Prepare for BORINGSSL_API_VERSION change gfe-relnote: no behavior change PiperOrigin-RevId: 297684814 Change-Id: Id1acf4704041aa8c970f8dbc07c158cf44498c7d
diff --git a/quic/core/crypto/tls_connection.cc b/quic/core/crypto/tls_connection.cc index d1931d6..4a36e3a 100644 --- a/quic/core/crypto/tls_connection.cc +++ b/quic/core/crypto/tls_connection.cc
@@ -108,10 +108,18 @@ ssl, SslIndexSingleton::GetInstance()->ssl_ex_data_index_connection())); } +// TODO(nharper): Once +// https://boringssl-review.googlesource.com/c/boringssl/+/40127 lands and is +// rolled into google3, remove the BORINGSSL_API_VERSION check. const SSL_QUIC_METHOD TlsConnection::kSslQuicMethod{ - TlsConnection::SetEncryptionSecretCallback, - TlsConnection::WriteMessageCallback, TlsConnection::FlushFlightCallback, - TlsConnection::SendAlertCallback}; +#if BORINGSSL_API_VERSION < 10 + TlsConnection::SetEncryptionSecretCallback, +#else + TlsConnection::SetReadSecretCallback, TlsConnection::SetWriteSecretCallback, +#endif + TlsConnection::WriteMessageCallback, TlsConnection::FlushFlightCallback, + TlsConnection::SendAlertCallback +}; // static int TlsConnection::SetEncryptionSecretCallback( @@ -136,6 +144,39 @@ } // static +int TlsConnection::SetReadSecretCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const SSL_CIPHER* cipher, + const uint8_t* secret, + size_t secret_length) { + // TODO(nharper): replace this vector with a span (which unfortunately doesn't + // yet exist in quic/platform/api). + std::vector<uint8_t> secret_vec(secret_length); + secret_vec.assign(secret, secret + secret_length); + TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_; + if (!delegate->SetReadSecret(QuicEncryptionLevel(level), cipher, + secret_vec)) { + return 0; + } + return 1; +} + +// static +int TlsConnection::SetWriteSecretCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const SSL_CIPHER* cipher, + const uint8_t* secret, + size_t secret_length) { + // TODO(nharper): replace this vector with a span (which unfortunately doesn't + // yet exist in quic/platform/api). + std::vector<uint8_t> secret_vec(secret_length); + secret_vec.assign(secret, secret + secret_length); + TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_; + delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher, secret_vec); + return 1; +} + +// static int TlsConnection::WriteMessageCallback(SSL* ssl, enum ssl_encryption_level_t level, const uint8_t* data,
diff --git a/quic/core/crypto/tls_connection.h b/quic/core/crypto/tls_connection.h index 912a969..d65f63c 100644 --- a/quic/core/crypto/tls_connection.h +++ b/quic/core/crypto/tls_connection.h
@@ -106,6 +106,16 @@ const uint8_t* read_key, const uint8_t* write_key, size_t key_length); + static int SetReadSecretCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const SSL_CIPHER* cipher, + const uint8_t* secret, + size_t secret_len); + static int SetWriteSecretCallback(SSL* ssl, + enum ssl_encryption_level_t level, + const SSL_CIPHER* cipher, + const uint8_t* secret, + size_t secret_len); static int WriteMessageCallback(SSL* ssl, enum ssl_encryption_level_t level, const uint8_t* data,