Provide record layer callbacks for QUIC.

QUIC uses TLS to complete the handshake, however unlike normal TLS it does not use the TLS record layer, rather it provides its own transport. This means that we need to intercept all communication between the TLS handshake and the record layer. This allows TLS handshake message writes to be directed to QUIC, likewise for TLS handshake message reads. Alerts also need to be sent via QUIC, plus it needs to be provided with the traffic keys that are derived by TLS. ok tb@
author: jsing <> 2022-07-24 14:28:16 +0000
committer: jsing <> 2022-07-24 14:28:16 +0000
commit: f7f7655b1951f8dd9a8166cb6203a780f911d0bc (patch)
tree: f814f798e3d47e53e29dfd4db0eece8481fc97ad /src
parent: c804d574e337158da589e90dc9cbb13d6ffde44f (diff)
download: openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.gz
openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.bz2
openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.zip
7 files changed, 217 insertions, 16 deletions
diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile
index e6930b0b9f..d0d7bc4e02 100644
--- a/src/lib/libssl/Makefile
+++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.75 2022/06/28 20:40:24 tb Exp $
+# $OpenBSD: Makefile,v 1.76 2022/07/24 14:28:16 jsing Exp $
 .include <bsd.own.mk>
 .ifndef NOMAN
@@ -79,6 +79,7 @@ SRCS= \
        tls13_key_schedule.c \
        tls13_legacy.c \
        tls13_lib.c \
+        tls13_quic.c \
        tls13_record.c \
        tls13_record_layer.c \
        tls13_server.c \
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index 7623daccf1..18daf791f0 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.416 2022/07/22 19:54:46 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.417 2022/07/24 14:28:16 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -581,6 +581,10 @@ typedef struct ssl_handshake_tls13_st {
        EVP_MD_CTX *clienthello_md_ctx;
        unsigned char *clienthello_hash;
        unsigned int clienthello_hash_len;
+        /* QUIC read/write encryption levels. */
+        enum ssl_encryption_level_t quic_read_level;
+        enum ssl_encryption_level_t quic_write_level;
 } SSL_HANDSHAKE_TLS13;
 typedef struct ssl_handshake_st {
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 6382f8b048..f4b17bdf25 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_internal.h,v 1.100 2022/07/24 14:16:29 jsing Exp $ */
+/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */
 /*
 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -175,9 +175,19 @@ int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
 struct tls13_record_layer;
 struct tls13_record_layer_callbacks {
+        /* Wire callbacks. */
        tls_read_cb wire_read;
        tls_write_cb wire_write;
        tls_flush_cb wire_flush;
+        /* Interceptors. */
+        tls_handshake_read_cb handshake_read;
+        tls_handshake_write_cb handshake_write;
+        tls_traffic_key_cb set_read_traffic_key;
+        tls_traffic_key_cb set_write_traffic_key;
+        tls_alert_send_cb alert_send;
+        /* Notification callbacks. */
        tls13_alert_cb alert_recv;
        tls13_alert_cb alert_sent;
        tls13_phh_recv_cb phh_recv;
@@ -187,6 +197,8 @@ struct tls13_record_layer_callbacks {
 struct tls13_record_layer *tls13_record_layer_new(
    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg);
 void tls13_record_layer_free(struct tls13_record_layer *rl);
+void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
+    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg);
 void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
 void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
 void tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs);
@@ -297,6 +309,13 @@ void tls13_ctx_free(struct tls13_ctx *ctx);
 const EVP_AEAD *tls13_cipher_aead(const SSL_CIPHER *cipher);
 const EVP_MD *tls13_cipher_hash(const SSL_CIPHER *cipher);
+void tls13_alert_received_cb(uint8_t alert_desc, void *arg);
+void tls13_alert_sent_cb(uint8_t alert_desc, void *arg);
+ssize_t tls13_phh_received_cb(void *cb_arg);
+void tls13_phh_done_cb(void *cb_arg);
+int tls13_quic_init(struct tls13_ctx *ctx);
 /*
 * Legacy interfaces.
