Wire up SSL_QUIC_METHOD callbacks to the record layer callbacks for QUIC.

ok tb@
author: jsing <> 2022-08-21 19:39:44 +0000
committer: jsing <> 2022-08-21 19:39:44 +0000
commit: 7fe8799b48e0b5267eb3138fe5229520af2a9519 (patch)
tree: dd5f0acd7e713e5bbeb81e92110d0ff96c5443c0
parent: 3c351e711595523526ff652c526430c9865244a9 (diff)
download: openbsd-7fe8799b48e0b5267eb3138fe5229520af2a9519.tar.gz
openbsd-7fe8799b48e0b5267eb3138fe5229520af2a9519.tar.bz2
openbsd-7fe8799b48e0b5267eb3138fe5229520af2a9519.zip
3 files changed, 59 insertions, 19 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index e93298c2db..989165b207 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1569,6 +1569,8 @@ ssl3_free(SSL *s)
        freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
        tls13_clienthello_hash_clear(&s->s3->hs.tls13);
+        tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
        sk_X509_pop_free(s->internal->verified_chain, X509_free);
@@ -1615,6 +1617,11 @@ ssl3_clear(SSL *s)
        s->s3->hs.tls13.cookie_len = 0;
        tls13_clienthello_hash_clear(&s->s3->hs.tls13);
+        tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
+        s->s3->hs.tls13.quic_read_buffer = NULL;
+        s->s3->hs.tls13.quic_read_level = ssl_encryption_initial;
+        s->s3->hs.tls13.quic_write_level = ssl_encryption_initial;
        s->s3->hs.extensions_seen = 0;
        rp = s->s3->rbuf.buf;
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index d45983ac1e..fa3a5f9cfd 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.423 2022/08/21 19:32:38 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.424 2022/08/21 19:39:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -580,7 +580,8 @@ typedef struct ssl_handshake_tls13_st {
        unsigned char *clienthello_hash;
        unsigned int clienthello_hash_len;
-        /* QUIC read/write encryption levels. */
+        /* QUIC read buffer and read/write encryption levels. */
+        struct tls_buffer *quic_read_buffer;
        enum ssl_encryption_level_t quic_read_level;
        enum ssl_encryption_level_t quic_write_level;
 } SSL_HANDSHAKE_TLS13;
diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c
index f58a0b8b28..ceb666ac4c 100644
--- a/src/lib/libssl/tls13_quic.c
+++ b/src/lib/libssl/tls13_quic.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_quic.c,v 1.3 2022/08/21 19:18:57 jsing Exp $ */
+/*      $OpenBSD: tls13_quic.c,v 1.4 2022/08/21 19:39:44 jsing Exp $ */
 /*
 * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
 *
@@ -45,16 +45,20 @@ tls13_quic_wire_flush_cb(void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
-        /* XXX - call flush_flight. */
+        if (!ssl->quic_method->flush_flight(ssl)) {
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+                SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
-        return TLS13_IO_FAILURE;
+                return TLS13_IO_FAILURE;
+        }
+        return TLS13_IO_SUCCESS;
 }
 static ssize_t
 tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
 {
-        /* XXX - read handshake data. */
+        struct tls13_ctx *ctx = arg;
-        return TLS13_IO_FAILURE;
+        return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n);
 }
 static ssize_t
@@ -63,9 +67,13 @@ tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
-        /* XXX - call add_handshake_data. */
+        if (!ssl->quic_method->add_handshake_data(ssl,
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+            ctx->hs->tls13.quic_write_level, buf, n)) {
-        return TLS13_IO_FAILURE;
+                SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
+                return TLS13_IO_FAILURE;
+        }
+        return n;
 }
 static int
@@ -77,8 +85,18 @@ tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
        ctx->hs->tls13.quic_read_level = read_level;
-        /* XXX - call set_read_secret. */
+        /* Handle both the new (BoringSSL) and old (quictls) APIs. */
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        if (ssl->quic_method->set_read_secret != NULL)
+                return ssl->quic_method->set_read_secret(ssl,
+                    ctx->hs->tls13.quic_read_level, ctx->hs->cipher,
