7 files changed, 209 insertions, 7 deletions
diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c
index 66d0eba9a0..12eb9f4af4 100644
--- a/src/lib/libssl/s3_lib.c
+++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.230 2022/06/29 08:37:18 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.231 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1575,6 +1575,9 @@ ssl3_free(SSL *s)
        free(s->s3->alpn_selected);
+        freezero(s->s3->peer_quic_transport_params,
+            s->s3->peer_quic_transport_params_len);
        freezero(s->s3, sizeof(*s->s3));
        s->s3 = NULL;
@@ -1619,6 +1622,11 @@ ssl3_clear(SSL *s)
        s->s3->alpn_selected = NULL;
        s->s3->alpn_selected_len = 0;
+        freezero(s->s3->peer_quic_transport_params,
+            s->s3->peer_quic_transport_params_len);
+        s->s3->peer_quic_transport_params = NULL;
+        s->s3->peer_quic_transport_params_len = 0;
        memset(s->s3, 0, sizeof(*s->s3));
        s->s3->rbuf.buf = rp;
diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h
index aed3fea1d0..c733992848 100644
--- a/src/lib/libssl/ssl.h
+++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl.h,v 1.217 2022/06/28 20:57:33 tb Exp $ */
+/* $OpenBSD: ssl.h,v 1.218 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -1578,6 +1578,30 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
 int SSL_CTX_get_security_level(const SSL_CTX *ctx);
 #endif /* LIBRESSL_INTERNAL */
+#ifdef LIBRESSL_INTERNAL
+/*
+ * SSL_set_quic_transport_params configures |ssl| to send |params| (of length
+ * |params_len|) in the quic_transport_parameters extension in either the
+ * ClientHello or EncryptedExtensions handshake message. This extension will
+ * only be sent if the TLS version is at least 1.3, and for a server, only if
+ * the client sent the extension. The buffer pointed to by |params| only need be
+ * valid for the duration of the call to this function. This function returns 1
+ *on success and 0 on failure.
+ */
+int SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
+    size_t params_len);
+/*
+ * SSL_get_peer_quic_transport_params provides the caller with the value of the
+ * quic_transport_parameters extension sent by the peer. A pointer to the buffer
+ * containing the TransportParameters will be put in |*out_params|, and its
+ * length in |*params_len|. This buffer will be valid for the lifetime of the
+ * |SSL|. If no params were received from the peer, |*out_params_len| will be 0.
+ */
+void SSL_get_peer_quic_transport_params(const SSL *ssl,
+    const uint8_t **out_params, size_t *out_params_len);
+#endif
 /* BEGIN ERROR CODES */
 /* The following lines are auto generated by the script mkerr.pl. Any changes
 * made after this point may be overwritten when the script is next run.
diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c
index be01f771e0..b959d3428f 100644
--- a/src/lib/libssl/ssl_lib.c
+++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_lib.c,v 1.292 2022/06/29 08:39:08 tb Exp $ */
+/* $OpenBSD: ssl_lib.c,v 1.293 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -573,6 +573,8 @@ SSL_free(SSL *s)
        free(s->internal->alpn_client_proto_list);
+        free(s->internal->quic_transport_params);
 #ifndef OPENSSL_NO_SRTP
        sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
 #endif
@@ -3312,3 +3314,29 @@ OBJ_bsearch_ssl_cipher_id(SSL_CIPHER *key, SSL_CIPHER const *base, int num)
        return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
            ssl_cipher_id_cmp_BSEARCH_CMP_FN);
 }
+int
+SSL_set_quic_transport_params(SSL *ssl, const uint8_t *params,
+    size_t params_len)
+{
+        freezero(ssl->internal->quic_transport_params,
+            ssl->internal->quic_transport_params_len);
+        ssl->internal->quic_transport_params = NULL;
+        ssl->internal->quic_transport_params_len = 0;
+        if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL)
+                return 0;
+        memcpy(ssl->internal->quic_transport_params, params, params_len);
+        ssl->internal->quic_transport_params_len = params_len;
+        return 1;
+}
+void
+SSL_get_peer_quic_transport_params(const SSL *ssl, const uint8_t **out_params,
+    size_t *out_params_len)
+{
+        *out_params = ssl->s3->peer_quic_transport_params;
+        *out_params_len = ssl->s3->peer_quic_transport_params_len;
+}
diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h
index da21758815..102f7deaf5 100644
--- a/src/lib/libssl/ssl_locl.h
+++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.401 2022/06/29 12:03:38 tb Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.402 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -932,6 +932,10 @@ typedef struct ssl_internal_st {
        unsigned char *alpn_client_proto_list;
        unsigned int alpn_client_proto_list_len;
+        /* QUIC transport params we will send */
+        uint8_t *quic_transport_params;
+        size_t quic_transport_params_len;
        /* XXX Callbacks */
        /* true when we are actually in SSL_accept() or SSL_connect() */
@@ -1218,6 +1222,10 @@ typedef struct ssl3_state_st {
         */
        unsigned char *alpn_selected;
        size_t alpn_selected_len;
+        /* Contains the QUIC transport params received from our peer. */
+        uint8_t *peer_quic_transport_params;
+        size_t peer_quic_transport_params_len;
 } SSL3_STATE;
 /*
diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c
index 8faf90fde0..fc6c11daa6 100644
--- a/src/lib/libssl/ssl_tlsext.c
+++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.c,v 1.114 2022/06/29 07:53:58 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1943,6 +1943,112 @@ tlsext_psk_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert)
        return CBS_skip(cbs, CBS_len(cbs));
 }
+/*
+ * QUIC transport parameters extension.