 */
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index d63951a0ff..57c58a3d30 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
-/*      $OpenBSD: tls13_lib.c,v 1.69 2022/07/24 14:19:45 jsing Exp $ */
+/*      $OpenBSD: tls13_lib.c,v 1.70 2022/07/24 14:28:16 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -103,7 +103,7 @@ tls13_cipher_hash(const SSL_CIPHER *cipher)
        return NULL;
 }
-static void
+void
 tls13_alert_received_cb(uint8_t alert_desc, void *arg)
 {
        struct tls13_ctx *ctx = arg;
@@ -132,7 +132,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
        SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session);
 }
-static void
+void
 tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
 {
        struct tls13_ctx *ctx = arg;
@@ -328,7 +328,7 @@ tls13_key_update_recv(struct tls13_ctx *ctx, CBS *cbs)
        return tls13_send_alert(ctx->rl, alert);
 }
-static ssize_t
+ssize_t
 tls13_phh_received_cb(void *cb_arg)
 {
        ssize_t ret = TLS13_IO_FAILURE;
@@ -369,7 +369,7 @@ tls13_phh_received_cb(void *cb_arg)
        return ret;
 }
-static void
+void
 tls13_phh_done_cb(void *cb_arg)
 {
        struct tls13_ctx *ctx = cb_arg;
@@ -380,10 +380,11 @@ tls13_phh_done_cb(void *cb_arg)
        }
 }
-static const struct tls13_record_layer_callbacks rl_callbacks = {
+static const struct tls13_record_layer_callbacks tls13_rl_callbacks = {
        .wire_read = tls13_legacy_wire_read_cb,
        .wire_write = tls13_legacy_wire_write_cb,
        .wire_flush = tls13_legacy_wire_flush_cb,
        .alert_recv = tls13_alert_received_cb,
        .alert_sent = tls13_alert_sent_cb,
        .phh_recv = tls13_phh_received_cb,
@@ -402,7 +403,7 @@ tls13_ctx_new(int mode, SSL *ssl)
        ctx->mode = mode;
        ctx->ssl = ssl;
-        if ((ctx->rl = tls13_record_layer_new(&rl_callbacks, ctx)) == NULL)
+        if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
                goto err;
        ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
@@ -410,11 +411,15 @@ tls13_ctx_new(int mode, SSL *ssl)
        ctx->info_cb = tls13_legacy_info_cb;
        ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
-        if (!SSL_is_quic(ssl))
+        ctx->middlebox_compat = 1;
-                ctx->middlebox_compat = 1;
        ssl->internal->tls13 = ctx;
+        if (SSL_is_quic(ssl)) {
+                if (!tls13_quic_init(ctx))
+                        goto err;
+        }
        return ctx;
 err:
diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c
new file mode 100644
index 0000000000..3f814188a7
--- /dev/null
+++ b/src/lib/libssl/tls13_quic.c
@@ -0,0 +1,135 @@
+/*      $OpenBSD: tls13_quic.c,v 1.1 2022/07/24 14:28:16 jsing Exp $ */
+/*
+ * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+#include <ssl_locl.h>
+#include "tls13_internal.h"
+static ssize_t
+tls13_quic_wire_read_cb(void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_wire_write_cb(const void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_wire_flush_cb(void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        /* XXX - call flush_flight. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
+{
+        /* XXX - read handshake data. */
+        return TLS13_IO_FAILURE;
+}
+static ssize_t
+tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        /* XXX - call add_handshake_data. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static int
+tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
+    enum ssl_encryption_level_t read_level, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        ctx->hs->tls13.quic_read_level = read_level;
+        /* XXX - call set_read_secret. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return 0;
+}
+static int
+tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
+    enum ssl_encryption_level_t write_level, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        ctx->hs->tls13.quic_write_level = write_level;
+        /* XXX - call set_write_secret. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return 0;
+}
+static int
+tls13_quic_alert_send_cb(int alert_desc, void *arg)
+{
+        struct tls13_ctx *ctx = arg;
+        SSL *ssl = ctx->ssl;
+        /* XXX - call send_alert. */
+        SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+        return TLS13_IO_FAILURE;
+}
+static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
+        .wire_read = tls13_quic_wire_read_cb,
+        .wire_write = tls13_quic_wire_write_cb,
+        .wire_flush = tls13_quic_wire_flush_cb,
+        .handshake_read = tls13_quic_handshake_read_cb,
+        .handshake_write = tls13_quic_handshake_write_cb,
+        .set_read_traffic_key = tls13_quic_set_read_traffic_key,
