Google Git
Sign in
fuchsia / third_party / rust-mirrors / quiche / refs/heads/upstream/evanrittenhouse/expose_tls_handshake^! / .
commit0d23d7904185fdebe4970eb9a3e454341ffb01a1[log] [tgz]
authorEvan Rittenhouse <erittenhouse@cloudflare.com>Wed Jan 03 08:32:04 2024 -0600
committerEvan Rittenhouse <erittenhouse@cloudflare.com>Thu Jan 04 11:20:25 2024 -0600
tree96b3e145580d584840c0aeb844f429822dce0bbe
parentd4e5ed6affb35fdeba10731eaaa08b0c84965901 [diff]
lib: expose machinery for async TLS callbacks

This PR makes it possible for an application to use async TLS callbacks.
If that is the case, the application should drive the callback forward
by repeatedly calling quiche::Connection.do_handshake().

This PR introduces a new quiche::Error variant, TlsRetry, which
signifies that there is more work to be done on the local side. This
differs from Error::Done in that Done represents the state where there
is no more work to do, and thus the application should wait for some
response from the remote. This lacks requisite detail for async
callbacks; the application using said callbacks must be able to
poll a future and block while the callback completes, but not block when
it has to receive data from the remote.

diff --git a/quiche/src/lib.rs b/quiche/src/lib.rs
index c0286e4..e079bb1 100644
--- a/quiche/src/lib.rs
+++ b/quiche/src/lib.rs

@@ -567,6 +567,11 @@
 
     /// Error in key update.
     KeyUpdate,
+
+    /// Need to call a TLS operation again from the local side, without waiting
+    /// on data from the peer. Helpful when using asynchronous SSL
+    /// callbacks.
+    TlsRetry,
 }
 
 impl Error {
@@ -606,6 +611,7 @@
             Error::IdLimit => -17,
             Error::OutOfIdentifiers => -18,
             Error::KeyUpdate => -19,
+            Error::TlsRetry => -20,
         }
     }
 }
@@ -2186,6 +2192,8 @@
                     left
                 },
 
+                Err(Error::TlsRetry) => left,
+
                 Err(e) => {
                     // In case of error processing the incoming packet, close
                     // the connection.
@@ -6433,7 +6441,7 @@
     /// Continues the handshake.
     ///
     /// If the connection is already established, it does nothing.
-    fn do_handshake(&mut self, now: time::Instant) -> Result<()> {
+    pub fn do_handshake(&mut self, now: time::Instant) -> Result<()> {
         let mut ex_data = tls::ExData {
             application_protos: &self.application_protos,
 

diff --git a/quiche/src/tls.rs b/quiche/src/tls.rs
index 33add4c..3e27a84 100644
--- a/quiche/src/tls.rs
+++ b/quiche/src/tls.rs

@@ -851,22 +851,22 @@
                     3 => Err(Error::Done),
 
                     // SSL_ERROR_WANT_X509_LOOKUP
-                    4 => Err(Error::Done),
+                    4 => Err(Error::TlsRetry),
 
                     // SSL_ERROR_SYSCALL
                     5 => Err(Error::TlsFail),
 
                     // SSL_ERROR_PENDING_SESSION
-                    11 => Err(Error::Done),
+                    11 => Err(Error::TlsRetry),
 
                     // SSL_ERROR_PENDING_CERTIFICATE
-                    12 => Err(Error::Done),
+                    12 => Err(Error::TlsRetry),
 
                     // SSL_ERROR_WANT_PRIVATE_KEY_OPERATION
-                    13 => Err(Error::Done),
+                    13 => Err(Error::TlsRetry),
 
                     // SSL_ERROR_PENDING_TICKET
-                    14 => Err(Error::Done),
+                    14 => Err(Error::TlsRetry),
 
                     // SSL_ERROR_EARLY_DATA_REJECTED
                     15 => {
@@ -875,7 +875,7 @@
                     },
 
                     // SSL_ERROR_WANT_CERTIFICATE_VERIFY
-                    16 => Err(Error::Done),
+                    16 => Err(Error::TlsRetry),
 
                     _ => Err(Error::TlsFail),
                 }