public/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Always use NULL BIOs when using the QUIC TLS API

Browse source 
Reviewed-by: Neil Horman <nhorman@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/27091)
This commit is contained in:
Matt Caswell 2025-03-18 12:51:29 +00:00 committed by Tomas Mraz
parent 445c0942cd
commit 228a26fde4
1 changed files with 11 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

22
ssl/quic/quic_tls.c
View file

@ -708,10 +708,21 @@ static int raise_error(QUIC_TLS *qtls, uint64_t error_code,
int ossl_quic_tls_configure(QUIC_TLS *qtls)
{
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
BIO *nullbio;
if (sc == NULL || !SSL_set_min_proto_version(qtls->args.s, TLS1_3_VERSION))
return RAISE_INTERNAL_ERROR(qtls);
nullbio = BIO_new(BIO_s_null());
if (nullbio == NULL)
return RAISE_INTERNAL_ERROR(qtls);
/*
* Our custom record layer doesn't use the BIO - but libssl generally
* expects one to be present.
*/
SSL_set_bio(qtls->args.s, nullbio, nullbio);
SSL_clear_options(qtls->args.s, SSL_OP_ENABLE_MIDDLEBOX_COMPAT);
ossl_ssl_set_custom_record_layer(sc, &quic_tls_record_method, qtls);
@ -768,7 +779,6 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
if (!qtls->configured) {
SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s);
SSL_CTX *sctx;
BIO *nullbio;
if (sc == NULL)
return RAISE_INTERNAL_ERROR(qtls);
@ -792,16 +802,6 @@ int ossl_quic_tls_tick(QUIC_TLS *qtls)
if (!ossl_quic_tls_configure(qtls))
return RAISE_INTERNAL_ERROR(qtls);
nullbio = BIO_new(BIO_s_null());
if (nullbio == NULL)
return RAISE_INTERNAL_ERROR(qtls);
/*
* Our custom record layer doesn't use the BIO - but libssl generally
* expects one to be present.
*/
SSL_set_bio(qtls->args.s, nullbio, nullbio);
if (qtls->args.is_server)
SSL_set_accept_state(qtls->args.s);
else