Add minimal info callback support for TLSv1.3

As abieber@ found the hard way, some python frameworks (twisted, synapse)
thought it a great idea to use the info callback mechanism (designed to
get state information about SSL objects) to modify state information such
as setting and verifying the SNI.  The switch of TLS_method() to default
to TLSv1.3 broke these contraptions.  Further bits of the info callback
mechanism will likely metastasize throughout the TLSv1.3 stack if we
need them, so we only do what's really necessary now.

Lots of debugging, crucial hint and testing by abieber

input & ok jsing

3 files changed, 32 insertions, 3 deletions

diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index 80ad7c0264..b3cecc77ef 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_handshake.c,v 1.63 2020/06/02 13:57:09 tb Exp $ */
+/*      $OpenBSD: tls13_handshake.c,v 1.64 2020/07/30 16:23:17 tb Exp $ */
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -343,6 +343,12 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
         const struct tls13_handshake_action *action;
         int ret;
 
+        if (!ctx->handshake_started) {
+                ctx->handshake_started = 1;
+                if (ctx->info_cb != NULL)
+                        ctx->info_cb(ctx, TLS13_INFO_HANDSHAKE_STARTED, 1);
+        }
+
         for (;;) {
                 if ((action = tls13_handshake_active_action(ctx)) == NULL)
                         return TLS13_IO_FAILURE;
@@ -350,6 +356,9 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
                 if (action->handshake_complete) {
                         ctx->handshake_completed = 1;
                         tls13_record_layer_handshake_completed(ctx->rl);
+                        if (ctx->info_cb != NULL)
+                                ctx->info_cb(ctx,
+                                    TLS13_INFO_HANDSHAKE_COMPLETED, 1);
                         return TLS13_IO_SUCCESS;
                 }
 
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index f35f09bbb1..03a1a6b4b1 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.85 2020/07/03 04:12:51 tb Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.86 2020/07/30 16:23:17 tb Exp $ */
 /*
  * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
  * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -79,6 +79,9 @@ __BEGIN_HIDDEN_DECLS
 #define TLS13_ALERT_CERTIFICATE_REQUIRED                116
 #define TLS13_ALERT_NO_APPLICATION_PROTOCOL             120
 
+#define TLS13_INFO_HANDSHAKE_STARTED                    SSL_CB_HANDSHAKE_START
+#define TLS13_INFO_HANDSHAKE_COMPLETED                  SSL_CB_HANDSHAKE_DONE
+
 typedef void (*tls13_alert_cb)(uint8_t _alert_desc, void *_cb_arg);
 typedef ssize_t (*tls13_phh_recv_cb)(void *_cb_arg, CBS *_cbs);
 typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
@@ -86,6 +89,7 @@ typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
 typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
     void *_cb_arg);
 typedef void (*tls13_handshake_message_cb)(void *_cb_arg);
+typedef void (*tls13_info_cb)(void *_cb_arg, int _state, int _ret);
 typedef int (*tls13_ocsp_status_cb)(void *_cb_arg);
 
 /*
@@ -261,6 +265,7 @@ struct tls13_ctx {
         struct ssl_handshake_tls13_st *hs;
         uint8_t mode;
         struct tls13_handshake_stage handshake_stage;
+        int handshake_started;
         int handshake_completed;
         int middlebox_compat;
         int send_dummy_ccs;
@@ -281,6 +286,7 @@ struct tls13_ctx {
 
         tls13_handshake_message_cb handshake_message_sent_cb;
         tls13_handshake_message_cb handshake_message_recv_cb;
+        tls13_info_cb info_cb;
         tls13_ocsp_status_cb ocsp_status_recv_cb;
 };
 #ifndef TLS13_PHH_LIMIT_TIME
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index 8fef39a12f..1f19bef997 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.52 2020/07/03 04:12:51 tb Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.53 2020/07/30 16:23:17 tb Exp $ */
 /*
  * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
  * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -180,6 +180,19 @@ tls13_legacy_handshake_message_sent_cb(void *arg)
             CBS_data(&cbs), CBS_len(&cbs), s, s->internal->msg_callback_arg);
 }
 
+static void
+tls13_legacy_info_cb(void *arg, int state, int ret)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *s = ctx->ssl;
+        void (*cb)(const SSL *, int, int);
+
+        if ((cb = s->internal->info_callback) == NULL)
+                cb = s->ctx->internal->info_callback;
+        if (cb != NULL)
+                cb(s, state, ret);
+}
+
 static int
 tls13_legacy_ocsp_status_recv_cb(void *arg)
 {
@@ -388,6 +401,7 @@ tls13_ctx_new(int mode)
 
         ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
         ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
+        ctx->info_cb = tls13_legacy_info_cb;
         ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
 
         ctx->middlebox_compat = 1;