Add support for sending QUIC transport parameters

This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
author: beck <> 2022-06-29 17:39:21 +0000
committer: beck <> 2022-06-29 17:39:21 +0000
commit: fc8a9f3799769566fe4b424c43a81a1a71f91328 (patch)
tree: 3406a8350556d9a6c42a2677a30e2dabf013942c /src/lib/libssl/ssl.h
parent: 6f4618c6c03ccd1d0f1b55dd8ff05af4a05abe78 (diff)
download: openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.gz
openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.bz2
openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.zip
1 files changed, 25 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index aed3fea1d0..c733992848 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.217 2022/06/28 20:57:33 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.218 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1578,6 +1578,30 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
 int SSL_CTX_get_security_level(const SSL_CTX *ctx);
 #endif /* LIBRESSL_INTERNAL */
+#ifdef LIBRESSL_INTERNAL
+/*
+ * SSL_set_quic_transport_params configures |ssl| to send |params| (of length
+ * |params_len|) in the quic_transport_parameters extension in either the
+ * ClientHello or EncryptedExtensions handshake message. This extension will
+ * only be sent if the TLS version is at least 1.3, and for a server, only if
+ * the client sent the extension. The buffer pointed to by |params| only need be
+ * valid for the duration of the call to this function. This function returns 1
+ *on success and 0 on failure.
+ */
+int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
+    size_t params_len);
+/*
+ * SSL_get_peer_quic_transport_params provides the caller with the value of the
+ * quic_transport_parameters extension sent by the peer. A pointer to the buffer
+ * containing the TransportParameters will be put in |*out_params|, and its
+ * length in |*params_len|. This buffer will be valid for the lifetime of the
+ * |SSL|. If no params were received from the peer, |*out_params_len| will be 0.
+ */
+void SSL_get_peer_quic_transport_params(const SSL *ssl,
+    const uint8_t **out_params, size_t *out_params_len);
+#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
author	beck <>	2022-06-29 17:39:21 +0000
committer	beck <>	2022-06-29 17:39:21 +0000
commit	fc8a9f3799769566fe4b424c43a81a1a71f91328 (patch)
tree	3406a8350556d9a6c42a2677a30e2dabf013942c /src/lib/libssl/ssl.h
parent	6f4618c6c03ccd1d0f1b55dd8ff05af4a05abe78 (diff)
download	openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.gz openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.bz2 openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.zip

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index aed3fea1d0..c733992848 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.217 2022/06/28 20:57:33 tb Exp $ */	1	/* $OpenBSD: ssl.h,v 1.218 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1578,6 +1578,30 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
1578	int SSL_CTX_get_security_level(const SSL_CTX *ctx);	1578	int SSL_CTX_get_security_level(const SSL_CTX *ctx);
1579	#endif /* LIBRESSL_INTERNAL */	1579	#endif /* LIBRESSL_INTERNAL */
1580		1580
		1581	#ifdef LIBRESSL_INTERNAL
		1582	/*
		1583	* SSL_set_quic_transport_params configures \|ssl\| to send \|params\| (of length
		1584	* \|params_len\|) in the quic_transport_parameters extension in either the
		1585	* ClientHello or EncryptedExtensions handshake message. This extension will
		1586	* only be sent if the TLS version is at least 1.3, and for a server, only if
		1587	* the client sent the extension. The buffer pointed to by \|params\| only need be
		1588	* valid for the duration of the call to this function. This function returns 1
		1589	*on success and 0 on failure.
		1590	*/
		1591	int SSL_set_quic_transport_params(SSL ssl, const uint8_t params,
		1592	size_t params_len);
		1593
		1594	/*
		1595	* SSL_get_peer_quic_transport_params provides the caller with the value of the
		1596	* quic_transport_parameters extension sent by the peer. A pointer to the buffer
		1597	* containing the TransportParameters will be put in \|*out_params\|, and its
		1598	* length in \|*params_len\|. This buffer will be valid for the lifetime of the
		1599	* \|SSL\|. If no params were received from the peer, \|*out_params_len\| will be 0.
		1600	*/
		1601	void SSL_get_peer_quic_transport_params(const SSL *ssl,
		1602	const uint8_t *out_params, size_t out_params_len);
		1603	#endif
		1604
1581	/* BEGIN ERROR CODES */	1605	/* BEGIN ERROR CODES */
1582	/* The following lines are auto generated by the script mkerr.pl. Any changes	1606	/* The following lines are auto generated by the script mkerr.pl. Any changes
1583	* made after this point may be overwritten when the script is next run.	1607	* made after this point may be overwritten when the script is next run.