Add GetSslInfo() interface in QuicCryptoStream to expose SSL object in BoringSSL. The interface will be used in Envoy. PiperOrigin-RevId: 400774065
diff --git a/quic/core/http/quic_spdy_session_test.cc b/quic/core/http/quic_spdy_session_test.cc index 89beb70..48f488d 100644 --- a/quic/core/http/quic_spdy_session_test.cc +++ b/quic/core/http/quic_spdy_session_test.cc
@@ -186,6 +186,7 @@ void OnConnectionClosed(QuicErrorCode /*error*/, ConnectionCloseSource /*source*/) override {} + SSL* GetSsl() const override { return nullptr; } private: using QuicCryptoStream::session;
diff --git a/quic/core/http/quic_spdy_stream_test.cc b/quic/core/http/quic_spdy_stream_test.cc index 04343e0..37ed187 100644 --- a/quic/core/http/quic_spdy_stream_test.cc +++ b/quic/core/http/quic_spdy_stream_test.cc
@@ -168,6 +168,8 @@ MOCK_METHOD(bool, HasPendingRetransmission, (), (const, override)); + SSL* GetSsl() const override { return nullptr; } + private: using QuicCryptoStream::session;
diff --git a/quic/core/quic_crypto_client_stream.cc b/quic/core/quic_crypto_client_stream.cc index 78d2f10..27de0b8 100644 --- a/quic/core/quic_crypto_client_stream.cc +++ b/quic/core/quic_crypto_client_stream.cc
@@ -43,11 +43,14 @@ server_id, this, session, std::move(verify_context), crypto_config, proof_handler); break; - case PROTOCOL_TLS1_3: - handshaker_ = std::make_unique<TlsClientHandshaker>( + case PROTOCOL_TLS1_3: { + auto handshaker = std::make_unique<TlsClientHandshaker>( server_id, this, session, std::move(verify_context), crypto_config, proof_handler, has_application_state); + tls_handshaker_ = handshaker.get(); + handshaker_ = std::move(handshaker); break; + } case PROTOCOL_UNSUPPORTED: QUIC_BUG(quic_bug_10296_1) << "Attempting to create QuicCryptoClientStream for unknown " @@ -167,4 +170,8 @@ std::move(application_state)); } +SSL* QuicCryptoClientStream::GetSsl() const { + return tls_handshaker_ == nullptr ? nullptr : tls_handshaker_->ssl(); +} + } // namespace quic
diff --git a/quic/core/quic_crypto_client_stream.h b/quic/core/quic_crypto_client_stream.h index b3d3c2b..e539165 100644 --- a/quic/core/quic_crypto_client_stream.h +++ b/quic/core/quic_crypto_client_stream.h
@@ -25,6 +25,8 @@ class QuicCryptoClientStreamPeer; } // namespace test +class TlsClientHandshaker; + class QUIC_EXPORT_PRIVATE QuicCryptoClientStreamBase : public QuicCryptoStream { public: explicit QuicCryptoClientStreamBase(QuicSession* session); @@ -250,6 +252,7 @@ std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter() override; std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override; + SSL* GetSsl() const override; std::string chlo_hash() const; @@ -261,6 +264,10 @@ private: friend class test::QuicCryptoClientStreamPeer; std::unique_ptr<HandshakerInterface> handshaker_; + // Points to |handshaker_| if it uses TLS1.3. Otherwise, nullptr. + // TODO(danzh) change the type of |handshaker_| to TlsClientHandshaker after + // deprecating Google QUIC. + TlsClientHandshaker* tls_handshaker_{nullptr}; }; } // namespace quic
diff --git a/quic/core/quic_crypto_server_stream.cc b/quic/core/quic_crypto_server_stream.cc index 461c58f..de6cb75 100644 --- a/quic/core/quic_crypto_server_stream.cc +++ b/quic/core/quic_crypto_server_stream.cc
@@ -511,4 +511,6 @@ return session()->connection()->peer_address(); } +SSL* QuicCryptoServerStream::GetSsl() const { return nullptr; } + } // namespace quic
diff --git a/quic/core/quic_crypto_server_stream.h b/quic/core/quic_crypto_server_stream.h index 690e872..bf6f3e5 100644 --- a/quic/core/quic_crypto_server_stream.h +++ b/quic/core/quic_crypto_server_stream.h
