Define TLSEXT_TYPE_quic_transport_parameters to the old code point for now.
QUICHE currently does not know to call
SSL_set_quic_use_legacy_codepoint, picking up the current default of the
legacy code point. It then assumes that the
TLSEXT_TYPE_quic_transport_parameters constant may be used to extract
transport parameters, so after
https://boringssl-review.googlesource.com/c/boringssl/+/44704, it
breaks.
To smooth over the transition, we now define three constants:
TLSEXT_TYPE_quic_transport_parameters_legacy,
TLSEXT_TYPE_quic_transport_parameters_standard, and the old constant.
The old constant will match whatever the default is (for now, legacy) so
the default is self-consistent. Then plan is then:
1. BoringSSL switches to the state in this CL: the default code point
and constant are the legacy one, but there are APIs to specify the
code point. This will not affect QUICHE, which only uses the
defaults.
2. QUICHE calls SSL_set_quic_use_legacy_codepoint and uses the
corresponding _legacy or _standard constant. It should *not* use the
unsuffixed constant at this point.
3. BoringSSL switches the default setting and the constant to the
standard code point. This will not affect QUICHE, which explicitly
configures the code point it wants.
4. Optional: BoringSSL won't switch the default back to legacy, so
QUICHE can switch _standard to unsuffixed and BoringSSL
can remove the _standard alias (but not the function) early.
5. When QUICHE no longer needs both code points, it unwinds the
SSL_set_quic_use_legacy_codepoint code and switches back to the
unsuffixed constant.
6. BoringSSL removes all this scaffolding now that it's no longer
needed.
Update-Note: This this fixes a compatibility issue with
https://boringssl-review.googlesource.com/c/boringssl/+/44704.
Change-Id: I9f75845aba58ba93e9665cd6f05bcd080eb5f139
Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/45124
Reviewed-by: David Schinazi <dschinazi@google.com>
Reviewed-by: David Benjamin <davidben@google.com>
Commit-Queue: David Benjamin <davidben@google.com>
diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 0fbea9e..da79a08 100644
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -212,7 +212,19 @@
// hasn't been a problem in practice since it's QUIC-only). Drafts 33 onward
// use the value 57 which was officially registered with IANA.
#define TLSEXT_TYPE_quic_transport_parameters_legacy 0xffa5
-#define TLSEXT_TYPE_quic_transport_parameters 57
+#define TLSEXT_TYPE_quic_transport_parameters_standard 57
+
+// TLSEXT_TYPE_quic_transport_parameters is an alias for
+// |TLSEXT_TYPE_quic_transport_parameters_legacy|. It will switch to
+// |TLSEXT_TYPE_quic_transport_parameters_standard| at a later date.
+//
+// Callers using |SSL_set_quic_use_legacy_codepoint| should use
+// |TLSEXT_TYPE_quic_transport_parameters_legacy| or
+// |TLSEXT_TYPE_quic_transport_parameters_standard| rather than this constant.
+// When the default code point is switched to the standard one, this value will
+// be updated and we will transition callers back to the unsuffixed constant.
+#define TLSEXT_TYPE_quic_transport_parameters \
+ TLSEXT_TYPE_quic_transport_parameters_legacy
// ExtensionType value from RFC8879
#define TLSEXT_TYPE_cert_compression 27
diff --git a/ssl/ssl_test.cc b/ssl/ssl_test.cc
index d1d525c..637f4d5 100644
--- a/ssl/ssl_test.cc
+++ b/ssl/ssl_test.cc
@@ -6149,6 +6149,31 @@
ASSERT_TRUE(RunQUICHandshakesAndExpectError(ExpectedError::kServerError));
}
+// Test that the default QUIC code point is consistent with
+// |TLSEXT_TYPE_quic_transport_parameters|. This test ensures we remember to
+// update the two values together.
+TEST_F(QUICMethodTest, QuicCodePointDefault) {
+ const SSL_QUIC_METHOD quic_method = DefaultQUICMethod();
+ ASSERT_TRUE(SSL_CTX_set_quic_method(client_ctx_.get(), &quic_method));
+ ASSERT_TRUE(SSL_CTX_set_quic_method(server_ctx_.get(), &quic_method));
+ SSL_CTX_set_select_certificate_cb(
+ server_ctx_.get(),
+ [](const SSL_CLIENT_HELLO *client_hello) -> ssl_select_cert_result_t {
+ const uint8_t *data;
+ size_t len;
+ if (!SSL_early_callback_ctx_extension_get(
+ client_hello, TLSEXT_TYPE_quic_transport_parameters, &data,
+ &len)) {
+ ADD_FAILURE() << "Could not find quic_transport_parameters extension";
+ return ssl_select_cert_error;
+ }
+ return ssl_select_cert_success;
+ });
+
+ ASSERT_TRUE(CreateClientAndServer());
+ ASSERT_TRUE(CompleteHandshakesForQUIC());
+}
+
extern "C" {
int BORINGSSL_enum_c_type_test(void);
}
diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc
index 5ca96109..342c170 100644
--- a/ssl/t1_lib.cc
+++ b/ssl/t1_lib.cc
@@ -2794,7 +2794,7 @@
return true;
}
- uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
+ uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
if (hs->config->quic_use_legacy_codepoint) {
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
}
@@ -2930,7 +2930,7 @@
return true;
}
- uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters;
+ uint16_t extension_type = TLSEXT_TYPE_quic_transport_parameters_standard;
if (hs->config->quic_use_legacy_codepoint) {
extension_type = TLSEXT_TYPE_quic_transport_parameters_legacy;
}
@@ -3399,7 +3399,7 @@
dont_add_serverhello,
},
{
- TLSEXT_TYPE_quic_transport_parameters,
+ TLSEXT_TYPE_quic_transport_parameters_standard,
NULL,
ext_quic_transport_params_add_clienthello,
ext_quic_transport_params_parse_serverhello,
