From 3c351e711595523526ff652c526430c9865244a9 Mon Sep 17 00:00:00 2001 From: jsing <> Date: Sun, 21 Aug 2022 19:32:38 +0000 Subject: Provide SSL_QUIC_METHOD. This provides SSL_QUIC_METHOD (aka ssl_quic_method_st), which allows for QUIC callback hooks to be passed to an SSL_CTX or SSL. This is largely ported/adapted from BoringSSL. It is worth noting that this struct is not opaque and the original interface exposed by BoringSSL differs to the one they now use. The original interface was copied by quictls and it appears that this API will not be updated to match BoringSSL. To make things even more challenging, at least one consumer does not use named initialisers, making code completely dependent on the order in which the function pointers are defined as struct members. In order to try to support both variants, the set_read_secret/set_write_secret functions are included, however they have to go at the end. ok tb@ --- src/lib/libssl/ssl_lib.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'src/lib/libssl/ssl_lib.c') diff --git a/src/lib/libssl/ssl_lib.c b/src/lib/libssl/ssl_lib.c index 515065de6c..f0f0150d19 100644 --- a/src/lib/libssl/ssl_lib.c +++ b/src/lib/libssl/ssl_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_lib.c,v 1.302 2022/08/21 18:17:11 jsing Exp $ */ +/* $OpenBSD: ssl_lib.c,v 1.303 2022/08/21 19:32:38 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -339,6 +339,7 @@ SSL_new(SSL_CTX *ctx) s->verify_result = X509_V_OK; s->method = ctx->method; + s->quic_method = ctx->quic_method; if (!s->method->ssl_new(s)) goto err; @@ -2584,6 +2585,28 @@ SSL_get_error(const SSL *s, int i) return (SSL_ERROR_SYSCALL); } +int +SSL_CTX_set_quic_method(SSL_CTX *ctx, const SSL_QUIC_METHOD *quic_method) +{ + if (ctx->method->dtls) + return 0; + + ctx->quic_method = quic_method; + + return 1; +} + +int +SSL_set_quic_method(SSL *ssl, const SSL_QUIC_METHOD *quic_method) +{ + if (ssl->method->dtls) + return 0; + + ssl->quic_method = quic_method; + + return 1; +} + int SSL_do_handshake(SSL *s) { -- cgit v1.2.3-55-g6feb