@@ -69,6 +69,7 @@ std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter() override; std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override; + SSL* GetSsl() const override; // From QuicCryptoHandshaker void OnHandshakeMessage(const CryptoHandshakeMessage& message) override;
diff --git a/quic/core/quic_crypto_stream.h b/quic/core/quic_crypto_stream.h index 2a86a72..37edc87 100644 --- a/quic/core/quic_crypto_stream.h +++ b/quic/core/quic_crypto_stream.h
@@ -147,6 +147,11 @@ // decrypter returned by AdvanceKeysAndCreateCurrentOneRttDecrypter(). virtual std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() = 0; + // Return the SSL struct object created by BoringSSL if the stream is using + // TLS1.3. Otherwise, return nullptr. + // This method is used in Envoy. + virtual SSL* GetSsl() const = 0; + // Called to cancel retransmission of unencrypted crypto stream data. void NeuterUnencryptedStreamData();
diff --git a/quic/core/quic_crypto_stream_test.cc b/quic/core/quic_crypto_stream_test.cc index 545fdd8..6624a95 100644 --- a/quic/core/quic_crypto_stream_test.cc +++ b/quic/core/quic_crypto_stream_test.cc
@@ -79,6 +79,7 @@ std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override { return nullptr; } + SSL* GetSsl() const override { return nullptr; } private: QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params_;
diff --git a/quic/core/quic_session_test.cc b/quic/core/quic_session_test.cc index 7980256..f87302f 100644 --- a/quic/core/quic_session_test.cc +++ b/quic/core/quic_session_test.cc
@@ -168,6 +168,8 @@ void OnConnectionClosed(QuicErrorCode /*error*/, ConnectionCloseSource /*source*/) override {} + SSL* GetSsl() const override { return nullptr; } + private: using QuicCryptoStream::session;
diff --git a/quic/core/tls_client_handshaker.h b/quic/core/tls_client_handshaker.h index eb39ccf..4e0e3b6 100644 --- a/quic/core/tls_client_handshaker.h +++ b/quic/core/tls_client_handshaker.h
@@ -81,8 +81,9 @@ void AllowEmptyAlpnForTests() { allow_empty_alpn_for_tests_ = true; } void AllowInvalidSNIForTests() { allow_invalid_sni_for_tests_ = true; } - SSL* GetSslForTests() { return tls_connection_.ssl(); } - const SSL* GetSslForTests() const { return tls_connection_.ssl(); } + + // Make the SSL object from BoringSSL publicly accessible. + using TlsHandshaker::ssl; protected: const TlsConnection* tls_connection() const override {
diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc index 7da1f23..3abf0ac 100644 --- a/quic/core/tls_server_handshaker.cc +++ b/quic/core/tls_server_handshaker.cc
@@ -1128,4 +1128,6 @@ return result; } +SSL* TlsServerHandshaker::GetSsl() const { return ssl(); } + } // namespace quic
diff --git a/quic/core/tls_server_handshaker.h b/quic/core/tls_server_handshaker.h index f105676..f2a42ad 100644 --- a/quic/core/tls_server_handshaker.h +++ b/quic/core/tls_server_handshaker.h
@@ -64,6 +64,7 @@ bool ShouldSendExpectCTHeader() const override; bool DidCertMatchSni() const override; const ProofSource::Details* ProofSourceDetails() const override; + SSL* GetSsl() const override; // From QuicCryptoServerStreamBase and TlsHandshaker ssl_early_data_reason_t EarlyDataReason() const override;
diff --git a/quic/test_tools/quic_test_utils.h b/quic/test_tools/quic_test_utils.h index 7053829..6e9db90 100644 --- a/quic/test_tools/quic_test_utils.h +++ b/quic/test_tools/quic_test_utils.h
@@ -844,6 +844,7 @@ std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override { return nullptr; } + SSL* GetSsl() const override { return nullptr; } private: QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> params_;