Add support for sending QUIC transport parameters

This is the start of adding the boringssl API for QUIC support, and the TLS extensions necessary to send and receive QUIC transport data. Inspired by boringssl's https://boringssl-review.googlesource.com/24464 ok jsing@ tb@
author: beck <> 2022-06-29 17:39:21 +0000
committer: beck <> 2022-06-29 17:39:21 +0000
commit: fc8a9f3799769566fe4b424c43a81a1a71f91328 (patch)
tree: 3406a8350556d9a6c42a2677a30e2dabf013942c /src/lib
parent: 6f4618c6c03ccd1d0f1b55dd8ff05af4a05abe78 (diff)
download: openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.gz
openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.bz2
openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.zip
7 files changed, 209 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 66d0eba9a0..12eb9f4af4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.230 2022/06/29 08:37:18 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.231 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1575,6 +1575,9 @@ ssl3_free(SSL *s)
        free(s->s3->alpn_selected);
+        freezero(s->s3->peer_quic_transport_params,
+            s->s3->peer_quic_transport_params_len);
        freezero(s->s3, sizeof(*s->s3));
        s->s3 = NULL;
@@ -1619,6 +1622,11 @@ ssl3_clear(SSL *s)
        s->s3->alpn_selected = NULL;
        s->s3->alpn_selected_len = 0;
+        freezero(s->s3->peer_quic_transport_params,
+            s->s3->peer_quic_transport_params_len);
+        s->s3->peer_quic_transport_params = NULL;
+        s->s3->peer_quic_transport_params_len = 0;
        memset(s->s3, 0, sizeof(*s->s3));
        s->s3->rbuf.buf = rp;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index aed3fea1d0..c733992848 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.217 2022/06/28 20:57:33 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.218 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1578,6 +1578,30 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
 int SSL_CTX_get_security_level(const SSL_CTX *ctx);
 #endif /* LIBRESSL_INTERNAL */
+#ifdef LIBRESSL_INTERNAL
+/*
+ * SSL_set_quic_transport_params configures |ssl| to send |params| (of length
+ * |params_len|) in the quic_transport_parameters extension in either the
+ * ClientHello or EncryptedExtensions handshake message. This extension will
+ * only be sent if the TLS version is at least 1.3, and for a server, only if
+ * the client sent the extension. The buffer pointed to by |params| only need be
+ * valid for the duration of the call to this function. This function returns 1
+ *on success and 0 on failure.
+ */
+int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
+    size_t params_len);
+/*
+ * SSL_get_peer_quic_transport_params provides the caller with the value of the
+ * quic_transport_parameters extension sent by the peer. A pointer to the buffer
+ * containing the TransportParameters will be put in |*out_params|, and its
+ * length in |*params_len|. This buffer will be valid for the lifetime of the
+ * |SSL|. If no params were received from the peer, |*out_params_len| will be 0.
+ */
+void SSL_get_peer_quic_transport_params(const SSL *ssl,
+    const uint8_t **out_params, size_t *out_params_len);
+#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index be01f771e0..b959d3428f 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.292 2022/06/29 08:39:08 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.293 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -573,6 +573,8 @@ SSL_free(SSL *s)
        free(s->internal->alpn_client_proto_list);
+        free(s->internal->quic_transport_params);
 #ifndef OPENSSL_NO_SRTP
        sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
 #endif
@@ -3312,3 +3314,29 @@ OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
        return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
            ssl_cipher_id_cmp_BSEARCH_CMP_FN);
 }
+int
+SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
+    size_t params_len)
+{
+        freezero(ssl->internal->quic_transport_params,
+            ssl->internal->quic_transport_params_len);
+        ssl->internal->quic_transport_params = NULL;
+        ssl->internal->quic_transport_params_len = 0;
+        if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL)
+                return 0;
+        memcpy(ssl->internal->quic_transport_params, params, params_len);
+        ssl->internal->quic_transport_params_len = params_len;
+        return 1;
+}
+void
+SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params,
+    size_t *out_params_len)
+{
+        *out_params = ssl->s3->peer_quic_transport_params;
+        *out_params_len = ssl->s3->peer_quic_transport_params_len;
+}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index da21758815..102f7deaf5 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.401 2022/06/29 12:03:38 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.402 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -932,6 +932,10 @@ typedef struct ssl_internal_st {
        unsigned char *alpn_client_proto_list;
        unsigned int alpn_client_proto_list_len;
+        /* QUIC transport params we will send */
+        uint8_t *quic_transport_params;
+        size_t quic_transport_params_len;
        /* XXX Callbacks */
        /* true when we are actually in SSL_accept() or SSL_connect() */
@@ -1218,6 +1222,10 @@ typedef struct ssl3_state_st {
         */
        unsigned char *alpn_selected;
        size_t alpn_selected_len;
+        /* Contains the QUIC transport params received from our peer. */
+        uint8_t *peer_quic_transport_params;
+        size_t peer_quic_transport_params_len;
 } SSL3_STATE;
 /*
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 8faf90fde0..fc6c11daa6 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.114 2022/06/29 07:53:58 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1943,6 +1943,112 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return CBS_skip(cbs, CBS_len(cbs));
 }
+/*
+ * QUIC transport parameters extension.