+ */
+int
+tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
+{
+        return (s->internal->quic_transport_params_len > 0 &&
+            s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
+}
+int
+tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
+    CBB *cbb)
+{
+        CBB contents;
+        if (!CBB_add_u16_length_prefixed(cbb, &contents))
+                return 0;
+        if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
+            s->internal->quic_transport_params_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert)
+{
+        CBS transport_data;
+        /* QUIC requires TLS 1.3. */
+        if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
+                *alert = SSL_AD_UNSUPPORTED_EXTENSION;
+                return 0;
+        }
+        if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
+                return 0;
+        if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
+            &s->s3->peer_quic_transport_params_len))
+                return 0;
+        return 1;
+}
+int
+tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
+{
+        return s->internal->quic_transport_params_len > 0;
+}
+int
+tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
+    CBB *cbb)
+{
+        CBB contents;
+        if (!CBB_add_u16_length_prefixed(cbb, &contents))
+                return 0;
+        if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
+            s->internal->quic_transport_params_len))
+                return 0;
+        if (!CBB_flush(cbb))
+                return 0;
+        return 1;
+}
+int
+tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert)
+{
+        CBS transport_data;
+        /*
+         * Ignore this extension if we don't have configured quic transport data
+         * or if we are not TLS 1.3.
+         */
+        if (s->internal->quic_transport_params_len == 0 ||
+            ssl_effective_tls_version(s) < TLS1_3_VERSION) {
+                if (!CBS_skip(cbs, CBS_len(cbs))) {
+                        *alert = SSL_AD_INTERNAL_ERROR;
+                        return 0;
+                }
+                return 1;
+        }
+        if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
+                return 0;
+        if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
+            &s->s3->peer_quic_transport_params_len))
+                return 0;
+        return 1;
+}
 struct tls_extension_funcs {
        int (*needs)(SSL *s, uint16_t msg_type);
        int (*build)(SSL *s, uint16_t msg_type, CBB *cbb);
@@ -2132,6 +2238,20 @@ static const struct tls_extension tls_extensions[] = {
        },
 #endif /* OPENSSL_NO_SRTP */
        {
+                .type = TLSEXT_TYPE_quic_transport_parameters,
+                .messages = SSL_TLSEXT_MSG_CH | SSL_TLSEXT_MSG_SH,
+                .client = {
+                        .needs = tlsext_quic_transport_parameters_client_needs,
+                        .build = tlsext_quic_transport_parameters_client_build,
+                        .parse = tlsext_quic_transport_parameters_client_parse,
+                },
+                .server = {
+                        .needs = tlsext_quic_transport_parameters_server_needs,
+                        .build = tlsext_quic_transport_parameters_server_build,
+                        .parse = tlsext_quic_transport_parameters_server_parse,
+                },
+        },
+        {
                .type = TLSEXT_TYPE_psk_key_exchange_modes,
                .messages = SSL_TLSEXT_MSG_CH,
                .client = {
diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h
index 3439255fd6..268b274948 100644
--- a/src/lib/libssl/ssl_tlsext.h
+++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_tlsext.h,v 1.29 2022/06/03 13:31:49 tb Exp $ */
+/* $OpenBSD: ssl_tlsext.h,v 1.30 2022/06/29 17:39:20 beck Exp $ */
 /*
 * Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
 * Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -144,6 +144,17 @@ int tlsext_srtp_server_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_srtp_server_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
 #endif
+int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);
+int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
+    CBB *cbb);
+int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert);
+int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);
+int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
+    CBB *cbb);
+int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
+    CBS *cbs, int *alert);
 int tlsext_client_build(SSL *s, uint16_t msg_type, CBB *cbb);
 int tlsext_client_parse(SSL *s, uint16_t msg_type, CBS *cbs, int *alert);
diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h
index aa05f37cc8..2f6e2e3bd0 100644
--- a/src/lib/libssl/tls1.h
+++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: tls1.h,v 1.52 2022/06/28 20:36:55 tb Exp $ */
+/* $OpenBSD: tls1.h,v 1.53 2022/06/29 17:39:20 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -259,6 +259,9 @@ extern "C" {
 /* ExtensionType value from RFC 7685. */
 #define TLSEXT_TYPE_padding     21
+/* ExtensionType value from draft-ietf-quic-tls */
+#define TLSEXT_TYPE_quic_transport_parameters 26
 /* ExtensionType value from RFC 4507. */
 #define TLSEXT_TYPE_session_ticket              35

diff --git a/src/lib/libssl/s3_lib.c b/src/lib/libssl/s3_lib.c index 66d0eba9a0..12eb9f4af4 100644 --- a/src/lib/libssl/s3_lib.c +++ b/src/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: s3_lib.c,v 1.230 2022/06/29 08:37:18 tb Exp $ */	1	/* $OpenBSD: s3_lib.c,v 1.231 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1575,6 +1575,9 @@ ssl3_free(SSL *s)
1575		1575
1576	free(s->s3->alpn_selected);	1576	free(s->s3->alpn_selected);
1577		1577
		1578	freezero(s->s3->peer_quic_transport_params,
		1579	s->s3->peer_quic_transport_params_len);
		1580
1578	freezero(s->s3, sizeof(*s->s3));	1581	freezero(s->s3, sizeof(*s->s3));
1579		1582
1580	s->s3 = NULL;	1583	s->s3 = NULL;
@@ -1619,6 +1622,11 @@ ssl3_clear(SSL *s)
1619	s->s3->alpn_selected = NULL;	1622	s->s3->alpn_selected = NULL;
1620	s->s3->alpn_selected_len = 0;	1623	s->s3->alpn_selected_len = 0;
1621		1624
		1625	freezero(s->s3->peer_quic_transport_params,
		1626	s->s3->peer_quic_transport_params_len);
		1627	s->s3->peer_quic_transport_params = NULL;
		1628	s->s3->peer_quic_transport_params_len = 0;
		1629
1622	memset(s->s3, 0, sizeof(*s->s3));	1630	memset(s->s3, 0, sizeof(*s->s3));
1623		1631
1624	s->s3->rbuf.buf = rp;	1632	s->s3->rbuf.buf = rp;


diff --git a/src/lib/libssl/ssl.h b/src/lib/libssl/ssl.h index aed3fea1d0..c733992848 100644 --- a/src/lib/libssl/ssl.h +++ b/src/lib/libssl/ssl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl.h,v 1.217 2022/06/28 20:57:33 tb Exp $ */	1	/* $OpenBSD: ssl.h,v 1.218 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -1578,6 +1578,30 @@ void SSL_CTX_set_security_level(SSL_CTX *ctx, int level);
1578	int SSL_CTX_get_security_level(const SSL_CTX *ctx);	1578	int SSL_CTX_get_security_level(const SSL_CTX *ctx);
1579	#endif /* LIBRESSL_INTERNAL */	1579	#endif /* LIBRESSL_INTERNAL */
1580		1580
		1581	#ifdef LIBRESSL_INTERNAL
		1582	/*
		1583	* SSL_set_quic_transport_params configures \|ssl\| to send \|params\| (of length
		1584	* \|params_len\|) in the quic_transport_parameters extension in either the
		1585	* ClientHello or EncryptedExtensions handshake message. This extension will
		1586	* only be sent if the TLS version is at least 1.3, and for a server, only if
		1587	* the client sent the extension. The buffer pointed to by \|params\| only need be
		1588	* valid for the duration of the call to this function. This function returns 1
		1589	*on success and 0 on failure.