+        .set_write_traffic_key = tls13_quic_set_write_traffic_key,
+        .alert_send = tls13_quic_alert_send_cb,
+        .alert_recv = tls13_alert_received_cb,
+        .alert_sent = tls13_alert_sent_cb,
+        .phh_recv = tls13_phh_received_cb,
+        .phh_sent = tls13_phh_done_cb,
+};
+int
+tls13_quic_init(struct tls13_ctx *ctx)
+{
+        tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
+        ctx->middlebox_compat = 0;
+        return 1;
+}
diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c
index c92fd8d193..ac5b83bd34 100644
--- a/src/lib/libssl/tls13_record_layer.c
+++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls13_record_layer.c,v 1.69 2022/07/24 14:16:29 jsing Exp $ */
+/* $OpenBSD: tls13_record_layer.c,v 1.70 2022/07/24 14:28:16 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
 *
@@ -146,8 +146,8 @@ tls13_record_layer_new(const struct tls13_record_layer_callbacks *callbacks,
                goto err;
        rl->legacy_version = TLS1_2_VERSION;
-        rl->cb = *callbacks;
-        rl->cb_arg = cb_arg;
+        tls13_record_layer_set_callbacks(rl, callbacks, cb_arg);
        return rl;
@@ -178,6 +178,14 @@ tls13_record_layer_free(struct tls13_record_layer *rl)
 }
 void
+tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
+    const struct tls13_record_layer_callbacks *callbacks, void *cb_arg)
+{
+        rl->cb = *callbacks;
+        rl->cb_arg = cb_arg;
+}
+void
 tls13_record_layer_rcontent(struct tls13_record_layer *rl, CBS *cbs)
 {
        CBS_dup(tls_content_cbs(rl->rcontent), cbs);
@@ -489,6 +497,10 @@ int
 tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
    struct tls13_secret *read_key, enum ssl_encryption_level_t read_level)
 {
+        if (rl->cb.set_read_traffic_key != NULL)
+                return rl->cb.set_read_traffic_key(read_key, read_level,
+                    rl->cb_arg);
        return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
            rl->read, read_key);
 }
@@ -497,6 +509,10 @@ int
 tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
    struct tls13_secret *write_key, enum ssl_encryption_level_t write_level)
 {
+        if (rl->cb.set_write_traffic_key != NULL)
+                return rl->cb.set_write_traffic_key(write_key, write_level,
+                    rl->cb_arg);
        return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
            rl->write, write_key);
 }
@@ -1128,6 +1144,9 @@ tls13_send_dummy_ccs(struct tls13_record_layer *rl)
 ssize_t
 tls13_read_handshake_data(struct tls13_record_layer *rl, uint8_t *buf, size_t n)
 {
+        if (rl->cb.handshake_read != NULL)
+                return rl->cb.handshake_read(buf, n, rl->cb_arg);
        return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n);
 }
@@ -1135,6 +1154,9 @@ ssize_t
 tls13_write_handshake_data(struct tls13_record_layer *rl, const uint8_t *buf,
    size_t n)
 {
+        if (rl->cb.handshake_write != NULL)
+                return rl->cb.handshake_write(buf, n, rl->cb_arg);
        return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n);
 }
@@ -1181,6 +1203,9 @@ tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
        uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;
        ssize_t ret;
+        if (rl->cb.alert_send != NULL)
+                return rl->cb.alert_send(alert_desc, rl->cb_arg);
        if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY ||
            alert_desc == TLS13_ALERT_USER_CANCELED)
                alert_level = TLS13_ALERT_LEVEL_WARNING;
diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h
index 88dae9e67e..1d3a8133cd 100644
--- a/src/lib/libssl/tls_internal.h
+++ b/src/lib/libssl/tls_internal.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls_internal.h,v 1.8 2022/07/22 19:33:53 jsing Exp $ */
+/* $OpenBSD: tls_internal.h,v 1.9 2022/07/24 14:28:16 jsing Exp $ */
 /*
 * Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org>
 *
@@ -33,6 +33,10 @@ __BEGIN_HIDDEN_DECLS
 #define TLS_IO_WANT_POLLOUT             -4
 #define TLS_IO_WANT_RETRY               -5 /* Retry the previous call immediately. */
+enum ssl_encryption_level_t;
+struct tls13_secret;
 /*
 * Callbacks.
 */
@@ -41,6 +45,14 @@ typedef ssize_t (*tls_write_cb)(const void *_buf, size_t _buflen,
    void *_cb_arg);
 typedef ssize_t (*tls_flush_cb)(void *_cb_arg);
+typedef ssize_t (*tls_handshake_read_cb)(void *_buf, size_t _buflen,
+    void *_cb_arg);
+typedef ssize_t (*tls_handshake_write_cb)(const void *_buf, size_t _buflen,
+    void *_cb_arg);
+typedef int (*tls_traffic_key_cb)(struct tls13_secret *key,
+    enum ssl_encryption_level_t level, void *_cb_arg);
+typedef int (*tls_alert_send_cb)(int _alert_desc, void *_cb_arg);
 /*
 * Buffers.
