commit 74d96aec812b983a8af1fb0edb5a98ef77f5d8ec
author nharper <nharper@google.com> Thu Feb 27 14:11:52 2020 -0800
committer Copybara-Service <copybara-worker@google.com> Thu Feb 27 14:12:21 2020 -0800
tree 0ad3af4d1545dd563e744e68386689cfdb6f5230
parent 3da9730db2800ad6636e14dbd970813c700d0d46

Prepare for BORINGSSL_API_VERSION change

gfe-relnote: no behavior change
PiperOrigin-RevId: 297684814
Change-Id: Id1acf4704041aa8c970f8dbc07c158cf44498c7d

quic/core/crypto/tls_connection.cc

diff --git a/quic/core/crypto/tls_connection.cc b/quic/core/crypto/tls_connection.cc
index d1931d6..4a36e3a 100644
--- a/quic/core/crypto/tls_connection.cc
+++ b/quic/core/crypto/tls_connection.cc
@@ -108,10 +108,18 @@
       ssl, SslIndexSingleton::GetInstance()->ssl_ex_data_index_connection()));
 }
 
+// TODO(nharper): Once
+// https://boringssl-review.googlesource.com/c/boringssl/+/40127 lands and is
+// rolled into google3, remove the BORINGSSL_API_VERSION check.
 const SSL_QUIC_METHOD TlsConnection::kSslQuicMethod{
-    TlsConnection::SetEncryptionSecretCallback,
-    TlsConnection::WriteMessageCallback, TlsConnection::FlushFlightCallback,
-    TlsConnection::SendAlertCallback};
+#if BORINGSSL_API_VERSION < 10
+  TlsConnection::SetEncryptionSecretCallback,
+#else
+  TlsConnection::SetReadSecretCallback, TlsConnection::SetWriteSecretCallback,
+#endif
+      TlsConnection::WriteMessageCallback, TlsConnection::FlushFlightCallback,
+      TlsConnection::SendAlertCallback
+};
 
 // static
 int TlsConnection::SetEncryptionSecretCallback(
@@ -136,6 +144,39 @@
 }
 
 // static
+int TlsConnection::SetReadSecretCallback(SSL* ssl,
+                                         enum ssl_encryption_level_t level,
+                                         const SSL_CIPHER* cipher,
+                                         const uint8_t* secret,
+                                         size_t secret_length) {
+  // TODO(nharper): replace this vector with a span (which unfortunately doesn't
+  // yet exist in quic/platform/api).
+  std::vector<uint8_t> secret_vec(secret_length);
+  secret_vec.assign(secret, secret + secret_length);
+  TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_;
+  if (!delegate->SetReadSecret(QuicEncryptionLevel(level), cipher,
+                               secret_vec)) {
+    return 0;
+  }
+  return 1;
+}
+
+// static
+int TlsConnection::SetWriteSecretCallback(SSL* ssl,
+                                          enum ssl_encryption_level_t level,
+                                          const SSL_CIPHER* cipher,
+                                          const uint8_t* secret,
+                                          size_t secret_length) {
+  // TODO(nharper): replace this vector with a span (which unfortunately doesn't
+  // yet exist in quic/platform/api).
+  std::vector<uint8_t> secret_vec(secret_length);
+  secret_vec.assign(secret, secret + secret_length);
+  TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_;
+  delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher, secret_vec);
+  return 1;
+}
+
+// static
 int TlsConnection::WriteMessageCallback(SSL* ssl,
                                         enum ssl_encryption_level_t level,
                                         const uint8_t* data,