+ */
+int
+tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
+{
+        return (s->internal->quic_transport_params_len > 0 &&
+            s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
+}
+int
+tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
+    CBB *cbb)
+{
+        CBB contents;
+        if (!CBB_add_u16_length_prefixed(cbb, &contents))
+                return 0;
+        if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
+            s->internal->quic_transport_params_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert)
+{
+        CBS transport_data;
+        /* QUIC requires TLS 1.3. */
+        if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
+                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+        }
+        if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
+                return 0;
+        if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
+            &s->s3->peer_quic_transport_params_len))
+                return 0;
+        return 1;
+}
+int
+tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
+{
+        return s->internal->quic_transport_params_len > 0;
+}
+int
+tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
+    CBB *cbb)
+{
+        CBB contents;
+        if (!CBB_add_u16_length_prefixed(cbb, &contents))
+                return 0;
+        if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
+            s->internal->quic_transport_params_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert)
+{
+        CBS transport_data;
+        /*
+         * Ignore this extension if we don't have configured quic transport data
+         * or if we are not TLS 1.3.
+         */
+        if (s->internal->quic_transport_params_len == 0 ||
+            ssl_effective_tls_version(s) < TLS1_3_VERSION) {
+                if (!CBS_skip(cbs, CBS_len(cbs))) {
+                        *alert = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                }
+                return 1;
+        }
+        if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
+                return 0;
+        if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
+            &s->s3->peer_quic_transport_params_len))
+                return 0;
+        return 1;
+}
 struct tls_extension_funcs {
        int (*needs)(SSL *s, uint16_t msg_type);
        int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
@@ -2132,6 +2238,20 @@ static const struct tls_extension tls_extensions[] = {
        },
 #endif /* OPENSSL_NO_SRTP */
        {
+                .type = TLSEXT_TYPE_quic_transport_parameters,
+                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
+                .client = {
+                        .needs = tlsext_quic_transport_parameters_client_needs,
+                        .build = tlsext_quic_transport_parameters_client_build,
+                        .parse = tlsext_quic_transport_parameters_client_parse,
+                },
+                .server = {
+                        .needs = tlsext_quic_transport_parameters_server_needs,
+                        .build = tlsext_quic_transport_parameters_server_build,
+                        .parse = tlsext_quic_transport_parameters_server_parse,
+                },
+        },
+        {
                .type = TLSEXT_TYPE_psk_key_exchange_modes,
                .messages = SSL_TLSEXT_MSG_CH,
                .client = {
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 3439255fd6..268b274948 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.29 2022/06/03 13:31:49 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.30 2022/06/29 17:39:20 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -144,6 +144,17 @@ int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
 #endif
+int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);
+int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
+    CBB *cbb);
+int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert);
+int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);
+int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
+    CBB *cbb);
+int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert);