 */
author	jsing <>	2022-07-24 14:28:16 +0000
committer	jsing <>	2022-07-24 14:28:16 +0000
commit	f7f7655b1951f8dd9a8166cb6203a780f911d0bc (patch)
tree	f814f798e3d47e53e29dfd4db0eece8481fc97ad /src
parent	c804d574e337158da589e90dc9cbb13d6ffde44f (diff)
download	openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.gz openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.tar.bz2 openbsd-f7f7655b1951f8dd9a8166cb6203a780f911d0bc.zip

diff --git a/src/lib/libssl/Makefile b/src/lib/libssl/Makefile index e6930b0b9f..d0d7bc4e02 100644 --- a/src/lib/libssl/Makefile +++ b/src/lib/libssl/Makefile
@@ -1,4 +1,4 @@
1	# $OpenBSD: Makefile,v 1.75 2022/06/28 20:40:24 tb Exp $	1	# $OpenBSD: Makefile,v 1.76 2022/07/24 14:28:16 jsing Exp $
2		2
3	.include <bsd.own.mk>	3	.include <bsd.own.mk>
4	.ifndef NOMAN	4	.ifndef NOMAN
@@ -79,6 +79,7 @@ SRCS= \
79	tls13_key_schedule.c \	79	tls13_key_schedule.c \
80	tls13_legacy.c \	80	tls13_legacy.c \
81	tls13_lib.c \	81	tls13_lib.c \
		82	tls13_quic.c \
82	tls13_record.c \	83	tls13_record.c \
83	tls13_record_layer.c \	84	tls13_record_layer.c \
84	tls13_server.c \	85	tls13_server.c \


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index 7623daccf1..18daf791f0 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.416 2022/07/22 19:54:46 jsing Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.417 2022/07/24 14:28:16 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -581,6 +581,10 @@ typedef struct ssl_handshake_tls13_st {
581	EVP_MD_CTX *clienthello_md_ctx;	581	EVP_MD_CTX *clienthello_md_ctx;
582	unsigned char *clienthello_hash;	582	unsigned char *clienthello_hash;
583	unsigned int clienthello_hash_len;	583	unsigned int clienthello_hash_len;
		584
		585	/* QUIC read/write encryption levels. */
		586	enum ssl_encryption_level_t quic_read_level;
		587	enum ssl_encryption_level_t quic_write_level;
584	} SSL_HANDSHAKE_TLS13;	588	} SSL_HANDSHAKE_TLS13;
585		589
586	typedef struct ssl_handshake_st {	590	typedef struct ssl_handshake_st {


diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h index 6382f8b048..f4b17bdf25 100644 --- a/src/lib/libssl/tls13_internal.h +++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_internal.h,v 1.100 2022/07/24 14:16:29 jsing Exp $ */	1	/* $OpenBSD: tls13_internal.h,v 1.101 2022/07/24 14:28:16 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>	3	* Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>	4	* Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -175,9 +175,19 @@ int tls13_update_server_traffic_secret(struct tls13_secrets *secrets);
175	struct tls13_record_layer;	175	struct tls13_record_layer;
176		176
177	struct tls13_record_layer_callbacks {	177	struct tls13_record_layer_callbacks {
		178	/* Wire callbacks. */
178	tls_read_cb wire_read;	179	tls_read_cb wire_read;
179	tls_write_cb wire_write;	180	tls_write_cb wire_write;
180	tls_flush_cb wire_flush;	181	tls_flush_cb wire_flush;
		182
		183	/* Interceptors. */
		184	tls_handshake_read_cb handshake_read;
		185	tls_handshake_write_cb handshake_write;
		186	tls_traffic_key_cb set_read_traffic_key;
		187	tls_traffic_key_cb set_write_traffic_key;
		188	tls_alert_send_cb alert_send;
		189
		190	/* Notification callbacks. */
181	tls13_alert_cb alert_recv;	191	tls13_alert_cb alert_recv;
182	tls13_alert_cb alert_sent;	192	tls13_alert_cb alert_sent;
183	tls13_phh_recv_cb phh_recv;	193	tls13_phh_recv_cb phh_recv;
@@ -187,6 +197,8 @@ struct tls13_record_layer_callbacks {
187	struct tls13_record_layer *tls13_record_layer_new(	197	struct tls13_record_layer *tls13_record_layer_new(
188	const struct tls13_record_layer_callbacks callbacks, void cb_arg);	198	const struct tls13_record_layer_callbacks callbacks, void cb_arg);
189	void tls13_record_layer_free(struct tls13_record_layer *rl);	199	void tls13_record_layer_free(struct tls13_record_layer *rl);
		200	void tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
		201	const struct tls13_record_layer_callbacks callbacks, void cb_arg);
190	void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);	202	void tls13_record_layer_allow_ccs(struct tls13_record_layer *rl, int allow);
191	void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);	203	void tls13_record_layer_allow_legacy_alerts(struct tls13_record_layer *rl, int allow);
192	void tls13_record_layer_rcontent(struct tls13_record_layer rl, CBS cbs);	204	void tls13_record_layer_rcontent(struct tls13_record_layer rl, CBS cbs);
@@ -297,6 +309,13 @@ void tls13_ctx_free(struct tls13_ctx *ctx);
297	const EVP_AEAD tls13_cipher_aead(const SSL_CIPHER cipher);	309	const EVP_AEAD tls13_cipher_aead(const SSL_CIPHER cipher);
298	const EVP_MD tls13_cipher_hash(const SSL_CIPHER cipher);	310	const EVP_MD tls13_cipher_hash(const SSL_CIPHER cipher);
299		311
		312	void tls13_alert_received_cb(uint8_t alert_desc, void *arg);
		313	void tls13_alert_sent_cb(uint8_t alert_desc, void *arg);
		314	ssize_t tls13_phh_received_cb(void *cb_arg);
		315	void tls13_phh_done_cb(void *cb_arg);
		316
		317	int tls13_quic_init(struct tls13_ctx *ctx);
		318
300	/*	319	/*
301	* Legacy interfaces.	320	* Legacy interfaces.
