1 files changed, 43 insertions, 1 deletions
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index be116de775..caee3d60d9 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.226 2022/08/21 19:32:38 jsing Exp $ */
+/* $OpenBSD: ssl.h,v 1.227 2022/08/21 19:42:15 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1743,6 +1743,41 @@ int SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method);
 int SSL_is_quic(const SSL *ssl);
 /*
+ * SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes
+ * that may be received at the given encryption level. This function should be
+ * used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5.
+ */
+size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
+    enum ssl_encryption_level_t level);
+/*
+ * SSL_quic_read_level returns the current read encryption level.
+ */
+enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl);
+/*
+ * SSL_quic_write_level returns the current write encryption level.
+ */
+enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl);
+/*
+ * SSL_provide_quic_data provides data from QUIC at a particular encryption
+ * level |level|. It returns one on success and zero on error. Note this
+ * function will return zero if the handshake is not expecting data from |level|
+ * at this time. The QUIC implementation should then close the connection with
+ * an error.
+ */
+int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
+    const uint8_t *data, size_t len);
+/*
+ * SSL_process_quic_post_handshake processes any data that QUIC has provided
+ * after the handshake has completed. This includes NewSessionTicket messages
+ * sent by the server. It returns one on success and zero on error.
+ */
+int SSL_process_quic_post_handshake(SSL *ssl);
+/*
 * SSL_set_quic_transport_params configures |ssl| to send |params| (of length
 * |params_len|) in the quic_transport_parameters extension in either the
 * ClientHello or EncryptedExtensions handshake message. It is an error to set
@@ -1763,6 +1798,13 @@ int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
 void SSL_get_peer_quic_transport_params(const SSL *ssl,
    const uint8_t **out_params, size_t *out_params_len);
+/*
+ * SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC
+ * extension codepoint 0xffa5 as opposed to the official value 57. This is
+ * unsupported in LibreSSL.
+ */
+void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy);
 #endif
 void ERR_load_SSL_strings(void);

diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index be116de775..caee3d60d9 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.226 2022/08/21 19:32:38 jsing Exp $ */	1	/* $OpenBSD: ssl.h,v 1.227 2022/08/21 19:42:15 jsing Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1743,6 +1743,41 @@ int SSL_set_quic_method(SSL ssl, const SSL_QUIC_METHOD quic_method);
1743	int SSL_is_quic(const SSL *ssl);	1743	int SSL_is_quic(const SSL *ssl);
1744		1744
1745	/*	1745	/*
		1746	* SSL_quic_max_handshake_flight_len returns returns the maximum number of bytes
		1747	* that may be received at the given encryption level. This function should be
		1748	* used to limit buffering in the QUIC implementation. See RFC 9000 section 7.5.
		1749	*/
		1750	size_t SSL_quic_max_handshake_flight_len(const SSL *ssl,
		1751	enum ssl_encryption_level_t level);
		1752
		1753	/*
		1754	* SSL_quic_read_level returns the current read encryption level.
		1755	*/
		1756	enum ssl_encryption_level_t SSL_quic_read_level(const SSL *ssl);
		1757
		1758	/*
		1759	* SSL_quic_write_level returns the current write encryption level.
		1760	*/
		1761	enum ssl_encryption_level_t SSL_quic_write_level(const SSL *ssl);
		1762
		1763	/*
		1764	* SSL_provide_quic_data provides data from QUIC at a particular encryption
		1765	* level \|level\|. It returns one on success and zero on error. Note this
		1766	* function will return zero if the handshake is not expecting data from \|level\|
		1767	* at this time. The QUIC implementation should then close the connection with
		1768	* an error.
		1769	*/
		1770	int SSL_provide_quic_data(SSL *ssl, enum ssl_encryption_level_t level,
		1771	const uint8_t *data, size_t len);
		1772
		1773	/*
		1774	* SSL_process_quic_post_handshake processes any data that QUIC has provided
		1775	* after the handshake has completed. This includes NewSessionTicket messages
		1776	* sent by the server. It returns one on success and zero on error.
		1777	*/
		1778	int SSL_process_quic_post_handshake(SSL *ssl);
		1779
		1780	/*
1746	* SSL_set_quic_transport_params configures \|ssl\| to send \|params\| (of length	1781	* SSL_set_quic_transport_params configures \|ssl\| to send \|params\| (of length
1747	* \|params_len\|) in the quic_transport_parameters extension in either the	1782	* \|params_len\|) in the quic_transport_parameters extension in either the
1748	* ClientHello or EncryptedExtensions handshake message. It is an error to set	1783	* ClientHello or EncryptedExtensions handshake message. It is an error to set
@@ -1763,6 +1798,13 @@ int SSL_set_quic_transport_params(SSL ssl, const uint8_t params,
1763	void SSL_get_peer_quic_transport_params(const SSL *ssl,	1798	void SSL_get_peer_quic_transport_params(const SSL *ssl,
1764	const uint8_t *out_params, size_t out_params_len);	1799	const uint8_t *out_params, size_t out_params_len);
1765		1800
		1801	/*
		1802	* SSL_set_quic_use_legacy_codepoint configures whether to use the legacy QUIC
		1803	* extension codepoint 0xffa5 as opposed to the official value 57. This is
		1804	* unsupported in LibreSSL.
		1805	*/
		1806	void SSL_set_quic_use_legacy_codepoint(SSL *ssl, int use_legacy);
		1807
1766	#endif	1808	#endif
1767		1809
1768	void ERR_load_SSL_strings(void);	1810	void ERR_load_SSL_strings(void);