 int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index aa05f37cc8..2f6e2e3bd0 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.52 2022/06/28 20:36:55 tb Exp $ */
+/* $OpenBSD: tls1.h,v 1.53 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -259,6 +259,9 @@ extern "C" {
 /* ExtensionType value from RFC 7685. */
 #define TLSEXT_TYPE_padding     21
+/* ExtensionType value from draft-ietf-quic-tls */
+#define TLSEXT_TYPE_quic_transport_parameters 26
 /* ExtensionType value from RFC 4507. */
 #define TLSEXT_TYPE_session_ticket              35
author	beck <>	2022-06-29 17:39:21 +0000
committer	beck <>	2022-06-29 17:39:21 +0000
commit	fc8a9f3799769566fe4b424c43a81a1a71f91328 (patch)
tree	3406a8350556d9a6c42a2677a30e2dabf013942c /src/lib
parent	6f4618c6c03ccd1d0f1b55dd8ff05af4a05abe78 (diff)
download	openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.gz openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.tar.bz2 openbsd-fc8a9f3799769566fe4b424c43a81a1a71f91328.zip

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 66d0eba9a0..12eb9f4af4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.230 2022/06/29 08:37:18 tb Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.231 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1575,6 +1575,9 @@ ssl3_free(SSL *s)
1575		1575
1576	free(s->s3->alpn_selected);	1576	free(s->s3->alpn_selected);
1577		1577
		1578	freezero(s->s3->peer_quic_transport_params,
		1579	s->s3->peer_quic_transport_params_len);
		1580
1578	freezero(s->s3, sizeof(*s->s3));	1581	freezero(s->s3, sizeof(*s->s3));
1579		1582
1580	s->s3 = NULL;	1583	s->s3 = NULL;
@@ -1619,6 +1622,11 @@ ssl3_clear(SSL *s)
1619	s->s3->alpn_selected = NULL;	1622	s->s3->alpn_selected = NULL;
1620	s->s3->alpn_selected_len = 0;	1623	s->s3->alpn_selected_len = 0;
1621		1624
		1625	freezero(s->s3->peer_quic_transport_params,
		1626	s->s3->peer_quic_transport_params_len);
		1627	s->s3->peer_quic_transport_params = NULL;
		1628	s->s3->peer_quic_transport_params_len = 0;
		1629
1622	memset(s->s3, 0, sizeof(*s->s3));	1630	memset(s->s3, 0, sizeof(*s->s3));
1623		1631
1624	s->s3->rbuf.buf = rp;	1632	s->s3->rbuf.buf = rp;


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index aed3fea1d0..c733992848 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.217 2022/06/28 20:57:33 tb Exp $ */	1	/* $OpenBSD: ssl.h,v 1.218 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1578,6 +1578,30 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
1578	int SSL_CTX_get_security_level(const SSL_CTX *ctx);	1578	int SSL_CTX_get_security_level(const SSL_CTX *ctx);
1579	#endif /* LIBRESSL_INTERNAL */	1579	#endif /* LIBRESSL_INTERNAL */
1580		1580
		1581	#ifdef LIBRESSL_INTERNAL
		1582	/*
		1583	* SSL_set_quic_transport_params configures \|ssl\| to send \|params\| (of length
		1584	* \|params_len\|) in the quic_transport_parameters extension in either the
		1585	* ClientHello or EncryptedExtensions handshake message. This extension will
		1586	* only be sent if the TLS version is at least 1.3, and for a server, only if
		1587	* the client sent the extension. The buffer pointed to by \|params\| only need be
		1588	* valid for the duration of the call to this function. This function returns 1
		1589	*on success and 0 on failure.
		1590	*/
		1591	int SSL_set_quic_transport_params(SSL ssl, const uint8_t params,
		1592	size_t params_len);
		1593
		1594	/*
		1595	* SSL_get_peer_quic_transport_params provides the caller with the value of the
		1596	* quic_transport_parameters extension sent by the peer. A pointer to the buffer
		1597	* containing the TransportParameters will be put in \|*out_params\|, and its
		1598	* length in \|*params_len\|. This buffer will be valid for the lifetime of the
		1599	* \|SSL\|. If no params were received from the peer, \|*out_params_len\| will be 0.
		1600	*/
		1601	void SSL_get_peer_quic_transport_params(const SSL *ssl,
		1602	const uint8_t *out_params, size_t out_params_len);
		1603	#endif
		1604
1581	/* BEGIN ERROR CODES */	1605	/* BEGIN ERROR CODES */
1582	/* The following lines are auto generated by the script mkerr.pl. Any changes	1606	/* The following lines are auto generated by the script mkerr.pl. Any changes
1583	* made after this point may be overwritten when the script is next run.	1607	* made after this point may be overwritten when the script is next run.