302	*/	321	*/


diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c index d63951a0ff..57c58a3d30 100644 --- a/src/lib/libssl/tls13_lib.c +++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_lib.c,v 1.69 2022/07/24 14:19:45 jsing Exp $ */	1	/* $OpenBSD: tls13_lib.c,v 1.70 2022/07/24 14:28:16 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>	4	* Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -103,7 +103,7 @@ tls13_cipher_hash(const SSL_CIPHER *cipher)
103	return NULL;	103	return NULL;
104	}	104	}
105		105
106	static void	106	void
107	tls13_alert_received_cb(uint8_t alert_desc, void *arg)	107	tls13_alert_received_cb(uint8_t alert_desc, void *arg)
108	{	108	{
109	struct tls13_ctx *ctx = arg;	109	struct tls13_ctx *ctx = arg;
@@ -132,7 +132,7 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
132	SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session);	132	SSL_CTX_remove_session(ctx->ssl->ctx, ctx->ssl->session);
133	}	133	}
134		134
135	static void	135	void
136	tls13_alert_sent_cb(uint8_t alert_desc, void *arg)	136	tls13_alert_sent_cb(uint8_t alert_desc, void *arg)
137	{	137	{
138	struct tls13_ctx *ctx = arg;	138	struct tls13_ctx *ctx = arg;
@@ -328,7 +328,7 @@ tls13_key_update_recv(struct tls13_ctx ctx, CBS cbs)
328	return tls13_send_alert(ctx->rl, alert);	328	return tls13_send_alert(ctx->rl, alert);
329	}	329	}
330		330
331	static ssize_t	331	ssize_t
332	tls13_phh_received_cb(void *cb_arg)	332	tls13_phh_received_cb(void *cb_arg)
333	{	333	{
334	ssize_t ret = TLS13_IO_FAILURE;	334	ssize_t ret = TLS13_IO_FAILURE;
@@ -369,7 +369,7 @@ tls13_phh_received_cb(void *cb_arg)
369	return ret;	369	return ret;
370	}	370	}
371		371
372	static void	372	void
373	tls13_phh_done_cb(void *cb_arg)	373	tls13_phh_done_cb(void *cb_arg)
374	{	374	{
375	struct tls13_ctx *ctx = cb_arg;	375	struct tls13_ctx *ctx = cb_arg;
@@ -380,10 +380,11 @@ tls13_phh_done_cb(void *cb_arg)
380	}	380	}
381	}	381	}
382		382
383	static const struct tls13_record_layer_callbacks rl_callbacks = {	383	static const struct tls13_record_layer_callbacks tls13_rl_callbacks = {
384	.wire_read = tls13_legacy_wire_read_cb,	384	.wire_read = tls13_legacy_wire_read_cb,
385	.wire_write = tls13_legacy_wire_write_cb,	385	.wire_write = tls13_legacy_wire_write_cb,
386	.wire_flush = tls13_legacy_wire_flush_cb,	386	.wire_flush = tls13_legacy_wire_flush_cb,
		387
387	.alert_recv = tls13_alert_received_cb,	388	.alert_recv = tls13_alert_received_cb,
388	.alert_sent = tls13_alert_sent_cb,	389	.alert_sent = tls13_alert_sent_cb,
389	.phh_recv = tls13_phh_received_cb,	390	.phh_recv = tls13_phh_received_cb,
@@ -402,7 +403,7 @@ tls13_ctx_new(int mode, SSL *ssl)
402	ctx->mode = mode;	403	ctx->mode = mode;
403	ctx->ssl = ssl;	404	ctx->ssl = ssl;
404		405
405	if ((ctx->rl = tls13_record_layer_new(&rl_callbacks, ctx)) == NULL)	406	if ((ctx->rl = tls13_record_layer_new(&tls13_rl_callbacks, ctx)) == NULL)
406	goto err;	407	goto err;
407		408
408	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;	409	ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
@@ -410,11 +411,15 @@ tls13_ctx_new(int mode, SSL *ssl)
410	ctx->info_cb = tls13_legacy_info_cb;	411	ctx->info_cb = tls13_legacy_info_cb;
411	ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;	412	ctx->ocsp_status_recv_cb = tls13_legacy_ocsp_status_recv_cb;
412		413
413	if (!SSL_is_quic(ssl))	414	ctx->middlebox_compat = 1;
414	ctx->middlebox_compat = 1;
415		415
416	ssl->internal->tls13 = ctx;	416	ssl->internal->tls13 = ctx;