		1590	*/
		1591	int SSL_set_quic_transport_params(SSL ssl, const uint8_t params,
		1592	size_t params_len);
		1593
		1594	/*
		1595	* SSL_get_peer_quic_transport_params provides the caller with the value of the
		1596	* quic_transport_parameters extension sent by the peer. A pointer to the buffer
		1597	* containing the TransportParameters will be put in \|*out_params\|, and its
		1598	* length in \|*params_len\|. This buffer will be valid for the lifetime of the
		1599	* \|SSL\|. If no params were received from the peer, \|*out_params_len\| will be 0.
		1600	*/
		1601	void SSL_get_peer_quic_transport_params(const SSL *ssl,
		1602	const uint8_t *out_params, size_t out_params_len);
		1603	#endif
		1604
1581	/* BEGIN ERROR CODES */	1605	/* BEGIN ERROR CODES */
1582	/* The following lines are auto generated by the script mkerr.pl. Any changes	1606	/* The following lines are auto generated by the script mkerr.pl. Any changes
1583	* made after this point may be overwritten when the script is next run.	1607	* made after this point may be overwritten when the script is next run.


diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index be01f771e0..b959d3428f 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_lib.c,v 1.292 2022/06/29 08:39:08 tb Exp $ */	1	/* $OpenBSD: ssl_lib.c,v 1.293 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -573,6 +573,8 @@ SSL_free(SSL *s)
573		573
574	free(s->internal->alpn_client_proto_list);	574	free(s->internal->alpn_client_proto_list);
575		575
		576	free(s->internal->quic_transport_params);
		577
576	#ifndef OPENSSL_NO_SRTP	578	#ifndef OPENSSL_NO_SRTP
577	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);	579	sk_SRTP_PROTECTION_PROFILE_free(s->internal->srtp_profiles);
578	#endif	580	#endif
@@ -3312,3 +3314,29 @@ OBJ_bsearch_ssl_cipher_id(SSL_CIPHER key, SSL_CIPHER const base, int num)
3312	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),	3314	return (SSL_CIPHER *)OBJ_bsearch_(key, base, num, sizeof(SSL_CIPHER),
3313	ssl_cipher_id_cmp_BSEARCH_CMP_FN);	3315	ssl_cipher_id_cmp_BSEARCH_CMP_FN);
3314	}	3316	}
		3317
		3318	int
		3319	SSL_set_quic_transport_params(SSL ssl, const uint8_t params,
		3320	size_t params_len)
		3321	{
		3322	freezero(ssl->internal->quic_transport_params,
		3323	ssl->internal->quic_transport_params_len);
		3324	ssl->internal->quic_transport_params = NULL;
		3325	ssl->internal->quic_transport_params_len = 0;
		3326
		3327	if ((ssl->internal->quic_transport_params = malloc(params_len)) == NULL)
		3328	return 0;
		3329
		3330	memcpy(ssl->internal->quic_transport_params, params, params_len);
		3331	ssl->internal->quic_transport_params_len = params_len;
		3332
		3333	return 1;
		3334	}
		3335
		3336	void
		3337	SSL_get_peer_quic_transport_params(const SSL ssl, const uint8_t *out_params,
		3338	size_t *out_params_len)
		3339	{
		3340	*out_params = ssl->s3->peer_quic_transport_params;
		3341	*out_params_len = ssl->s3->peer_quic_transport_params_len;
		3342	}


diff --git a/src/lib/libssl/ssl_locl.h b/src/lib/libssl/ssl_locl.h index da21758815..102f7deaf5 100644 --- a/src/lib/libssl/ssl_locl.h +++ b/src/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_locl.h,v 1.401 2022/06/29 12:03:38 tb Exp $ */	1	/* $OpenBSD: ssl_locl.h,v 1.402 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -932,6 +932,10 @@ typedef struct ssl_internal_st {
932	unsigned char *alpn_client_proto_list;	932	unsigned char *alpn_client_proto_list;
933	unsigned int alpn_client_proto_list_len;	933	unsigned int alpn_client_proto_list_len;
934		934
		935	/* QUIC transport params we will send */
		936	uint8_t *quic_transport_params;
		937	size_t quic_transport_params_len;
		938
935	/* XXX Callbacks */	939	/* XXX Callbacks */
936		940
937	/* true when we are actually in SSL_accept() or SSL_connect() */	941	/* true when we are actually in SSL_accept() or SSL_connect() */
@@ -1218,6 +1222,10 @@ typedef struct ssl3_state_st {
1218	*/	1222	*/
1219	unsigned char *alpn_selected;	1223	unsigned char *alpn_selected;
1220	size_t alpn_selected_len;	1224	size_t alpn_selected_len;
		1225
		1226	/* Contains the QUIC transport params received from our peer. */
		1227	uint8_t *peer_quic_transport_params;
		1228	size_t peer_quic_transport_params_len;
1221	} SSL3_STATE;	1229	} SSL3_STATE;
1222		1230
1223	/*	1231	/*


diff --git a/src/lib/libssl/ssl_tlsext.c b/src/lib/libssl/ssl_tlsext.c index 8faf90fde0..fc6c11daa6 100644 --- a/src/lib/libssl/ssl_tlsext.c +++ b/src/lib/libssl/ssl_tlsext.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.c,v 1.114 2022/06/29 07:53:58 tb Exp $ */	1	/* $OpenBSD: ssl_tlsext.c,v 1.115 2022/06/29 17:39:20 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017, 2019 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -1943,6 +1943,112 @@ tlsext_psk_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert)
1943	return CBS_skip(cbs, CBS_len(cbs));	1943	return CBS_skip(cbs, CBS_len(cbs));
1944	}	1944	}
1945		1945
		1946	/*
		1947	* QUIC transport parameters extension.
