Provide SSL_is_quic()

This function will allow code to know if the SSL connection is configured for use with QUIC or not. Also move existing SSL_.*quic.* functions under LIBRESSL_HAS_QUIC to prevent exposing them prematurely. ok beck@ tb@
author: jsing <> 2022-07-17 14:49:01 +0000
committer: jsing <> 2022-07-17 14:49:01 +0000
commit: 9a5c5e1c69f17531e3479df67eeb2305c4f664a6 (patch)
tree: 001241ad56345d0205d73382768f030dbfa74ebd /src
parent: c6790b2dbcb2ef873b873b313ce1e4d2d17d071b (diff)
download: openbsd-9a5c5e1c69f17531e3479df67eeb2305c4f664a6.tar.gz
openbsd-9a5c5e1c69f17531e3479df67eeb2305c4f664a6.tar.bz2
openbsd-9a5c5e1c69f17531e3479df67eeb2305c4f664a6.zip
3 files changed, 14 insertions, 5 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index d475cb24ba..03e30441e0 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.220 2022/07/12 14:42:48 kn Exp $ */
+/* $OpenBSD: ssl.h,v 1.221 2022/07/17 14:49:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1576,7 +1576,9 @@ int SSL_get_security_level(const SSL *ssl);
 void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
 int SSL_CTX_get_security_level(const SSL_CTX *ctx);
-#ifdef LIBRESSL_INTERNAL
+#if defined(LIBRESSL_HAS_QUIC) || defined(LIBRESSL_INTERNAL)
+int SSL_is_quic(const SSL *ssl);
 /*
 * SSL_set_quic_transport_params configures |ssl| to send |params| (of length
 * |params_len|) in the quic_transport_parameters extension in either the
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index 2cdcef444c..860a58ddd1 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.295 2022/07/02 16:31:04 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.296 2022/07/17 14:49:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -3316,6 +3316,12 @@ OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
 }
 int
+SSL_is_quic(const SSL *ssl)
+{
+        return ssl->quic_method != NULL;
+}
+int
 SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
    size_t params_len)
 {
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 0dc555f9db..a1b36e549a 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.413 2022/07/10 18:40:55 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.414 2022/07/17 14:49:01 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1066,7 +1066,8 @@ struct ssl_st {
         */
        int version;
-        const SSL_METHOD *method; /* SSLv3 */
+        const SSL_METHOD *method;
+        const void *quic_method; /* XXX */
        /* There are 2 BIO's even though they are normally both the
         * same.  This is so data can be read and written to different
author	jsing <>	2022-07-17 14:49:01 +0000
committer	jsing <>	2022-07-17 14:49:01 +0000
commit	9a5c5e1c69f17531e3479df67eeb2305c4f664a6 (patch)
tree	001241ad56345d0205d73382768f030dbfa74ebd /src
parent	c6790b2dbcb2ef873b873b313ce1e4d2d17d071b (diff)
download	openbsd-9a5c5e1c69f17531e3479df67eeb2305c4f664a6.tar.gz openbsd-9a5c5e1c69f17531e3479df67eeb2305c4f664a6.tar.bz2 openbsd-9a5c5e1c69f17531e3479df67eeb2305c4f664a6.zip