Replace use of the Dummy Handshake Layer with the real one

We start using the QUIC TLS implementation rather than the dummy one.

Reviewed-by: Hugo Landau <hlandau@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/19748)

diff --git a/include/internal/quic_channel.h b/include/internal/quic_channel.h
index 31e218cb2fb9038a01c4a848dd849c95a768fa0a..4d96ab63dfd87b229a2209e07914deeeacb9dafb 100644 (file)
--- a/include/internal/quic_channel.h
+++ b/include/internal/quic_channel.h
@@ -59,6 +59,7 @@ typedef struct quic_channel_args_st {
     OSSL_LIB_CTX *libctx;
     const char *propq;
     int is_server;
+    SSL *tls;
 } QUIC_CHANNEL_ARGS;
 
 typedef struct quic_channel_st QUIC_CHANNEL;

diff --git a/include/openssl/tls1.h b/include/openssl/tls1.h
index 0f1b854d42ae8bcbc5b4bf14c0b529462ee68a12..bb9314a9baa852261b7cf7d6c44122f9d54349d2 100644 (file)
--- a/include/openssl/tls1.h
+++ b/include/openssl/tls1.h
@@ -150,6 +150,7 @@ extern "C" {
 # define TLSEXT_TYPE_post_handshake_auth         49
 # define TLSEXT_TYPE_signature_algorithms_cert   50
 # define TLSEXT_TYPE_key_share                   51
+# define TLSEXT_TYPE_quic_transport_parameters   57
 
 /* Temporary extension type */
 # define TLSEXT_TYPE_renegotiate                 0xff01

diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c
index b032e75b7932f63a6891a0e8bdc195a8990190e4..3701d93e1cf2d8afca253b189fad020aa3ac3003 100644 (file)
--- a/ssl/quic/quic_channel.c
+++ b/ssl/quic/quic_channel.c
@@ -101,7 +101,7 @@ static int ch_init(QUIC_CHANNEL *ch)
     OSSL_QUIC_TX_PACKETISER_ARGS txp_args = {0};
     OSSL_QTX_ARGS qtx_args = {0};
     OSSL_QRX_ARGS qrx_args = {0};
-    QUIC_DHS_ARGS dhs_args = {0};
+    QUIC_TLS_ARGS tls_args = {0};
     uint32_t pn_space;
     size_t rx_short_cid_len = ch->is_server ? INIT_DCID_LEN : 0;
 
@@ -233,22 +233,23 @@ static int ch_init(QUIC_CHANNEL *ch)
                              get_time, NULL))
         goto err;
 
-    /* Plug in the dummy handshake layer. */
-    dhs_args.crypto_send_cb             = ch_on_crypto_send;
-    dhs_args.crypto_send_cb_arg         = ch;
-    dhs_args.crypto_recv_cb             = ch_on_crypto_recv;
-    dhs_args.crypto_recv_cb_arg         = ch;
-    dhs_args.yield_secret_cb            = ch_on_handshake_yield_secret;
-    dhs_args.yield_secret_cb_arg        = ch;
-    dhs_args.got_transport_params_cb    = ch_on_transport_params;
-    dhs_args.got_transport_params_cb_arg= ch;
-    dhs_args.handshake_complete_cb      = ch_on_handshake_complete;
-    dhs_args.handshake_complete_cb_arg  = ch;
-    dhs_args.alert_cb                   = ch_on_handshake_alert;
-    dhs_args.alert_cb_arg               = ch;
-    dhs_args.is_server                  = ch->is_server;
-
-    if ((ch->dhs = ossl_quic_dhs_new(&dhs_args)) == NULL)
+    /* Plug in the TLS handshake layer. */
+    tls_args.s                          = ch->tls;
+    tls_args.crypto_send_cb             = ch_on_crypto_send;
+    tls_args.crypto_send_cb_arg         = ch;
+    tls_args.crypto_recv_cb             = ch_on_crypto_recv;
+    tls_args.crypto_recv_cb_arg         = ch;
+    tls_args.yield_secret_cb            = ch_on_handshake_yield_secret;
+    tls_args.yield_secret_cb_arg        = ch;
+    tls_args.got_transport_params_cb    = ch_on_transport_params;
+    tls_args.got_transport_params_cb_arg= ch;
+    tls_args.handshake_complete_cb      = ch_on_handshake_complete;
+    tls_args.handshake_complete_cb_arg  = ch;
+    tls_args.alert_cb                   = ch_on_handshake_alert;
+    tls_args.alert_cb_arg               = ch;
+    tls_args.is_server                  = ch->is_server;
+
+    if ((ch->qtls = ossl_quic_tls_new(&tls_args)) == NULL)
         goto err;
 
     /*
@@ -311,7 +312,7 @@ static void ch_cleanup(QUIC_CHANNEL *ch)
     ossl_qrx_pkt_release(ch->qrx_pkt);
     ch->qrx_pkt = NULL;
 
-    ossl_quic_dhs_free(ch->dhs);
+    ossl_quic_tls_free(ch->qtls);
     ossl_qrx_free(ch->qrx);
     ossl_quic_demux_free(ch->demux);
     OPENSSL_free(ch->local_transport_params);
@@ -327,6 +328,7 @@ QUIC_CHANNEL *ossl_quic_channel_new(const QUIC_CHANNEL_ARGS *args)
     ch->libctx      = args->libctx;
     ch->propq       = args->propq;
     ch->is_server   = args->is_server;
+    ch->tls         = args->tls;
 
     if (!ch_init(ch)) {
         OPENSSL_free(ch);
@@ -1137,7 +1139,7 @@ static int ch_generate_transport_params(QUIC_CHANNEL *ch)
 
     wpkt_valid = 0;
 
-    if (!ossl_quic_dhs_set_transport_params(ch->dhs, ch->local_transport_params,
+    if (!ossl_quic_tls_set_transport_params(ch->qtls, ch->local_transport_params,
                                             buf_len))
         goto err;
 
@@ -1211,7 +1213,7 @@ static void ch_tick(QUIC_TICK_RESULT *res, void *arg)
          * new outgoing data.
          */
         ch->have_new_rx_secret = 0;
-        ossl_quic_dhs_tick(ch->dhs);
+        ossl_quic_tls_tick(ch->qtls);
 
         /*
          * If the handshake layer gave us a new secret, we need to do RX again
@@ -1702,7 +1704,7 @@ int ossl_quic_channel_start(QUIC_CHANNEL *ch)
     ch->doing_proactive_ver_neg = 0; /* not currently supported */
 
     /* Handshake layer: start (e.g. send CH). */
-    if (!ossl_quic_dhs_tick(ch->dhs))
+    if (!ossl_quic_tls_tick(ch->qtls))
         return 0;
 
     ossl_quic_reactor_tick(&ch->rtor); /* best effort */

diff --git a/ssl/quic/quic_channel_local.h b/ssl/quic/quic_channel_local.h
index 53935358435df7beed2b9102708e917880b8382e..2240ad6e20398ee39026afb2c9332bc0ca8debac 100644 (file)
--- a/ssl/quic/quic_channel_local.h
+++ b/ssl/quic/quic_channel_local.h
@@ -57,8 +57,8 @@ struct quic_channel_st {
      * layer; its 'network' side is plugged into the crypto stream for each EL
      * (other than the 0-RTT EL).
      */
-    QUIC_DHS                        *dhs;
-    /* TODO(QUIC): Replace this with a QUIC_TLS instance when ready. */
+    QUIC_TLS                        *qtls;
+    SSL                             *tls;
 
     /*
      * The transport parameter block we will send or have sent.

diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 44e05754d47f84f9c6dfc0c177eaf429d1fd0c10..4331e6412b96bc2ce994ca8a71c9a8d9e00cd71a 100644 (file)
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -12,7 +12,7 @@
 #include <openssl/sslerr.h>
 #include <crypto/rand.h>
 #include "quic_local.h"
-#include "internal/quic_dummy_handshake.h"
+#include "internal/quic_tls.h"
 #include "internal/quic_rx_depack.h"
 #include "internal/quic_error.h"
 #include "internal/time.h"
@@ -590,6 +590,7 @@ static int ensure_channel_and_start(QUIC_CONNECTION *qc)
     args.libctx     = qc->ssl.ctx->libctx;
     args.propq      = qc->ssl.ctx->propq;
     args.is_server  = 0;
+    args.tls        = qc->tls;
 
     qc->ch = ossl_quic_channel_new(&args);
     if (qc->ch == NULL)

diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index ef2fbbed3c54bed8d7596d3db9c2bff2d72994b9..83cce376fb8420afdb1ac448e0180ef30cc9be73 100644 (file)
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -16,7 +16,7 @@
 # include "internal/quic_statm.h"
 # include "internal/quic_demux.h"
 # include "internal/quic_record_rx.h"
-# include "internal/quic_dummy_handshake.h"
+# include "internal/quic_tls.h"
 # include "internal/quic_fc.h"
 # include "internal/quic_stream.h"
 # include "internal/quic_channel.h"