |TLSEXT_TYPE_quic_transport_parameters_standard| rather than this constant. +// When the default code point is switched to the standard one, this value will +// be updated and we will transition callers back to the unsuffixed constant. +#define TLSEXT_TYPE_quic_transport_parameters \ + TLSEXT_TYPE_quic_transport_parameters_legacy // ExtensionType value from RFC8879 #define TLSEXT_TYPE_cert_compression 27 diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc index d1d525cc7..637f4d5c6 100644 --- a/ssl/ssl_test.cc +++ b/ssl/ssl_test.cc @@ -6149,6 +6149,31 @@ TEST_F(QUICMethodTest, QuicLegacyCodepointServerOnly) { ASSERT_TRUE(RunQUICHandshakesAndExpectError(ExpectedError::kServerError)); } +// Test that the default QUIC code point is consistent with +// |TLSEXT_TYPE_quic_transport_parameters|. This test ensures we remember to +// update the two values together. +TEST_F(QUICMethodTest, QuicCodePointDefault) { + const SSL_QUIC_METHOD quic_method = DefaultQUICMethod(); + ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method)); + ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method)); + SSL_CTX_set_select_certificate_cb( + server_ctx_.get(), + [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t { + const uint8_t *data; + size_t len; + if (!SSL_early_callback_ctx_extension_get( + client_hello, TLSEXT_TYPE_quic_transport_parameters, &data, + &len)) { + ADD_FAILURE() << "Could not find quic_transport_parameters extension"; + return ssl_select_cert_error; + } + return ssl_select_cert_success; + }); + + ASSERT_TRUE(CreateClientAndServer()); + ASSERT_TRUE(CompleteHandshakesForQUIC()); +} + extern "C" { int BORINGSSL_enum_c_type_test(void); } diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 5ca961099..342c17021 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -2794,7 +2794,7 @@ static bool ext_quic_transport_params_add_clienthello_impl( return true; } - uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters; + uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard; if (hs->config->quic_use_legacy_codepoint) { extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy; } @@ -2930,7 +2930,7 @@ static bool ext_quic_transport_params_add_serverhello_impl( return true; } - uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters; + uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard; if (hs->config->quic_use_legacy_codepoint) { extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy; } @@ -3399,7 +3399,7 @@ static const struct tls_extension kExtensions[] = { dont_add_serverhello, }, { - TLSEXT_TYPE_quic_transport_parameters, + TLSEXT_TYPE_quic_transport_parameters_standard, NULL, ext_quic_transport_params_add_clienthello, ext_quic_transport_params_parse_serverhello,