417		417
		418	if (SSL_is_quic(ssl)) {
		419	if (!tls13_quic_init(ctx))
		420	goto err;
		421	}
		422
418	return ctx;	423	return ctx;
419		424
420	err:	425	err:


diff --git a/src/lib/libssl/tls13_quic.c b/src/lib/libssl/tls13_quic.c new file mode 100644 index 0000000000..3f814188a7 --- /dev/null +++ b/src/lib/libssl/tls13_quic.c
@@ -0,0 +1,135 @@
		1	/* $OpenBSD: tls13_quic.c,v 1.1 2022/07/24 14:28:16 jsing Exp $ */
		2	/*
		3	* Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
		4	*
		5	* Permission to use, copy, modify, and distribute this software for any
		6	* purpose with or without fee is hereby granted, provided that the above
		7	* copyright notice and this permission notice appear in all copies.
		8	*
		9	* THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
		10	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
		11	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
		12	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
		13	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
		14	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
		15	* OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
		16	*/
		17
		18	#include <ssl_locl.h>
		19
		20	#include "tls13_internal.h"
		21
		22	static ssize_t
		23	tls13_quic_wire_read_cb(void buf, size_t n, void arg)
		24	{
		25	struct tls13_ctx *ctx = arg;
		26	SSL *ssl = ctx->ssl;
		27
		28	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		29	return TLS13_IO_FAILURE;
		30	}
		31
		32	static ssize_t
		33	tls13_quic_wire_write_cb(const void buf, size_t n, void arg)
		34	{
		35	struct tls13_ctx *ctx = arg;
		36	SSL *ssl = ctx->ssl;
		37
		38	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		39	return TLS13_IO_FAILURE;
		40	}
		41
		42	static ssize_t
		43	tls13_quic_wire_flush_cb(void *arg)
		44	{
		45	struct tls13_ctx *ctx = arg;
		46	SSL *ssl = ctx->ssl;
		47
		48	/* XXX - call flush_flight. */
		49	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		50	return TLS13_IO_FAILURE;
		51	}
		52
		53	static ssize_t
		54	tls13_quic_handshake_read_cb(void buf, size_t n, void arg)
		55	{
		56	/* XXX - read handshake data. */
		57	return TLS13_IO_FAILURE;
		58	}
		59
		60	static ssize_t
		61	tls13_quic_handshake_write_cb(const void buf, size_t n, void arg)
		62	{
		63	struct tls13_ctx *ctx = arg;
		64	SSL *ssl = ctx->ssl;
		65
		66	/* XXX - call add_handshake_data. */
		67	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		68	return TLS13_IO_FAILURE;
		69	}
		70
		71	static int
		72	tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
		73	enum ssl_encryption_level_t read_level, void *arg)
		74	{
		75	struct tls13_ctx *ctx = arg;
		76	SSL *ssl = ctx->ssl;
		77
		78	ctx->hs->tls13.quic_read_level = read_level;
		79
		80	/* XXX - call set_read_secret. */
		81	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		82	return 0;
		83	}
		84
		85	static int
		86	tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
		87	enum ssl_encryption_level_t write_level, void *arg)
		88	{
		89	struct tls13_ctx *ctx = arg;
		90	SSL *ssl = ctx->ssl;
		91
		92	ctx->hs->tls13.quic_write_level = write_level;
		93
		94	/* XXX - call set_write_secret. */
		95	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		96	return 0;
		97	}
		98
		99	static int
		100	tls13_quic_alert_send_cb(int alert_desc, void *arg)
		101	{
		102	struct tls13_ctx *ctx = arg;
		103	SSL *ssl = ctx->ssl;
		104
		105	/* XXX - call send_alert. */