		1948	*/
		1949
		1950	int
		1951	tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type)
		1952	{
		1953	return (s->internal->quic_transport_params_len > 0 &&
		1954	s->s3->hs.our_max_tls_version >= TLS1_3_VERSION);
		1955	}
		1956
		1957	int
		1958	tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
		1959	CBB *cbb)
		1960	{
		1961	CBB contents;
		1962
		1963	if (!CBB_add_u16_length_prefixed(cbb, &contents))
		1964	return 0;
		1965
		1966	if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
		1967	s->internal->quic_transport_params_len))
		1968	return 0;
		1969
		1970	if (!CBB_flush(cbb))
		1971	return 0;
		1972
		1973	return 1;
		1974	}
		1975
		1976	int
		1977	tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
		1978	CBS cbs, int alert)
		1979	{
		1980	CBS transport_data;
		1981
		1982	/* QUIC requires TLS 1.3. */
		1983	if (ssl_effective_tls_version(s) < TLS1_3_VERSION) {
		1984	*alert = SSL_AD_UNSUPPORTED_EXTENSION;
		1985	return 0;
		1986	}
		1987
		1988	if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
		1989	return 0;
		1990
		1991	if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
		1992	&s->s3->peer_quic_transport_params_len))
		1993	return 0;
		1994
		1995	return 1;
		1996	}
		1997
		1998	int
		1999	tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type)
		2000	{
		2001	return s->internal->quic_transport_params_len > 0;
		2002	}
		2003
		2004	int
		2005	tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
		2006	CBB *cbb)
		2007	{
		2008	CBB contents;
		2009
		2010	if (!CBB_add_u16_length_prefixed(cbb, &contents))
		2011	return 0;
		2012
		2013	if (!CBB_add_bytes(&contents, s->internal->quic_transport_params,
		2014	s->internal->quic_transport_params_len))
		2015	return 0;
		2016
		2017	if (!CBB_flush(cbb))
		2018	return 0;
		2019
		2020	return 1;
		2021	}
		2022
		2023	int
		2024	tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
		2025	CBS cbs, int alert)
		2026	{
		2027	CBS transport_data;
		2028
		2029	/*
		2030	* Ignore this extension if we don't have configured quic transport data
		2031	* or if we are not TLS 1.3.
