From 35351aa0558408ce08f9049d7a3bb6edbb10b2f0 Mon Sep 17 00:00:00 2001 From: jsing Date: Sun, 21 Aug 2022 19:39:44 +0000 Subject: [PATCH] Wire up SSL_QUIC_METHOD callbacks to the record layer callbacks for QUIC. ok tb@ --- lib/libssl/s3_lib.c | 9 +++++- lib/libssl/ssl_locl.h | 5 ++-- lib/libssl/tls13_quic.c | 64 ++++++++++++++++++++++++++++++----------- 3 files changed, 59 insertions(+), 19 deletions(-) diff --git a/lib/libssl/s3_lib.c b/lib/libssl/s3_lib.c index e93298c2dbf..989165b2078 100644 --- a/lib/libssl/s3_lib.c +++ b/lib/libssl/s3_lib.c @@ -1,4 +1,4 @@ -/* $OpenBSD: s3_lib.c,v 1.237 2022/08/17 18:51:47 tb Exp $ */ +/* $OpenBSD: s3_lib.c,v 1.238 2022/08/21 19:39:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -1569,6 +1569,8 @@ ssl3_free(SSL *s) freezero(s->s3->hs.tls13.cookie, s->s3->hs.tls13.cookie_len); tls13_clienthello_hash_clear(&s->s3->hs.tls13); + tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); + sk_X509_NAME_pop_free(s->s3->hs.tls12.ca_names, X509_NAME_free); sk_X509_pop_free(s->internal->verified_chain, X509_free); @@ -1615,6 +1617,11 @@ ssl3_clear(SSL *s) s->s3->hs.tls13.cookie_len = 0; tls13_clienthello_hash_clear(&s->s3->hs.tls13); + tls_buffer_free(s->s3->hs.tls13.quic_read_buffer); + s->s3->hs.tls13.quic_read_buffer = NULL; + s->s3->hs.tls13.quic_read_level = ssl_encryption_initial; + s->s3->hs.tls13.quic_write_level = ssl_encryption_initial; + s->s3->hs.extensions_seen = 0; rp = s->s3->rbuf.buf; diff --git a/lib/libssl/ssl_locl.h b/lib/libssl/ssl_locl.h index d45983ac1e3..fa3a5f9cfd5 100644 --- a/lib/libssl/ssl_locl.h +++ b/lib/libssl/ssl_locl.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ssl_locl.h,v 1.423 2022/08/21 19:32:38 jsing Exp $ */ +/* $OpenBSD: ssl_locl.h,v 1.424 2022/08/21 19:39:44 jsing Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -580,7 +580,8 @@ typedef struct ssl_handshake_tls13_st { unsigned char *clienthello_hash; unsigned int clienthello_hash_len; - /* QUIC read/write encryption levels. */ + /* QUIC read buffer and read/write encryption levels. */ + struct tls_buffer *quic_read_buffer; enum ssl_encryption_level_t quic_read_level; enum ssl_encryption_level_t quic_write_level; } SSL_HANDSHAKE_TLS13; diff --git a/lib/libssl/tls13_quic.c b/lib/libssl/tls13_quic.c index f58a0b8b287..ceb666ac4c6 100644 --- a/lib/libssl/tls13_quic.c +++ b/lib/libssl/tls13_quic.c @@ -1,4 +1,4 @@ -/* $OpenBSD: tls13_quic.c,v 1.3 2022/08/21 19:18:57 jsing Exp $ */ +/* $OpenBSD: tls13_quic.c,v 1.4 2022/08/21 19:39:44 jsing Exp $ */ /* * Copyright (c) 2022 Joel Sing * @@ -45,16 +45,20 @@ tls13_quic_wire_flush_cb(void *arg) struct tls13_ctx *ctx = arg; SSL *ssl = ctx->ssl; - /* XXX - call flush_flight. */ - SSLerror(ssl, ERR_R_INTERNAL_ERROR); - return TLS13_IO_FAILURE; + if (!ssl->quic_method->flush_flight(ssl)) { + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; + } + + return TLS13_IO_SUCCESS; } static ssize_t tls13_quic_handshake_read_cb(void *buf, size_t n, void *arg) { - /* XXX - read handshake data. */ - return TLS13_IO_FAILURE; + struct tls13_ctx *ctx = arg; + + return tls_buffer_read(ctx->hs->tls13.quic_read_buffer, buf, n); } static ssize_t @@ -63,9 +67,13 @@ tls13_quic_handshake_write_cb(const void *buf, size_t n, void *arg) struct tls13_ctx *ctx = arg; SSL *ssl = ctx->ssl; - /* XXX - call add_handshake_data. */ - SSLerror(ssl, ERR_R_INTERNAL_ERROR); - return TLS13_IO_FAILURE; + if (!ssl->quic_method->add_handshake_data(ssl, + ctx->hs->tls13.quic_write_level, buf, n)) { + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; + } + + return n; } static int @@ -77,8 +85,18 @@ tls13_quic_set_read_traffic_key(struct tls13_secret *read_key, ctx->hs->tls13.quic_read_level = read_level; - /* XXX - call set_read_secret. */ - SSLerror(ssl, ERR_R_INTERNAL_ERROR); + /* Handle both the new (BoringSSL) and old (quictls) APIs. */ + + if (ssl->quic_method->set_read_secret != NULL) + return ssl->quic_method->set_read_secret(ssl, + ctx->hs->tls13.quic_read_level, ctx->hs->cipher, + read_key->data, read_key->len); + + if (ssl->quic_method->set_encryption_secrets != NULL) + return ssl->quic_method->set_encryption_secrets(ssl, + ctx->hs->tls13.quic_read_level, read_key->data, NULL, + read_key->len); + return 0; } @@ -91,8 +109,18 @@ tls13_quic_set_write_traffic_key(struct tls13_secret *write_key, ctx->hs->tls13.quic_write_level = write_level; - /* XXX - call set_write_secret. */ - SSLerror(ssl, ERR_R_INTERNAL_ERROR); + /* Handle both the new (BoringSSL) and old (quictls) APIs. */ + + if (ssl->quic_method->set_write_secret != NULL) + return ssl->quic_method->set_write_secret(ssl, + ctx->hs->tls13.quic_write_level, ctx->hs->cipher, + write_key->data, write_key->len); + + if (ssl->quic_method->set_encryption_secrets != NULL) + return ssl->quic_method->set_encryption_secrets(ssl, + ctx->hs->tls13.quic_write_level, NULL, write_key->data, + write_key->len); + return 0; } @@ -102,9 +130,13 @@ tls13_quic_alert_send_cb(int alert_desc, void *arg) struct tls13_ctx *ctx = arg; SSL *ssl = ctx->ssl; - /* XXX - call send_alert. */ - SSLerror(ssl, ERR_R_INTERNAL_ERROR); - return TLS13_IO_FAILURE; + if (!ssl->quic_method->send_alert(ssl, ctx->hs->tls13.quic_write_level, + alert_desc)) { + SSLerror(ssl, SSL_R_QUIC_INTERNAL_ERROR); + return TLS13_IO_FAILURE; + } + + return TLS13_IO_SUCCESS; } static const struct tls13_record_layer_callbacks quic_rl_callbacks = { -- 2.20.1