QUIC TLS: Prohibit SRTP-related calls for QUIC TLS

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20061)

doc/man3/SSL_CTX_set_tlsext_use_srtp.pod

@@ -116,6 +116,8 @@ master key length and the salt length as defined for the protection profile in
 use. This provides the client write master key, the server write master key, the
 client write master salt and the server write master salt in that order.
 
+These functions cannot be used with QUIC SSL objects.
+
 =head1 RETURN VALUES
 
 SSL_CTX_set_tlsext_use_srtp() and SSL_set_tlsext_use_srtp() return 0 on success

ssl/d1_srtp.c

@@ -139,6 +139,9 @@ static int ssl_ctx_make_profiles(const char *profiles_string,
 
 int SSL_CTX_set_tlsext_use_srtp(SSL_CTX *ctx, const char *profiles)
 {
+    if (IS_QUIC_METHOD(ctx->method))
+        return 1;
+
     return ssl_ctx_make_profiles(profiles, &ctx->srtp_profiles);
 }
 
@@ -147,7 +150,7 @@ int SSL_set_tlsext_use_srtp(SSL *s, const char *profiles)
     SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
 
     if (sc == NULL)
-        return 0;
+        return 1;
 
     return ssl_ctx_make_profiles(profiles, &sc->srtp_profiles);
 }

ssl/quic/quic_impl.c

@@ -323,8 +323,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
     if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
          goto err;
     /* override the user_ssl of the inner connection */
-    sc->user_ssl = ssl_base;
-    sc->flags   |= TLS1_FLAGS_QUIC;
+    sc->user_ssl  = ssl_base;
+    sc->s3.flags |= TLS1_FLAGS_QUIC;
 
 #if defined(OPENSSL_THREADS)
     if ((qc->mutex = ossl_crypto_mutex_new()) == NULL)

ssl/quic/quic_local.h

@@ -216,7 +216,8 @@ void ossl_quic_conn_on_remote_conn_close(QUIC_CONNECTION *qc,
 int ossl_quic_trace(int write_p, int version, int content_type,
                     const void *buf, size_t msglen, SSL *ssl, void *arg);
 
-#  define OSSL_QUIC_ANY_VERSION 0xFFFFF
+#  define OSSL_QUIC_ANY_VERSION     0x5155
+#  define IS_QUIC_METHOD(m)         ((m)->version == OSSL_QUIC_ANY_VERSION)
 
 #  define QUIC_CONNECTION_FROM_SSL_int(ssl, c)   \
      ((ssl) == NULL ? NULL                       \

test/quicapitest.c

@@ -313,6 +313,36 @@ static int test_ssl_trace(void)
 }
 #endif
 
+/*
+ * Test that handshake-layer APIs which shouldn't work don't work with QUIC.
+ */
+static int test_quic_forbidden_apis(void)
+{
+    int testresult = 0;
+    SSL_CTX *ctx = NULL;
+    SSL *ssl = NULL;
+
+    if (!TEST_ptr(ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method())))
+        goto err;
+
+    /* This function returns 0 on success and 1 on error, and should fail. */
+    if (!TEST_true(SSL_CTX_set_tlsext_use_srtp(ctx, "SRTP_AEAD_AES_128_GCM")))
+        goto err;
+
+    if (!TEST_ptr(ssl = SSL_new(ctx)))
+        goto err;
+
+    /* This function returns 0 on success and 1 on error, and should fail. */
+    if (!TEST_true(SSL_set_tlsext_use_srtp(ssl, "SRTP_AEAD_AES_128_GCM")))
+        goto err;
+
+    testresult = 1;
+err:
+    SSL_free(ssl);
+    SSL_CTX_free(ctx);
+    return testresult;
+}
+
 OPT_TEST_DECLARE_USAGE("provider config certsdir datadir\n")
 
 int setup_tests(void)
@@ -374,7 +404,7 @@ int setup_tests(void)
 #if !defined(OPENSSL_NO_SSL_TRACE) && !defined(OPENSSL_NO_EC) && defined(OPENSSL_NO_ZLIB)
     ADD_TEST(test_ssl_trace);
 #endif
-
+    ADD_TEST(test_quic_forbidden_apis);
     return 1;
  err:
     cleanup_tests();