		2032	*/
		2033	if (s->internal->quic_transport_params_len == 0 \|\|
		2034	ssl_effective_tls_version(s) < TLS1_3_VERSION) {
		2035	if (!CBS_skip(cbs, CBS_len(cbs))) {
		2036	*alert = SSL_AD_INTERNAL_ERROR;
		2037	return 0;
		2038	}
		2039	return 1;
		2040	}
		2041
		2042	if (!CBS_get_u16_length_prefixed(cbs, &transport_data))
		2043	return 0;
		2044
		2045	if (!CBS_stow(&transport_data, &s->s3->peer_quic_transport_params,
		2046	&s->s3->peer_quic_transport_params_len))
		2047	return 0;
		2048
		2049	return 1;
		2050	}
		2051
1946	struct tls_extension_funcs {	2052	struct tls_extension_funcs {
1947	int (needs)(SSL s, uint16_t msg_type);	2053	int (needs)(SSL s, uint16_t msg_type);
1948	int (build)(SSL s, uint16_t msg_type, CBB *cbb);	2054	int (build)(SSL s, uint16_t msg_type, CBB *cbb);
@@ -2132,6 +2238,20 @@ static const struct tls_extension tls_extensions[] = {
2132	},	2238	},
2133	#endif /* OPENSSL_NO_SRTP */	2239	#endif /* OPENSSL_NO_SRTP */
2134	{	2240	{
		2241	.type = TLSEXT_TYPE_quic_transport_parameters,
		2242	.messages = SSL_TLSEXT_MSG_CH \| SSL_TLSEXT_MSG_SH,
		2243	.client = {
		2244	.needs = tlsext_quic_transport_parameters_client_needs,
		2245	.build = tlsext_quic_transport_parameters_client_build,
		2246	.parse = tlsext_quic_transport_parameters_client_parse,
		2247	},
		2248	.server = {
		2249	.needs = tlsext_quic_transport_parameters_server_needs,
		2250	.build = tlsext_quic_transport_parameters_server_build,
		2251	.parse = tlsext_quic_transport_parameters_server_parse,
		2252	},
		2253	},
		2254	{
2135	.type = TLSEXT_TYPE_psk_key_exchange_modes,	2255	.type = TLSEXT_TYPE_psk_key_exchange_modes,
2136	.messages = SSL_TLSEXT_MSG_CH,	2256	.messages = SSL_TLSEXT_MSG_CH,
2137	.client = {	2257	.client = {


diff --git a/src/lib/libssl/ssl_tlsext.h b/src/lib/libssl/ssl_tlsext.h index 3439255fd6..268b274948 100644 --- a/src/lib/libssl/ssl_tlsext.h +++ b/src/lib/libssl/ssl_tlsext.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: ssl_tlsext.h,v 1.29 2022/06/03 13:31:49 tb Exp $ */	1	/* $OpenBSD: ssl_tlsext.h,v 1.30 2022/06/29 17:39:20 beck Exp $ */
2	/*	2	/*
3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>	3	* Copyright (c) 2016, 2017 Joel Sing <jsing@openbsd.org>
4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>	4	* Copyright (c) 2017 Doug Hogan <doug@openbsd.org>
@@ -144,6 +144,17 @@ int tlsext_srtp_server_build(SSL s, uint16_t msg_type, CBB cbb);
144	int tlsext_srtp_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);	144	int tlsext_srtp_server_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
145	#endif	145	#endif
146		146
		147	int tlsext_quic_transport_parameters_client_needs(SSL *s, uint16_t msg_type);
		148	int tlsext_quic_transport_parameters_client_build(SSL *s, uint16_t msg_type,
		149	CBB *cbb);
		150	int tlsext_quic_transport_parameters_client_parse(SSL *s, uint16_t msg_type,
		151	CBS cbs, int alert);
		152	int tlsext_quic_transport_parameters_server_needs(SSL *s, uint16_t msg_type);
		153	int tlsext_quic_transport_parameters_server_build(SSL *s, uint16_t msg_type,
		154	CBB *cbb);
		155	int tlsext_quic_transport_parameters_server_parse(SSL *s, uint16_t msg_type,
		156	CBS cbs, int alert);
		157
147	int tlsext_client_build(SSL s, uint16_t msg_type, CBB cbb);	158	int tlsext_client_build(SSL s, uint16_t msg_type, CBB cbb);
148	int tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);	159	int tlsext_client_parse(SSL s, uint16_t msg_type, CBS cbs, int *alert);
149		160


diff --git a/src/lib/libssl/tls1.h b/src/lib/libssl/tls1.h index aa05f37cc8..2f6e2e3bd0 100644 --- a/src/lib/libssl/tls1.h +++ b/src/lib/libssl/tls1.h
@@ -1,4 +1,4 @@
1	/* $OpenBSD: tls1.h,v 1.52 2022/06/28 20:36:55 tb Exp $ */	1	/* $OpenBSD: tls1.h,v 1.53 2022/06/29 17:39:20 beck Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -259,6 +259,9 @@ extern "C" {
259	/* ExtensionType value from RFC 7685. */	259	/* ExtensionType value from RFC 7685. */
260	#define TLSEXT_TYPE_padding 21	260	#define TLSEXT_TYPE_padding 21
261		261
		262	/* ExtensionType value from draft-ietf-quic-tls */
		263	#define TLSEXT_TYPE_quic_transport_parameters 26
		264
262	/* ExtensionType value from RFC 4507. */	265	/* ExtensionType value from RFC 4507. */
263	#define TLSEXT_TYPE_session_ticket 35	266	#define TLSEXT_TYPE_session_ticket 35
264		267