		106	SSLerror(ssl, ERR_R_INTERNAL_ERROR);
		107	return TLS13_IO_FAILURE;
		108	}
		109
		110	static const struct tls13_record_layer_callbacks quic_rl_callbacks = {
		111	.wire_read = tls13_quic_wire_read_cb,
		112	.wire_write = tls13_quic_wire_write_cb,
		113	.wire_flush = tls13_quic_wire_flush_cb,
		114
		115	.handshake_read = tls13_quic_handshake_read_cb,
		116	.handshake_write = tls13_quic_handshake_write_cb,
		117	.set_read_traffic_key = tls13_quic_set_read_traffic_key,
		118	.set_write_traffic_key = tls13_quic_set_write_traffic_key,
		119	.alert_send = tls13_quic_alert_send_cb,
		120
		121	.alert_recv = tls13_alert_received_cb,
		122	.alert_sent = tls13_alert_sent_cb,
		123	.phh_recv = tls13_phh_received_cb,
		124	.phh_sent = tls13_phh_done_cb,
		125	};
		126
		127	int
		128	tls13_quic_init(struct tls13_ctx *ctx)
		129	{
		130	tls13_record_layer_set_callbacks(ctx->rl, &quic_rl_callbacks, ctx);
		131
		132	ctx->middlebox_compat = 0;
		133
		134	return 1;
		135	}


diff --git a/src/lib/libssl/tls13_record_layer.c b/src/lib/libssl/tls13_record_layer.c index c92fd8d193..ac5b83bd34 100644 --- a/src/lib/libssl/tls13_record_layer.c +++ b/src/lib/libssl/tls13_record_layer.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls13_record_layer.c,v 1.69 2022/07/24 14:16:29 jsing Exp $ */	1	/* $OpenBSD: tls13_record_layer.c,v 1.70 2022/07/24 14:28:16 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -146,8 +146,8 @@ tls13_record_layer_new(const struct tls13_record_layer_callbacks *callbacks,
146	goto err;	146	goto err;
147		147
148	rl->legacy_version = TLS1_2_VERSION;	148	rl->legacy_version = TLS1_2_VERSION;
149	rl->cb = *callbacks;	149
150	rl->cb_arg = cb_arg;	150	tls13_record_layer_set_callbacks(rl, callbacks, cb_arg);
151		151
152	return rl;	152	return rl;
153		153
@@ -178,6 +178,14 @@ tls13_record_layer_free(struct tls13_record_layer *rl)
178	}	178	}
179		179
180	void	180	void
		181	tls13_record_layer_set_callbacks(struct tls13_record_layer *rl,
		182	const struct tls13_record_layer_callbacks callbacks, void cb_arg)
		183	{
		184	rl->cb = *callbacks;
		185	rl->cb_arg = cb_arg;
		186	}
		187
		188	void
181	tls13_record_layer_rcontent(struct tls13_record_layer rl, CBS cbs)	189	tls13_record_layer_rcontent(struct tls13_record_layer rl, CBS cbs)
182	{	190	{
183	CBS_dup(tls_content_cbs(rl->rcontent), cbs);	191	CBS_dup(tls_content_cbs(rl->rcontent), cbs);
@@ -489,6 +497,10 @@ int
489	tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,	497	tls13_record_layer_set_read_traffic_key(struct tls13_record_layer *rl,
490	struct tls13_secret *read_key, enum ssl_encryption_level_t read_level)	498	struct tls13_secret *read_key, enum ssl_encryption_level_t read_level)
491	{	499	{
		500	if (rl->cb.set_read_traffic_key != NULL)
		501	return rl->cb.set_read_traffic_key(read_key, read_level,
		502	rl->cb_arg);
		503
492	return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,	504	return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
493	rl->read, read_key);	505	rl->read, read_key);
494	}	506	}
@@ -497,6 +509,10 @@ int
497	tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,	509	tls13_record_layer_set_write_traffic_key(struct tls13_record_layer *rl,
498	struct tls13_secret *write_key, enum ssl_encryption_level_t write_level)	510	struct tls13_secret *write_key, enum ssl_encryption_level_t write_level)
499	{	511	{
		512	if (rl->cb.set_write_traffic_key != NULL)
		513	return rl->cb.set_write_traffic_key(write_key, write_level,
