summaryrefslogtreecommitdiff
path: root/src/lib/libssl/tls13_lib.c
diff options
context:
space:
mode:
authorjsing <>2022-07-24 14:28:16 +0000
committerjsing <>2022-07-24 14:28:16 +0000
commitf7f7655b1951f8dd9a8166cb6203a780f911d0bc (patch)
treef814f798e3d47e53e29dfd4db0eece8481fc97ad /src/lib/libssl/tls13_lib.c
parentc804d574e337158da589e90dc9cbb13d6ffde44f (diff)
downloadopenbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.gz
openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.bz2
openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.zip
Provide record layer callbacks for QUIC.
QUIC uses TLS to complete the handshake, however unlike normal TLS it does not use the TLS record layer, rather it provides its own transport. This means that we need to intercept all communication between the TLS handshake and the record layer. This allows TLS handshake message writes to be directed to QUIC, likewise for TLS handshake message reads. Alerts also need to be sent via QUIC, plus it needs to be provided with the traffic keys that are derived by TLS. ok tb@
Diffstat (limited to 'src/lib/libssl/tls13_lib.c')
-rw-r--r--src/lib/libssl/tls13_lib.c23
1 files changed, 14 insertions, 9 deletions
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index d63951a0ff..57c58a3d30 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.69 2022/07/24 14:19:45 jsing Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.70 2022/07/24 14:28:16 jsing Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -103,7 +103,7 @@ tls13_cipher_hash(const SSL_CIPHER *cipher)
103 return NULL; 103 return NULL;
104} 104}
105 105
106static void 106void
107tls13_alert_received_cb(uint8_t alert_desc, void *arg) 107tls13_alert_received_cb(uint8_t alert_desc, void *arg)
108{ 108{
109 struct tls13_ctx *ctx = arg; 109 struct tls13_ctx *ctx = arg;
@@ -132,7 +132,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
132 SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session); 132 SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session);
133} 133}
134 134
135static void 135void
136tls13_alert_sent_cb(uint8_t alert_desc, void *arg) 136tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
137{ 137{
138 struct tls13_ctx *ctx = arg; 138 struct tls13_ctx *ctx = arg;
@@ -328,7 +328,7 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
328 return tls13_send_alert(ctx->rl, alert); 328 return tls13_send_alert(ctx->rl, alert);
329} 329}
330 330
331static ssize_t 331ssize_t
332tls13_phh_received_cb(void *cb_arg) 332tls13_phh_received_cb(void *cb_arg)
333{ 333{
334 ssize_t ret = TLS13_IO_FAILURE; 334 ssize_t ret = TLS13_IO_FAILURE;
@@ -369,7 +369,7 @@ tls13_phh_received_cb(void *cb_arg)
369 return ret; 369 return ret;
370} 370}
371 371
372static void 372void
373tls13_phh_done_cb(void *cb_arg) 373tls13_phh_done_cb(void *cb_arg)
374{ 374{
375 struct tls13_ctx *ctx = cb_arg; 375 struct tls13_ctx *ctx = cb_arg;
@@ -380,10 +380,11 @@ tls13_phh_done_cb(void *cb_arg)
380 } 380 }
381} 381}
382 382
383static const struct tls13_record_layer_callbacks rl_callbacks = { 383static const struct tls13_record_layer_callbacks tls13_rl_callbacks = {
384 .wire_read = tls13_legacy_wire_read_cb, 384 .wire_read = tls13_legacy_wire_read_cb,
385 .wire_write = tls13_legacy_wire_write_cb, 385 .wire_write = tls13_legacy_wire_write_cb,
386 .wire_flush = tls13_legacy_wire_flush_cb, 386 .wire_flush = tls13_legacy_wire_flush_cb,
387
387 .alert_recv = tls13_alert_received_cb, 388 .alert_recv = tls13_alert_received_cb,
388 .alert_sent = tls13_alert_sent_cb, 389 .alert_sent = tls13_alert_sent_cb,
389 .phh_recv = tls13_phh_received_cb, 390 .phh_recv = tls13_phh_received_cb,
@@ -402,7 +403,7 @@ tls13_ctx_new(int mode, SSL *ssl)
402 ctx->mode = mode; 403 ctx->mode = mode;
403 ctx->ssl = ssl; 404 ctx->ssl = ssl;
404 405
405 if ((ctx->rl = tls13_record_layer_new(&rl_callbacks, ctx)) == NULL) 406 if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
406 goto err; 407 goto err;
407 408
408 ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb; 409 ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
@@ -410,11 +411,15 @@ tls13_ctx_new(int mode, SSL *ssl)
410 ctx->info_cb = tls13_legacy_info_cb; 411 ctx->info_cb = tls13_legacy_info_cb;
411 ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb; 412 ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
412 413
413 if (!SSL_is_quic(ssl)) 414 ctx->middlebox_compat = 1;
414 ctx->middlebox_compat = 1;
415 415
416 ssl->internal->tls13 = ctx; 416 ssl->internal->tls13 = ctx;
417 417
418 if (SSL_is_quic(ssl)) {
419 if (!tls13_quic_init(ctx))
420 goto err;
421 }
422
418 return ctx; 423 return ctx;
419 424
420 err: 425 err: