From: Matt Caswell Date: Wed, 23 Nov 2022 16:20:14 +0000 (+0000) Subject: Remove the old Dummy Handshake code X-Git-Tag: openssl-3.2.0-alpha1~1388 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c28f1a8bb9ccfecb76bcf3b7987e2a526b427bca;p=thirdparty%2Fopenssl.git Remove the old Dummy Handshake code Now that we have a real TLS handshake we no longer need the dummy handshake implementation and it can be removed. Reviewed-by: Hugo Landau Reviewed-by: Tomas Mraz (Merged from https://github.com/openssl/openssl/pull/19748) --- diff --git a/include/internal/quic_dummy_handshake.h b/include/internal/quic_dummy_handshake.h deleted file mode 100644 index 9c001e9b71d..00000000000 --- a/include/internal/quic_dummy_handshake.h +++ /dev/null @@ -1,133 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#ifndef OSSL_QUIC_DUMMY_HANDSHAKE_H -# define OSSL_QUIC_DUMMY_HANDSHAKE_H - -# include -# include "internal/quic_stream.h" - -# ifndef OPENSSL_NO_QUIC - -/* - * QUIC Dummy Handshake Module - * =========================== - * - * This implements a fake "handshake layer" for QUIC to be used for testing - * purposes until the real handshake layer is ready. - * - * Each message is of the following form, which reuses the TLS 1.3 framing: - * - * 1 ui Type - * 3 ui Length - * ... Data - * - * The following message types are implemented, which use values from the TLS - * HandshakeType registry. Most of them have no body data, except for messages - * which transport QUIC Transport Parameters. - * - * 0x01 Psuedo-ClientHello - * (QUIC Transport Parameters) - * 0x02 Pseudo-ServerHello - * (no data) - * 0x08 Pseudo-EncryptedExtensions - * (QUIC Transport Parameters) - * 0x0B Pseudo-Certificate - * (no data) - * 0x0F Pseudo-CertificateVerify - * (no data) - * 0x14 Pseudo-Finished - * (no data) - * - */ -typedef struct quic_dhs_st QUIC_DHS; - -typedef struct quic_dhs_args_st { - /* - * Called to send data on the crypto stream. We use a callback rather than - * passing the crypto stream QUIC_SSTREAM directly because this lets the CSM - * dynamically select the correct outgoing crypto stream based on the - * current EL. - */ - int (*crypto_send_cb)(const unsigned char *buf, size_t buf_len, - size_t *consumed, void *arg); - void *crypto_send_cb_arg; - int (*crypto_recv_cb)(unsigned char *buf, size_t buf_len, - size_t *bytes_read, void *arg); - void *crypto_recv_cb_arg; - - /* Called when a traffic secret is available for a given encryption level. */ - int (*yield_secret_cb)(uint32_t enc_level, int direction /* 0=RX, 1=TX */, - uint32_t suite_id, EVP_MD *md, - const unsigned char *secret, size_t secret_len, - void *arg); - void *yield_secret_cb_arg; - - /* - * Called when we receive transport parameters from the peer. - * - * Note: These parameters are not authenticated until the handshake is - * marked as completed. - */ - int (*got_transport_params_cb)(const unsigned char *params, - size_t params_len, - void *arg); - void *got_transport_params_cb_arg; - - /* - * Called when the handshake has been completed as far as the handshake - * protocol is concerned, meaning that the connection has been - * authenticated. - */ - int (*handshake_complete_cb)(void *arg); - void *handshake_complete_cb_arg; - - /* - * Called when something has gone wrong with the connection as far as the - * handshake layer is concerned, meaning that it should be immediately torn - * down. Note that this may happen at any time, including after a connection - * has been fully established. - */ - int (*alert_cb)(void *arg, unsigned char alert_code); - void *alert_cb_arg; - - /* Set to 1 if we are running in the server role. */ - int is_server; -} QUIC_DHS_ARGS; - -QUIC_DHS *ossl_quic_dhs_new(const QUIC_DHS_ARGS *args); - -void ossl_quic_dhs_free(QUIC_DHS *dhs); - -/* - * Advance the state machine. The DHS considers the receive stream and produces - * output on the send stream. Note that after a connection is established this - * is unlikely to ever produce any more output, but the handshake layer - * nonetheless reserves the right to and it should continue being called - * regularly. (When a real handshake layer is used, TLS 1.3 might e.g. produce a - * new session ticket; or it might decide to spontaneously produce an alert, - * however unlikely.) - */ -int ossl_quic_dhs_tick(QUIC_DHS *dhs); - -/* - * Set the transport parameters buffer. The lifetime of the buffer must last - * until either the DHS is freed or the handshake complete callback is called. - * This must be called before the transport parameters are needed by the DHS. - * For a client, this means before ossl_quic_dhs_tick() is first called; for a - * server, this should generally be immediately after the - * got_transport_params_cb callback is called. - */ -int ossl_quic_dhs_set_transport_params(QUIC_DHS *dhs, - const unsigned char *transport_params, - size_t transport_params_len); - -# endif - -#endif diff --git a/ssl/quic/build.info b/ssl/quic/build.info index f8011a4bf7c..79aa00dbba0 100644 --- a/ssl/quic/build.info +++ b/ssl/quic/build.info @@ -8,7 +8,6 @@ SOURCE[$LIBSSL]=quic_fc.c uint_set.c SOURCE[$LIBSSL]=quic_cfq.c quic_txpim.c quic_fifd.c quic_txp.c SOURCE[$LIBSSL]=quic_stream_map.c SOURCE[$LIBSSL]=quic_sf_list.c quic_rstream.c quic_sstream.c -SOURCE[$LIBSSL]=quic_dummy_handshake.c SOURCE[$LIBSSL]=quic_reactor.c SOURCE[$LIBSSL]=quic_channel.c SOURCE[$LIBSSL]=quic_tserver.c diff --git a/ssl/quic/quic_dummy_handshake.c b/ssl/quic/quic_dummy_handshake.c deleted file mode 100644 index 9c37db98b25..00000000000 --- a/ssl/quic/quic_dummy_handshake.c +++ /dev/null @@ -1,575 +0,0 @@ -/* - * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. - * - * Licensed under the Apache License 2.0 (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html - */ - -#include -#include -#include "internal/quic_dummy_handshake.h" - -#define QUIC_DHS_MSG_TYPE_CH 0x01 -#define QUIC_DHS_MSG_TYPE_SH 0x02 -#define QUIC_DHS_MSG_TYPE_EE 0x08 -#define QUIC_DHS_MSG_TYPE_CERT 0x0B -#define QUIC_DHS_MSG_TYPE_CERT_VERIFY 0x0F -#define QUIC_DHS_MSG_TYPE_FINISHED 0x14 - -#define QUIC_DHS_CLIENT_STATE_INITIAL 0x00 -#define QUIC_DHS_CLIENT_STATE_SENT_CH 0x01 -#define QUIC_DHS_CLIENT_STATE_RECEIVED_SH 0x02 -#define QUIC_DHS_CLIENT_STATE_RECEIVED_EE_HDR 0x08 -#define QUIC_DHS_CLIENT_STATE_RECEIVED_EE 0x03 -#define QUIC_DHS_CLIENT_STATE_RECEIVED_CERT 0x04 -#define QUIC_DHS_CLIENT_STATE_RECEIVED_CERT_VERIFY 0x05 -#define QUIC_DHS_CLIENT_STATE_RECEIVED_FINISHED 0x06 -#define QUIC_DHS_CLIENT_STATE_SENT_FINISHED 0x07 -#define QUIC_DHS_CLIENT_STATE_ERROR 0xFF - -#define QUIC_DHS_SERVER_STATE_INITIAL 0x00 -#define QUIC_DHS_SERVER_STATE_RECEIVED_CH_HDR 0x01 -#define QUIC_DHS_SERVER_STATE_RECEIVED_CH 0x02 -#define QUIC_DHS_SERVER_STATE_SENT_SH 0x03 -#define QUIC_DHS_SERVER_STATE_SENT_EE 0x04 -#define QUIC_DHS_SERVER_STATE_SENT_CERT 0x05 -#define QUIC_DHS_SERVER_STATE_SENT_CERT_VERIFY 0x06 -#define QUIC_DHS_SERVER_STATE_SENT_FINISHED 0x07 -#define QUIC_DHS_SERVER_STATE_RECEIVED_FINISHED 0x08 -#define QUIC_DHS_SERVER_STATE_ERROR 0xFF - -struct quic_dhs_st { - QUIC_DHS_ARGS args; - unsigned char state; - unsigned char *remote_transport_params; - size_t remote_transport_params_len; - const unsigned char *local_transport_params; - size_t local_transport_params_len; - unsigned char rx_hdr[4]; - size_t rx_hdr_bytes_read; - size_t rx_bytes_read; -}; - -QUIC_DHS *ossl_quic_dhs_new(const QUIC_DHS_ARGS *args) -{ - QUIC_DHS *dhs; - - if (args->crypto_send_cb == NULL - || args->crypto_recv_cb == NULL) - return NULL; - - dhs = OPENSSL_zalloc(sizeof(*dhs)); - if (dhs == NULL) - return NULL; - - dhs->args = *args; - return dhs; -} - -void ossl_quic_dhs_free(QUIC_DHS *dhs) -{ - if (dhs == NULL) - return; - - OPENSSL_free(dhs->remote_transport_params); - OPENSSL_free(dhs); -} - -/* Send a handshake message. */ -static int dhs_send(QUIC_DHS *dhs, unsigned char type, - const void *buf, size_t buf_len) -{ - size_t consumed = 0; - uint32_t len; - unsigned char hdr[4]; - - len = buf_len; - hdr[0] = type; - hdr[1] = (len >> 16) & 0xFF; - hdr[2] = (len >> 8) & 0xFF; - hdr[3] = (len ) & 0xFF; - - if (!dhs->args.crypto_send_cb(hdr, sizeof(hdr), &consumed, - dhs->args.crypto_send_cb_arg) - || consumed < sizeof(hdr) - || (buf_len > 0 && (!dhs->args.crypto_send_cb(buf, buf_len, &consumed, - dhs->args.crypto_send_cb_arg) - || consumed < buf_len))) - /* - * We do not handle a full buffer here properly but the DHS produces so - * little data this should not matter. By the time we want to fix this - * the real handshake layer will be ready. - */ - return 0; - - return 1; -} - -/* - * Receive header of a handshake message. Length of body is written to - * *frame_len, and if non-zero this call should be followed by one or more calls - * to dhs_recv_body. - */ -static int dhs_recv_sof(QUIC_DHS *dhs, uint32_t *type, size_t *frame_len) -{ - size_t bytes_read = 0; - uint32_t l; - - if (!dhs->args.crypto_recv_cb(dhs->rx_hdr + dhs->rx_hdr_bytes_read, - sizeof(dhs->rx_hdr) - dhs->rx_hdr_bytes_read, - &bytes_read, - dhs->args.crypto_recv_cb_arg)) - return 0; - - dhs->rx_hdr_bytes_read += bytes_read; - if (dhs->rx_hdr_bytes_read < sizeof(dhs->rx_hdr)) { - /* Not got entire header yet. */ - *type = UINT32_MAX; - *frame_len = 0; - return 2; - } - - l = (((uint32_t)dhs->rx_hdr[1]) << 16) - | (((uint32_t)dhs->rx_hdr[2]) << 8) - | (uint32_t)dhs->rx_hdr[3]; - - if (l > SIZE_MAX) - return 0; - - *type = dhs->rx_hdr[0]; - *frame_len = (size_t)l; - - dhs->rx_hdr_bytes_read = 0; - return 1; -} - -/* Receive the body of an incoming message, or part thereof. */ -static int dhs_recv_body(QUIC_DHS *dhs, unsigned char *buf, size_t buf_len, - size_t *bytes_read) -{ - if (!dhs->args.crypto_recv_cb(buf, buf_len, bytes_read, - dhs->args.crypto_recv_cb_arg)) - return 0; - - if (*bytes_read == 0) - return 2; - - return 1; -} - -static const unsigned char default_handshake_read[32] = {42, 2}; -static const unsigned char default_handshake_write[32] = {42, 1}; -static const unsigned char default_1rtt_read[32] = {43, 2}; -static const unsigned char default_1rtt_write[32] = {43, 1}; - -int ossl_quic_dhs_set_transport_params(QUIC_DHS *dhs, const unsigned char *transport_params, - size_t transport_params_len) -{ - if (!dhs->args.is_server && dhs->state != QUIC_DHS_CLIENT_STATE_INITIAL) - return 0; - - dhs->local_transport_params = transport_params; - dhs->local_transport_params_len = transport_params_len; - return 1; -} - -/* Tick implementation for the client role. */ -static int dhs_tick_client(QUIC_DHS *dhs) -{ - int ret; - uint32_t type; - size_t frame_len, bytes_read = 0; - - for (;;) { - switch (dhs->state) { - case QUIC_DHS_CLIENT_STATE_INITIAL: - /* We need to send a CH */ - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_CH, - dhs->local_transport_params, - dhs->local_transport_params_len)) - return 0; - - dhs->state = QUIC_DHS_CLIENT_STATE_SENT_CH; - break; - - case QUIC_DHS_CLIENT_STATE_SENT_CH: - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_SH && frame_len == 0) { - dhs->state = QUIC_DHS_CLIENT_STATE_RECEIVED_SH; - - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_HANDSHAKE, - /*TX=*/0, - QRL_SUITE_AES128GCM, - NULL, - default_handshake_read, - sizeof(default_handshake_read), - dhs->args.yield_secret_cb_arg)) { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; - } - - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_HANDSHAKE, - /*TX=*/1, - QRL_SUITE_AES128GCM, - NULL, - default_handshake_write, - sizeof(default_handshake_write), - dhs->args.yield_secret_cb_arg)) { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; - } - - } else { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_CLIENT_STATE_RECEIVED_SH: - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_EE) { - dhs->state = QUIC_DHS_CLIENT_STATE_RECEIVED_EE_HDR; - dhs->rx_bytes_read = 0; - dhs->remote_transport_params_len = frame_len; - dhs->remote_transport_params - = OPENSSL_malloc(dhs->remote_transport_params_len); - if (dhs->remote_transport_params == NULL) - return 0; - } else { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_CLIENT_STATE_RECEIVED_EE_HDR: - ret = dhs_recv_body(dhs, dhs->remote_transport_params + dhs->rx_bytes_read, - dhs->remote_transport_params_len - dhs->rx_bytes_read, - &bytes_read); - if (ret == 1) { - dhs->rx_bytes_read += bytes_read; - if (bytes_read == dhs->remote_transport_params_len) { - if (!dhs->args.got_transport_params_cb(dhs->remote_transport_params, - dhs->remote_transport_params_len, - dhs->args.got_transport_params_cb_arg)) { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; - } - - dhs->state = QUIC_DHS_CLIENT_STATE_RECEIVED_EE; - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_CLIENT_STATE_RECEIVED_EE: - /* Expect Cert */ - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_CERT && frame_len == 0) { - dhs->state = QUIC_DHS_CLIENT_STATE_RECEIVED_CERT; - } else { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_CLIENT_STATE_RECEIVED_CERT: - /* Expect CertVerify */ - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_CERT_VERIFY && frame_len == 0) { - dhs->state = QUIC_DHS_CLIENT_STATE_RECEIVED_CERT_VERIFY; - } else { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_CLIENT_STATE_RECEIVED_CERT_VERIFY: - /* Expect Finished */ - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_FINISHED && frame_len == 0) { - dhs->state = QUIC_DHS_CLIENT_STATE_RECEIVED_FINISHED; - } else { - dhs->state = QUIC_DHS_CLIENT_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_CLIENT_STATE_RECEIVED_FINISHED: - /* Send Finished */ - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_FINISHED, NULL, 0)) - return 0; - - dhs->state = QUIC_DHS_CLIENT_STATE_SENT_FINISHED; - - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_1RTT, - /*TX=*/0, - QRL_SUITE_AES128GCM, - NULL, - default_1rtt_read, - sizeof(default_1rtt_read), - dhs->args.yield_secret_cb_arg)) - return 0; - - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_1RTT, - /*TX=*/1, - QRL_SUITE_AES128GCM, - NULL, - default_1rtt_write, - sizeof(default_1rtt_write), - dhs->args.yield_secret_cb_arg)) - return 0; - - if (!dhs->args.handshake_complete_cb(dhs->args.handshake_complete_cb_arg)) - return 0; - - dhs->local_transport_params = NULL; - dhs->local_transport_params_len = 0; - break; - - case QUIC_DHS_CLIENT_STATE_SENT_FINISHED: - /* Nothing to do, handshake complete. */ - return 1; - - default: - return 0; /* error state */ - } - } - - return 1; -} - -/* Tick implementation for the server role. */ -static int dhs_tick_server(QUIC_DHS *dhs) -{ - int ret; - uint32_t type; - size_t frame_len, bytes_read = 0; - - for (;;) { - switch (dhs->state) { - case QUIC_DHS_SERVER_STATE_INITIAL: - /* Waiting for ClientHello message */ - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_CH && frame_len > 0) { - dhs->state = QUIC_DHS_SERVER_STATE_RECEIVED_CH_HDR; - dhs->rx_bytes_read = 0; - dhs->remote_transport_params_len = frame_len; - dhs->remote_transport_params - = OPENSSL_malloc(dhs->remote_transport_params_len); - - if (dhs->remote_transport_params == NULL) - return 0; - - } else { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - - break; - - case QUIC_DHS_SERVER_STATE_RECEIVED_CH_HDR: - ret = dhs_recv_body(dhs, dhs->remote_transport_params + dhs->rx_bytes_read, - dhs->remote_transport_params_len - dhs->rx_bytes_read, - &bytes_read); - if (ret == 1) { - dhs->rx_bytes_read += bytes_read; - if (dhs->rx_bytes_read == dhs->remote_transport_params_len) { - if (!dhs->args.got_transport_params_cb(dhs->remote_transport_params, - dhs->remote_transport_params_len, - dhs->args.got_transport_params_cb_arg)) { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; - } - - dhs->state = QUIC_DHS_SERVER_STATE_RECEIVED_CH; - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_SERVER_STATE_RECEIVED_CH: - /* We need to send a ServerHello message */ - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_SH, NULL, 0)) - return 0; - - /* - * Our send function automatically sends at the highest - * available EL so we need to do this after sending the SH. - */ - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_HANDSHAKE, - /* (Keys reversed - server) */ - /*TX=*/0, - QRL_SUITE_AES128GCM, - NULL, - default_handshake_write, - sizeof(default_handshake_write), - dhs->args.yield_secret_cb_arg)) { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; - } - - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_HANDSHAKE, - /* (Keys reversed - server) */ - /*TX=*/1, - QRL_SUITE_AES128GCM, - NULL, - default_handshake_read, - sizeof(default_handshake_read), - dhs->args.yield_secret_cb_arg)) { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; - } - - dhs->state = QUIC_DHS_SERVER_STATE_SENT_SH; - break; - - case QUIC_DHS_SERVER_STATE_SENT_SH: - /* We need to send an EncryptedExtensions message */ - if (dhs->local_transport_params == NULL - || dhs->local_transport_params_len == 0) - return 0; - - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_EE, - dhs->local_transport_params, - dhs->local_transport_params_len)) - return 0; - - dhs->local_transport_params = NULL; - dhs->local_transport_params_len = 0; - - dhs->state = QUIC_DHS_SERVER_STATE_SENT_EE; - break; - - case QUIC_DHS_SERVER_STATE_SENT_EE: - /* We need to send a Certificate message */ - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_CERT, NULL, 0)) - return 0; - - dhs->state = QUIC_DHS_SERVER_STATE_SENT_CERT; - break; - - case QUIC_DHS_SERVER_STATE_SENT_CERT: - /* We need to send a CertificateVerify message */ - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_CERT_VERIFY, NULL, 0)) - return 0; - - dhs->state = QUIC_DHS_SERVER_STATE_SENT_CERT_VERIFY; - break; - - case QUIC_DHS_SERVER_STATE_SENT_CERT_VERIFY: - /* We need to send a Finished message */ - if (!dhs_send(dhs, QUIC_DHS_MSG_TYPE_FINISHED, NULL, 0)) - return 0; - - dhs->state = QUIC_DHS_SERVER_STATE_SENT_FINISHED; - break; - - case QUIC_DHS_SERVER_STATE_SENT_FINISHED: - /* We are waiting for a Finished message. */ - ret = dhs_recv_sof(dhs, &type, &frame_len); - if (ret == 1) { - if (type == QUIC_DHS_MSG_TYPE_FINISHED && frame_len == 0) { - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_1RTT, - /* (Keys reversed - server) */ - /*TX=*/0, - QRL_SUITE_AES128GCM, - NULL, - default_1rtt_write, - sizeof(default_1rtt_write), - dhs->args.yield_secret_cb_arg)) { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; - } - - if (!dhs->args.yield_secret_cb(QUIC_ENC_LEVEL_1RTT, - /* (Keys reversed - server) */ - /*TX=*/1, - QRL_SUITE_AES128GCM, - NULL, - default_1rtt_read, - sizeof(default_1rtt_read), - dhs->args.yield_secret_cb_arg)) { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; - } - - if (!dhs->args.handshake_complete_cb(dhs->args.handshake_complete_cb_arg)) { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; - } - - dhs->state = QUIC_DHS_SERVER_STATE_RECEIVED_FINISHED; - } else { - dhs->state = QUIC_DHS_SERVER_STATE_ERROR; - return 0; /* error state, unexpected type */ - } - } else if (ret == 2) { - return 1; /* no more data yet, not an error */ - } else { - return 0; - } - break; - - case QUIC_DHS_SERVER_STATE_RECEIVED_FINISHED: - /* Nothing to do, handshake complete. */ - return 1; - - default: - return 0; /* error state */ - } - } - - return 1; -} - -int ossl_quic_dhs_tick(QUIC_DHS *dhs) -{ - if (dhs->args.is_server) - return dhs_tick_server(dhs); - else - return dhs_tick_client(dhs); -}