		514	rl->cb_arg);
		515
500	return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,	516	return tls13_record_layer_set_traffic_key(rl->aead, rl->hash,
501	rl->write, write_key);	517	rl->write, write_key);
502	}	518	}
@@ -1128,6 +1144,9 @@ tls13_send_dummy_ccs(struct tls13_record_layer *rl)
1128	ssize_t	1144	ssize_t
1129	tls13_read_handshake_data(struct tls13_record_layer rl, uint8_t buf, size_t n)	1145	tls13_read_handshake_data(struct tls13_record_layer rl, uint8_t buf, size_t n)
1130	{	1146	{
		1147	if (rl->cb.handshake_read != NULL)
		1148	return rl->cb.handshake_read(buf, n, rl->cb_arg);
		1149
1131	return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n);	1150	return tls13_record_layer_read(rl, SSL3_RT_HANDSHAKE, buf, n);
1132	}	1151	}
1133		1152
@@ -1135,6 +1154,9 @@ ssize_t
1135	tls13_write_handshake_data(struct tls13_record_layer rl, const uint8_t buf,	1154	tls13_write_handshake_data(struct tls13_record_layer rl, const uint8_t buf,
1136	size_t n)	1155	size_t n)
1137	{	1156	{
		1157	if (rl->cb.handshake_write != NULL)
		1158	return rl->cb.handshake_write(buf, n, rl->cb_arg);
		1159
1138	return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n);	1160	return tls13_record_layer_write(rl, SSL3_RT_HANDSHAKE, buf, n);
1139	}	1161	}
1140		1162
@@ -1181,6 +1203,9 @@ tls13_send_alert(struct tls13_record_layer *rl, uint8_t alert_desc)
1181	uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;	1203	uint8_t alert_level = TLS13_ALERT_LEVEL_FATAL;
1182	ssize_t ret;	1204	ssize_t ret;
1183		1205
		1206	if (rl->cb.alert_send != NULL)
		1207	return rl->cb.alert_send(alert_desc, rl->cb_arg);
		1208
1184	if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY \|\|	1209	if (alert_desc == TLS13_ALERT_CLOSE_NOTIFY \|\|
1185	alert_desc == TLS13_ALERT_USER_CANCELED)	1210	alert_desc == TLS13_ALERT_USER_CANCELED)
1186	alert_level = TLS13_ALERT_LEVEL_WARNING;	1211	alert_level = TLS13_ALERT_LEVEL_WARNING;


diff --git a/src/lib/libssl/tls_internal.h b/src/lib/libssl/tls_internal.h index 88dae9e67e..1d3a8133cd 100644 --- a/src/lib/libssl/tls_internal.h +++ b/src/lib/libssl/tls_internal.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls_internal.h,v 1.8 2022/07/22 19:33:53 jsing Exp $ */	1	/* $OpenBSD: tls_internal.h,v 1.9 2022/07/24 14:28:16 jsing Exp $ */
2	/*	2	/*
3	* Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2018, 2019, 2021 Joel Sing <jsing@openbsd.org>
4	*	4	*
@@ -33,6 +33,10 @@ __BEGIN_HIDDEN_DECLS
33	#define TLS_IO_WANT_POLLOUT -4	33	#define TLS_IO_WANT_POLLOUT -4
34	#define TLS_IO_WANT_RETRY -5 /* Retry the previous call immediately. */	34	#define TLS_IO_WANT_RETRY -5 /* Retry the previous call immediately. */
35		35
		36	enum ssl_encryption_level_t;
		37
		38	struct tls13_secret;
		39
36	/*	40	/*
37	* Callbacks.	41	* Callbacks.
38	*/	42	*/
@@ -41,6 +45,14 @@ typedef ssize_t (tls_write_cb)(const void _buf, size_t _buflen,
41	void *_cb_arg);	45	void *_cb_arg);
42	typedef ssize_t (tls_flush_cb)(void _cb_arg);	46	typedef ssize_t (tls_flush_cb)(void _cb_arg);
43		47
		48	typedef ssize_t (tls_handshake_read_cb)(void _buf, size_t _buflen,
		49	void *_cb_arg);
		50	typedef ssize_t (tls_handshake_write_cb)(const void _buf, size_t _buflen,
		51	void *_cb_arg);
		52	typedef int (tls_traffic_key_cb)(struct tls13_secret key,
		53	enum ssl_encryption_level_t level, void *_cb_arg);
		54	typedef int (tls_alert_send_cb)(int _alert_desc, void _cb_arg);
		55
44	/*	56	/*
45	* Buffers.	57	* Buffers.
46	*/	58	*/