Wire up SSL_QUIC_METHOD callbacks to the record layer callbacks for QUIC.

ok tb@

diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c
index e93298c..989165b 100644 (file)
--- a/lib/libssl/s3_lib.c
+++ b/lib/libssl/s3_lib.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */
+/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -1569,6 +1569,8 @@ ssl3_free(SSL *s)
        freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len);
        tls13_clienthello_hash_clear(&s->s3->hs.tls13);
 
+       tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
+
        sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free);
        sk_X509_pop_free(s->internal->verified_chain, X509_free);
 
@@ -1615,6 +1617,11 @@ ssl3_clear(SSL *s)
        s->s3->hs.tls13.cookie_len = 0;
        tls13_clienthello_hash_clear(&s->s3->hs.tls13);
 
+       tls_buffer_free(s->s3->hs.tls13.quic_read_buffer);
+       s->s3->hs.tls13.quic_read_buffer = NULL;
+       s->s3->hs.tls13.quic_read_level = ssl_encryption_initial;
+       s->s3->hs.tls13.quic_write_level = ssl_encryption_initial;
+
        s->s3->hs.extensions_seen = 0;
 
        rp = s->s3->rbuf.buf;

diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h
index d45983a..fa3a5f9 100644 (file)
--- a/lib/libssl/ssl_locl.h
+++ b/lib/libssl/ssl_locl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ssl_locl.h,v 1.423 2022/08/21 19:32:38 jsing Exp $ */
+/* $OpenBSD: ssl_locl.h,v 1.424 2022/08/21 19:39:44 jsing Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -580,7 +580,8 @@ typedef struct ssl_handshake_tls13_st {
        unsigned char *clienthello_hash;
        unsigned int clienthello_hash_len;
 
-       /* QUIC read/write encryption levels. */
+       /* QUIC read buffer and read/write encryption levels. */
+       struct tls_buffer *quic_read_buffer;
        enum ssl_encryption_level_t quic_read_level;
        enum ssl_encryption_level_t quic_write_level;
 } SSL_HANDSHAKE_TLS13;

diff --git a/lib/libssl/tls13_quic.c b/lib/libssl/tls13_quic.c
index f58a0b8..ceb666a 100644 (file)
--- a/lib/libssl/tls13_quic.c
+++ b/lib/libssl/tls13_quic.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tls13_quic.c,v 1.3 2022/08/21 19:18:57 jsing Exp $ */
+/*     $OpenBSD: tls13_quic.c,v 1.4 2022/08/21 19:39:44 jsing Exp $ */
 /*
  * Copyright (c) 2022 Joel Sing <jsing@openbsd.org>
  *
@@ -45,16 +45,20 @@ tls13_quic_wire_flush_cb(void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
 
-       /* XXX - call flush_flight. */
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-       return TLS13_IO_FAILURE;
+       if (!ssl->quic_method->flush_flight(ssl)) {
+               SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
+               return TLS13_IO_FAILURE;
+       }
+
+       return TLS13_IO_SUCCESS;
 }
 
 static ssize_t
 tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg)
 {
-       /* XXX - read handshake data. */
-       return TLS13_IO_FAILURE;
+       struct tls13_ctx *ctx = arg;
+
+       return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n);
 }
 
 static ssize_t
@@ -63,9 +67,13 @@ tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
 
-       /* XXX - call add_handshake_data. */
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-       return TLS13_IO_FAILURE;
+       if (!ssl->quic_method->add_handshake_data(ssl,
+           ctx->hs->tls13.quic_write_level, buf, n)) {
+               SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
+               return TLS13_IO_FAILURE;
+       }
+
+       return n;
 }
 
 static int
@@ -77,8 +85,18 @@ tls13_quic_set_read_traffic_key(struct tls13_secret *read_key,
 
        ctx->hs->tls13.quic_read_level = read_level;
 
-       /* XXX - call set_read_secret. */
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+       /* Handle both the new (BoringSSL) and old (quictls) APIs. */
+
+       if (ssl->quic_method->set_read_secret != NULL)
+               return ssl->quic_method->set_read_secret(ssl,
+                   ctx->hs->tls13.quic_read_level, ctx->hs->cipher,
+                   read_key->data, read_key->len);
+
+       if (ssl->quic_method->set_encryption_secrets != NULL)
+               return ssl->quic_method->set_encryption_secrets(ssl,
+                   ctx->hs->tls13.quic_read_level, read_key->data, NULL,
+                   read_key->len);
+
        return 0;
 }
 
@@ -91,8 +109,18 @@ tls13_quic_set_write_traffic_key(struct tls13_secret *write_key,
 
        ctx->hs->tls13.quic_write_level = write_level;
 
-       /* XXX - call set_write_secret. */
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
+       /* Handle both the new (BoringSSL) and old (quictls) APIs. */
+
+       if (ssl->quic_method->set_write_secret != NULL)
+               return ssl->quic_method->set_write_secret(ssl,
+                   ctx->hs->tls13.quic_write_level, ctx->hs->cipher,
+                   write_key->data, write_key->len);
+
+       if (ssl->quic_method->set_encryption_secrets != NULL)
+               return ssl->quic_method->set_encryption_secrets(ssl,
+                   ctx->hs->tls13.quic_write_level, NULL, write_key->data,
+                   write_key->len);
+
        return 0;
 }
 
@@ -102,9 +130,13 @@ tls13_quic_alert_send_cb(int alert_desc, void *arg)
        struct tls13_ctx *ctx = arg;
        SSL *ssl = ctx->ssl;
 
-       /* XXX - call send_alert. */
-       SSLerror(ssl, ERR_R_INTERNAL_ERROR);
-       return TLS13_IO_FAILURE;
+       if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level,
+           alert_desc)) {
+               SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR);
+               return TLS13_IO_FAILURE;
+       }
+
+       return TLS13_IO_SUCCESS;
 }
 
 static const struct tls13_record_layer_callbacks quic_rl_callbacks = {