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index be01f771e0..b959d3428f 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.292 2022/06/29 08:39:08 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.293 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -573,6 +573,8 @@ SSL_free(SSL *s)
573		573
574	free(s->internal->alpn_client_proto_list);	574	free(s->internal->alpn_client_proto_list);
575		575
		576	free(s->internal->quic_transport_params);
		577
576	#ifndef OPENSSL_NO_SRTP	578	#ifndef OPENSSL_NO_SRTP
577	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);	579	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
578	#endif	580	#endif
@@ -3312,3 +3314,29 @@ OBJ_bsearch_ssl_cipher_id(SSL_CIPHER key, SSL_CIPHER const base, int num)
3312	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),	3314	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
3313	ssl_cipher_id_cmp_BSEARCH_CMP_FN);	3315	ssl_cipher_id_cmp_BSEARCH_CMP_FN);
3314	}	3316	}
		3317
		3318	int
		3319	SSL_set_quic_transport_params(SSL ssl, const uint8_t params,
		3320	size_t params_len)
		3321	{
		3322	freezero(ssl->internal->quic_transport_params,
		3323	ssl->internal->quic_transport_params_len);
		3324	ssl->internal->quic_transport_params = NULL;
		3325	ssl->internal->quic_transport_params_len = 0;
		3326
		3327	if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL)
		3328	return 0;
		3329
		3330	memcpy(ssl->internal->quic_transport_params, params, params_len);
		3331	ssl->internal->quic_transport_params_len = params_len;
		3332
		3333	return 1;
		3334	}
		3335
		3336	void
		3337	SSL_get_peer_quic_transport_params(const SSL ssl, const uint8_t *out_params,
		3338	size_t *out_params_len)
		3339	{
		3340	*out_params = ssl->s3->peer_quic_transport_params;
		3341	*out_params_len = ssl->s3->peer_quic_transport_params_len;
		3342	}


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index da21758815..102f7deaf5 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.401 2022/06/29 12:03:38 tb Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.402 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -932,6 +932,10 @@ typedef struct ssl_internal_st {
932	unsigned char *alpn_client_proto_list;	932	unsigned char *alpn_client_proto_list;
933	unsigned int alpn_client_proto_list_len;	933	unsigned int alpn_client_proto_list_len;
934		934
		935	/* QUIC transport params we will send */
		936	uint8_t *quic_transport_params;
		937	size_t quic_transport_params_len;
		938
935	/* XXX Callbacks */	939	/* XXX Callbacks */
936		940
937	/* true when we are actually in SSL_accept() or SSL_connect() */	941	/* true when we are actually in SSL_accept() or SSL_connect() */
@@ -1218,6 +1222,10 @@ typedef struct ssl3_state_st {
1218	*/	1222	*/
1219	unsigned char *alpn_selected;	1223	unsigned char *alpn_selected;
1220	size_t alpn_selected_len;	1224	size_t alpn_selected_len;
		1225
		1226	/* Contains the QUIC transport params received from our peer. */
		1227	uint8_t *peer_quic_transport_params;
		1228	size_t peer_quic_transport_params_len;
1221	} SSL3_STATE;	1229	} SSL3_STATE;
1222		1230
1223	/*	1231	/*


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 8faf90fde0..fc6c11daa6 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.114 2022/06/29 07:53:58 tb Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1943,6 +1943,112 @@ tlsext_psk_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1943	return CBS_skip(cbs, CBS_len(cbs));	1943	return CBS_skip(cbs, CBS_len(cbs));
1944	}	1944	}
1945		1945
		1946	/*
		1947	* QUIC transport parameters extension.
		1948	*/
		1949
		1950	int
		1951	tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
		1952	{
		1953	return (s->internal->quic_transport_params_len > 0 &&
		1954	s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
		1955	}
		1956
		1957	int
		1958	tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
		1959	CBB *cbb)
		1960	{
		1961	CBB contents;
		1962
		1963	if (!CBB_add_u16_length_prefixed(cbb, &contents))
		1964	return 0;
		1965
		1966	if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
		1967	s->internal->quic_transport_params_len))
		1968	return 0;
		1969
		1970	if (!CBB_flush(cbb))
		1971	return 0;
		1972
		1973	return 1;
		1974	}
		1975
		1976	int
		1977	tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
		1978	CBS cbs, int alert)
		1979	{
		1980	CBS transport_data;
		1981
		1982	/* QUIC requires TLS 1.3. */
		1983	if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
		1984	*alert = SSL_AD_UNSUPPORTED_EXTENSION;
		1985	return 0;
		1986	}
		1987
		1988	if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
		1989	return 0;
		1990
		1991	if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
		1992	&s->s3->peer_quic_transport_params_len))
		1993	return 0;
		1994
		1995	return 1;
		1996	}
		1997
		1998	int
		1999	tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
		2000	{
		2001	return s->internal->quic_transport_params_len > 0;
		2002	}
		2003
		2004	int
		2005	tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
		2006	CBB *cbb)
		2007	{
		2008	CBB contents;
		2009
		2010	if (!CBB_add_u16_length_prefixed(cbb, &contents))
		2011	return 0;
		2012
		2013	if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
		2014	s->internal->quic_transport_params_len))
		2015	return 0;
		2016
		2017	if (!CBB_flush(cbb))
		2018	return 0;
		2019
		2020	return 1;
		2021	}
		2022
		2023	int
		2024	tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
		2025	CBS cbs, int alert)
		2026	{
		2027	CBS transport_data;
		2028
		2029	/*
		2030	* Ignore this extension if we don't have configured quic transport data
		2031	* or if we are not TLS 1.3.
