Add minimal info callback support for TLSv1.3

As abieber@ found the hard way, some python frameworks (twisted, synapse)
thought it a great idea to use the info callback mechanism (designed to
get state information about SSL objects) to modify state information such
as setting and verifying the SNI.  The switch of TLS_method() to default
to TLSv1.3 broke these contraptions.  Further bits of the info callback
mechanism will likely metastasize throughout the TLSv1.3 stack if we
need them, so we only do what's really necessary now.

Lots of debugging, crucial hint and testing by abieber

input & ok jsing

1 files changed, 15 insertions, 1 deletions

diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 8fef39a12f..1f19bef997 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.52 2020/07/03 04:12:51 tb Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.53 2020/07/30 16:23:17 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -180,6 +180,19 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
             CBS_data(&cbs), CBS_len(&cbs), s, s->internal->msg_callback_arg);
 }
 
+static void
+tls13_legacy_info_cb(void *arg, int state, int ret)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *s = ctx->ssl;
+        void (*cb)(const SSL *, int, int);
+
+        if ((cb = s->internal->info_callback) == NULL)
+                cb = s->ctx->internal->info_callback;
+        if (cb != NULL)
+                cb(s, state, ret);
+}
+
 static int
 tls13_legacy_ocsp_status_recv_cb(void *arg)
 {
@@ -388,6 +401,7 @@ tls13_ctx_new(int mode)
 
         ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
         ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
+        ctx->info_cb = tls13_legacy_info_cb;
         ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
 
         ctx->middlebox_compat = 1;