Add minimal info callback support for TLSv1.3

As abieber@ found the hard way, some python frameworks (twisted, synapse)
thought it a great idea to use the info callback mechanism (designed to
get state information about SSL objects) to modify state information such
as setting and verifying the SNI.  The switch of TLS_method() to default
to TLSv1.3 broke these contraptions.  Further bits of the info callback
mechanism will likely metastasize throughout the TLSv1.3 stack if we
need them, so we only do what's really necessary now.

Lots of debugging, crucial hint and testing by abieber

input & ok jsing

1 files changed, 10 insertions, 1 deletions

diff --git a/lib/libssl/tls13_handshake.c b/lib/libssl/tls13_handshake.c
index 80ad7c02642..b3cecc77efd 100644
--- a/lib/libssl/tls13_handshake.c
+++ b/lib/libssl/tls13_handshake.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: tls13_handshake.c,v 1.63 2020/06/02 13:57:09 tb Exp $	*/
+/*	$OpenBSD: tls13_handshake.c,v 1.64 2020/07/30 16:23:17 tb Exp $	*/
 /*
  * Copyright (c) 2018-2019 Theo Buehler <tb@openbsd.org>
  * Copyright (c) 2019 Joel Sing <jsing@openbsd.org>
@@ -343,6 +343,12 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
 	const struct tls13_handshake_action *action;
 	int ret;
 
+	if (!ctx->handshake_started) {
+		ctx->handshake_started = 1;
+		if (ctx->info_cb != NULL)
+			ctx->info_cb(ctx, TLS13_INFO_HANDSHAKE_STARTED, 1);
+	}
+
 	for (;;) {
 		if ((action = tls13_handshake_active_action(ctx)) == NULL)
 			return TLS13_IO_FAILURE;
@@ -350,6 +356,9 @@ tls13_handshake_perform(struct tls13_ctx *ctx)
 		if (action->handshake_complete) {
 			ctx->handshake_completed = 1;
 			tls13_record_layer_handshake_completed(ctx->rl);
+			if (ctx->info_cb != NULL)
+				ctx->info_cb(ctx,
+				    TLS13_INFO_HANDSHAKE_COMPLETED, 1);
 			return TLS13_IO_SUCCESS;
 		}