		2032	*/
		2033	if (s->internal->quic_transport_params_len == 0 \|\|
		2034	ssl_effective_tls_version(s) < TLS1_3_VERSION) {
		2035	if (!CBS_skip(cbs, CBS_len(cbs))) {
		2036	*alert = SSL_AD_INTERNAL_ERROR;
		2037	return 0;
		2038	}
		2039	return 1;
		2040	}
		2041
		2042	if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
		2043	return 0;
		2044
		2045	if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
		2046	&s->s3->peer_quic_transport_params_len))
		2047	return 0;
		2048
		2049	return 1;
		2050	}
		2051
1946	struct tls_extension_funcs {	2052	struct tls_extension_funcs {
1947	int (needs)(SSL s, uint16_t msg_type);	2053	int (needs)(SSL s, uint16_t msg_type);
1948	int (build)(SSL s, uint16_t msg_type, CBB *cbb);	2054	int (build)(SSL s, uint16_t msg_type, CBB *cbb);
@@ -2132,6 +2238,20 @@ static const struct tls_extension tls_extensions[] = {
2132	},	2238	},
2133	#endif /* OPENSSL_NO_SRTP */	2239	#endif /* OPENSSL_NO_SRTP */
2134	{	2240	{
		2241	.type = TLSEXT_TYPE_quic_transport_parameters,
		2242	.messages = SSL_TLSEXT_MSG_CH \| SSL_TLSEXT_MSG_SH,
		2243	.client = {
		2244	.needs = tlsext_quic_transport_parameters_client_needs,
		2245	.build = tlsext_quic_transport_parameters_client_build,
		2246	.parse = tlsext_quic_transport_parameters_client_parse,
		2247	},
		2248	.server = {
		2249	.needs = tlsext_quic_transport_parameters_server_needs,
		2250	.build = tlsext_quic_transport_parameters_server_build,
		2251	.parse = tlsext_quic_transport_parameters_server_parse,
		2252	},
		2253	},
		2254	{
2135	.type = TLSEXT_TYPE_psk_key_exchange_modes,	2255	.type = TLSEXT_TYPE_psk_key_exchange_modes,
2136	.messages = SSL_TLSEXT_MSG_CH,	2256	.messages = SSL_TLSEXT_MSG_CH,
2137	.client = {	2257	.client = {


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 3439255fd6..268b274948 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.29 2022/06/03 13:31:49 tb Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.30 2022/06/29 17:39:20 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -144,6 +144,17 @@ int tlsext_srtp_server_build(SSL s, uint16_t msg_type, CBB cbb);
144	int tlsext_srtp_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);	144	int tlsext_srtp_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
145	#endif	145	#endif
146		146
		147	int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);
		148	int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
		149	CBB *cbb);
		150	int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
		151	CBS cbs, int alert);
		152	int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);
		153	int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
		154	CBB *cbb);
		155	int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
		156	CBS cbs, int alert);
		157
147	int tlsext_client_build(SSL s, uint16_t msg_type, CBB cbb);	158	int tlsext_client_build(SSL s, uint16_t msg_type, CBB cbb);
148	int tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);	159	int tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
149		160


diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index aa05f37cc8..2f6e2e3bd0 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1.h,v 1.52 2022/06/28 20:36:55 tb Exp $ */	1	/* $OpenBSD: tls1.h,v 1.53 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -259,6 +259,9 @@ extern "C" {
259	/* ExtensionType value from RFC 7685. */	259	/* ExtensionType value from RFC 7685. */
260	#define TLSEXT_TYPE_padding 21	260	#define TLSEXT_TYPE_padding 21
261		261
		262	/* ExtensionType value from draft-ietf-quic-tls */
		263	#define TLSEXT_TYPE_quic_transport_parameters 26
		264
262	/* ExtensionType value from RFC 4507. */	265	/* ExtensionType value from RFC 4507. */
263	#define TLSEXT_TYPE_session_ticket 35	266	#define TLSEXT_TYPE_session_ticket 35
264		267