summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/lib/libssl/tls13_handshake.c8
-rw-r--r--src/lib/libssl/tls13_internal.h6
-rw-r--r--src/lib/libssl/tls13_lib.c29
3 files changed, 40 insertions, 3 deletions
diff --git a/src/lib/libssl/tls13_handshake.c b/src/lib/libssl/tls13_handshake.c
index ed70ec1f4b..1528bd5e2a 100644
--- a/src/lib/libssl/tls13_handshake.c
+++ b/src/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_handshake.c,v 1.45 2020/01/25 06:37:30 beck Exp $ */ 1/* $OpenBSD: tls13_handshake.c,v 1.46 2020/01/25 13:11:20 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org> 3 * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org> 4 * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -363,6 +363,9 @@ tls13_handshake_send_action(struct tls13_ctx *ctx,
363 return TLS13_IO_FAILURE; 363 return TLS13_IO_FAILURE;
364 } 364 }
365 365
366 if (ctx->handshake_message_sent_cb != NULL)
367 ctx->handshake_message_sent_cb(ctx, &cbs);
368
366 tls13_handshake_msg_free(ctx->hs_msg); 369 tls13_handshake_msg_free(ctx->hs_msg);
367 ctx->hs_msg = NULL; 370 ctx->hs_msg = NULL;
368 371
@@ -399,6 +402,9 @@ tls13_handshake_recv_action(struct tls13_ctx *ctx,
399 if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs))) 402 if (!tls1_transcript_record(ctx->ssl, CBS_data(&cbs), CBS_len(&cbs)))
400 return TLS13_IO_FAILURE; 403 return TLS13_IO_FAILURE;
401 404
405 if (ctx->handshake_message_recv_cb != NULL)
406 ctx->handshake_message_recv_cb(ctx, &cbs);
407
402 /* 408 /*
403 * In TLSv1.3 there is no way to know if you're going to receive a 409 * In TLSv1.3 there is no way to know if you're going to receive a
404 * certificate request message or not, hence we have to special case it 410 * certificate request message or not, hence we have to special case it
diff --git a/src/lib/libssl/tls13_internal.h b/src/lib/libssl/tls13_internal.h
index 9aabc409d8..278704002e 100644
--- a/src/lib/libssl/tls13_internal.h
+++ b/src/lib/libssl/tls13_internal.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_internal.h,v 1.54 2020/01/25 09:20:56 jsing Exp $ */ 1/* $OpenBSD: tls13_internal.h,v 1.55 2020/01/25 13:11:20 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org> 3 * Copyright (c) 2018 Bob Beck <beck@openbsd.org>
4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org> 4 * Copyright (c) 2018 Theo Buehler <tb@openbsd.org>
@@ -50,6 +50,7 @@ typedef void (*tls13_phh_sent_cb)(void *_cb_arg);
50typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg); 50typedef ssize_t (*tls13_read_cb)(void *_buf, size_t _buflen, void *_cb_arg);
51typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen, 51typedef ssize_t (*tls13_write_cb)(const void *_buf, size_t _buflen,
52 void *_cb_arg); 52 void *_cb_arg);
53typedef void (*tls13_handshake_message_cb)(void *_cb_arg, CBS *_cbs);
53 54
54struct tls13_buffer; 55struct tls13_buffer;
55 56
@@ -205,6 +206,9 @@ struct tls13_ctx {
205 uint8_t alert; 206 uint8_t alert;
206 int phh_count; 207 int phh_count;
207 time_t phh_last_seen; 208 time_t phh_last_seen;
209
210 tls13_handshake_message_cb handshake_message_sent_cb;
211 tls13_handshake_message_cb handshake_message_recv_cb;
208}; 212};
209#ifndef TLS13_PHH_LIMIT_TIME 213#ifndef TLS13_PHH_LIMIT_TIME
210#define TLS13_PHH_LIMIT_TIME 3600 214#define TLS13_PHH_LIMIT_TIME 3600
diff --git a/src/lib/libssl/tls13_lib.c b/src/lib/libssl/tls13_lib.c
index f17f2ff0de..950b5a4019 100644
--- a/src/lib/libssl/tls13_lib.c
+++ b/src/lib/libssl/tls13_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: tls13_lib.c,v 1.29 2020/01/24 05:11:34 beck Exp $ */ 1/* $OpenBSD: tls13_lib.c,v 1.30 2020/01/25 13:11:20 tb Exp $ */
2/* 2/*
3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org> 3 * Copyright (c) 2018, 2019 Joel Sing <jsing@openbsd.org>
4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org> 4 * Copyright (c) 2019 Bob Beck <beck@openbsd.org>
@@ -105,6 +105,30 @@ tls13_alert_received_cb(uint8_t alert_desc, void *arg)
105 SSL_CTX_remove_session(s->ctx, s->session); 105 SSL_CTX_remove_session(s->ctx, s->session);
106} 106}
107 107
108static void
109tls13_legacy_handshake_message_recv_cb(void *arg, CBS *cbs)
110{
111 struct tls13_ctx *ctx = arg;
112 SSL *s = ctx->ssl;
113
114 if (s->internal->msg_callback != NULL)
115 s->internal->msg_callback(0, TLS1_3_VERSION, SSL3_RT_HANDSHAKE,
116 CBS_data(cbs), CBS_len(cbs), s,
117 s->internal->msg_callback_arg);
118}
119
120static void
121tls13_legacy_handshake_message_sent_cb(void *arg, CBS *cbs)
122{
123 struct tls13_ctx *ctx = arg;
124 SSL *s = ctx->ssl;
125
126 if (s->internal->msg_callback != NULL)
127 s->internal->msg_callback(1, TLS1_3_VERSION, SSL3_RT_HANDSHAKE,
128 CBS_data(cbs), CBS_len(cbs), s,
129 s->internal->msg_callback_arg);
130}
131
108static int 132static int
109tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx) 133tls13_phh_update_local_traffic_secret(struct tls13_ctx *ctx)
110{ 134{
@@ -263,6 +287,9 @@ tls13_ctx_new(int mode)
263 tls13_phh_received_cb, tls13_phh_done_cb, ctx)) == NULL) 287 tls13_phh_received_cb, tls13_phh_done_cb, ctx)) == NULL)
264 goto err; 288 goto err;
265 289
290 ctx->handshake_message_sent_cb = tls13_legacy_handshake_message_sent_cb;
291 ctx->handshake_message_recv_cb = tls13_legacy_handshake_message_recv_cb;
292
266 return ctx; 293 return ctx;
267 294
268 err: 295 err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-12 20:07:05 +0000