+                    read_key->data, read_key->len);
+        if (ssl->quic_method->set_encryption_secrets != NULL)
+                return ssl->quic_method->set_encryption_secrets(ssl,
+                    ctx->hs->tls13.quic_read_level, read_key->data, NULL,
+                    read_key->len);
        return 0;
 }
@@ -91,8 +109,18 @@ tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
        ctx->hs->tls13.quic_write_level = write_level;
-        /* XXX - call set_write_secret. */
+        /* Handle both the new (BoringSSL) and old (quictls) APIs. */
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        if (ssl->quic_method->set_write_secret != NULL)
+                return ssl->quic_method->set_write_secret(ssl,
+                    ctx->hs->tls13.quic_write_level, ctx->hs->cipher,
+                    write_key->data, write_key->len);
+        if (ssl->quic_method->set_encryption_secrets != NULL)
+                return ssl->quic_method->set_encryption_secrets(ssl,
+                    ctx->hs->tls13.quic_write_level, NULL, write_key->data,
+                    write_key->len);
        return 0;
 }
@@ -102,9 +130,13 @@ tls13_quic_alert_send_cb(int alert_desc, void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
-        /* XXX - call send_alert. */
+        if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level,
-        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+            alert_desc)) {
-        return TLS13_IO_FAILURE;
+                SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
+                return TLS13_IO_FAILURE;
+        }
+        return TLS13_IO_SUCCESS;
 }
 static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
author	jsing <>	2022-08-21 19:39:44 +0000
committer	jsing <>	2022-08-21 19:39:44 +0000
commit	7fe8799b48e0b5267eb3138fe5229520af2a9519 (patch)
tree	dd5f0acd7e713e5bbeb81e92110d0ff96c5443c0
parent	3c351e711595523526ff652c526430c9865244a9 (diff)
download	openbsd-7fe8799b48e0b5267eb3138fe5229520af2a9519.tar.gz openbsd-7fe8799b48e0b5267eb3138fe5229520af2a9519.tar.bz2 openbsd-7fe8799b48e0b5267eb3138fe5229520af2a9519.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index e93298c2db..989165b207 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1569,6 +1569,8 @@ ssl3_free(SSL *s)
1569	freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);	1569	freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
1570	tls13_clienthello_hash_clear(&s->s3->hs.tls13);	1570	tls13_clienthello_hash_clear(&s->s3->hs.tls13);
1571		1571
		1572	tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
		1573
1572	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);	1574	sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
1573	sk_X509_pop_free(s->internal->verified_chain, X509_free);	1575	sk_X509_pop_free(s->internal->verified_chain, X509_free);
1574		1576
@@ -1615,6 +1617,11 @@ ssl3_clear(SSL *s)
1615	s->s3->hs.tls13.cookie_len = 0;	1617	s->s3->hs.tls13.cookie_len = 0;
1616	tls13_clienthello_hash_clear(&s->s3->hs.tls13);	1618	tls13_clienthello_hash_clear(&s->s3->hs.tls13);
1617		1619
		1620	tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
		1621	s->s3->hs.tls13.quic_read_buffer = NULL;
		1622	s->s3->hs.tls13.quic_read_level = ssl_encryption_initial;
		1623	s->s3->hs.tls13.quic_write_level = ssl_encryption_initial;
		1624
1618	s->s3->hs.extensions_seen = 0;	1625	s->s3->hs.extensions_seen = 0;
1619		1626
1620	rp = s->s3->rbuf.buf;	1627	rp = s->s3->rbuf.buf;


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index d45983ac1e..fa3a5f9cfd 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.423 2022/08/21 19:32:38 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.424 2022/08/21 19:39:44 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -580,7 +580,8 @@ typedef struct ssl_handshake_tls13_st {
580	unsigned char *clienthello_hash;	580	unsigned char *clienthello_hash;
581	unsigned int clienthello_hash_len;	581	unsigned int clienthello_hash_len;
582		582
583	/* QUIC read/write encryption levels. */	583	/* QUIC read buffer and read/write encryption levels. */
		584	struct tls_buffer *quic_read_buffer;
584	enum ssl_encryption_level_t quic_read_level;	585	enum ssl_encryption_level_t quic_read_level;
585	enum ssl_encryption_level_t quic_write_level;	586	enum ssl_encryption_level_t quic_write_level;
586	} SSL_HANDSHAKE_TLS13;	587	} SSL_HANDSHAKE_TLS13;


diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c index f58a0b8b28..ceb666ac4c 100644 --- a/src/lib/libssl/tls13_quic.c +++ b/src/lib/libssl/tls13_quic.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_quic.c,v 1.3 2022/08/21 19:18:57 jsing Exp $ */	1	/* $OpenBSD: tls13_quic.c,v 1.4 2022/08/21 19:39:44 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -45,16 +45,20 @@ tls13_quic_wire_flush_cb(void *arg)
45	struct tls13_ctx *ctx = arg;	45	struct tls13_ctx *ctx = arg;
46	SSL *ssl = ctx->ssl;	46	SSL *ssl = ctx->ssl;
47		47
48	/* XXX - call flush_flight. */	48	if (!ssl->quic_method->flush_flight(ssl)) {
49	SSLerror(ssl, ERR_R_INTERNAL_ERROR);	49	SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
50	return TLS13_IO_FAILURE;	50	return TLS13_IO_FAILURE;
		51	}
		52
		53	return TLS13_IO_SUCCESS;
51	}	54	}
52		55
53	static ssize_t	56	static ssize_t
54	tls13_quic_handshake_read_cb(void buf, size_t n, void arg)	57	tls13_quic_handshake_read_cb(void buf, size_t n, void arg)
55	{	58	{
56	/* XXX - read handshake data. */	59	struct tls13_ctx *ctx = arg;
57	return TLS13_IO_FAILURE;	60
		61	return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n);
58	}	62	}
59		63
60	static ssize_t	64	static ssize_t
@@ -63,9 +67,13 @@ tls13_quic_handshake_write_cb(const void buf, size_t n, void arg)
63	struct tls13_ctx *ctx = arg;	67	struct tls13_ctx *ctx = arg;
64	SSL *ssl = ctx->ssl;	68	SSL *ssl = ctx->ssl;
65		69
66	/* XXX - call add_handshake_data. */	70	if (!ssl->quic_method->add_handshake_data(ssl,
67	SSLerror(ssl, ERR_R_INTERNAL_ERROR);	71	ctx->hs->tls13.quic_write_level, buf, n)) {
68	return TLS13_IO_FAILURE;	72	SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
		73	return TLS13_IO_FAILURE;
		74	}
		75
		76	return n;
69	}	77	}
70		78
71	static int	79	static int
@@ -77,8 +85,18 @@ tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
77		85
78	ctx->hs->tls13.quic_read_level = read_level;	86	ctx->hs->tls13.quic_read_level = read_level;
79		87
80	/* XXX - call set_read_secret. */	88	/* Handle both the new (BoringSSL) and old (quictls) APIs. */
81	SSLerror(ssl, ERR_R_INTERNAL_ERROR);	89
		90	if (ssl->quic_method->set_read_secret != NULL)
		91	return ssl->quic_method->set_read_secret(ssl,
		92	ctx->hs->tls13.quic_read_level, ctx->hs->cipher,
		93	read_key->data, read_key->len);
		94
		95	if (ssl->quic_method->set_encryption_secrets != NULL)
		96	return ssl->quic_method->set_encryption_secrets(ssl,
		97	ctx->hs->tls13.quic_read_level, read_key->data, NULL,
		98	read_key->len);
		99
82	return 0;	100	return 0;
83	}	101	}
84		102
@@ -91,8 +109,18 @@ tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
91		109
92	ctx->hs->tls13.quic_write_level = write_level;	110	ctx->hs->tls13.quic_write_level = write_level;
93		111
94	/* XXX - call set_write_secret. */	112	/* Handle both the new (BoringSSL) and old (quictls) APIs. */
95	SSLerror(ssl, ERR_R_INTERNAL_ERROR);	113
		114	if (ssl->quic_method->set_write_secret != NULL)
		115	return ssl->quic_method->set_write_secret(ssl,
		116	ctx->hs->tls13.quic_write_level, ctx->hs->cipher,
		117	write_key->data, write_key->len);
		118
		119	if (ssl->quic_method->set_encryption_secrets != NULL)
		120	return ssl->quic_method->set_encryption_secrets(ssl,
		121	ctx->hs->tls13.quic_write_level, NULL, write_key->data,
		122	write_key->len);
		123
96	return 0;	124	return 0;
97	}	125	}
98		126
@@ -102,9 +130,13 @@ tls13_quic_alert_send_cb(int alert_desc, void *arg)
102	struct tls13_ctx *ctx = arg;	130	struct tls13_ctx *ctx = arg;
103	SSL *ssl = ctx->ssl;	131	SSL *ssl = ctx->ssl;
104		132
105	/* XXX - call send_alert. */	133	if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level,
106	SSLerror(ssl, ERR_R_INTERNAL_ERROR);	134	alert_desc)) {
107	return TLS13_IO_FAILURE;	135	SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
		136	return TLS13_IO_FAILURE;
		137	}
		138
		139	return TLS13_IO_SUCCESS;
108	}	140	}
109		141
110	static const struct tls13_record_layer_callbacks quic_rl_callbacks = {	142	static const struct tls13_record_layer_callbacks quic_rl_callbacks = {