]>
Commit | Line | Data |
---|---|---|
99e1cc7b TM |
1 | /* |
2 | * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved. | |
3 | * | |
4 | * Licensed under the Apache License 2.0 (the "License"). You may not use | |
5 | * this file except in compliance with the License. You can obtain a copy | |
6 | * in the file LICENSE in the source distribution or at | |
7 | * https://www.openssl.org/source/license.html | |
8 | */ | |
9 | ||
10 | #include <openssl/macros.h> | |
11 | #include <openssl/objects.h> | |
12 | #include "quic_local.h" | |
13 | ||
38b051a1 TM |
14 | SSL *ossl_quic_new(SSL_CTX *ctx) |
15 | { | |
16 | QUIC_CONNECTION *qc; | |
17 | SSL *ssl = NULL; | |
18 | SSL_CONNECTION *sc; | |
19 | ||
20 | qc = OPENSSL_zalloc(sizeof(*qc)); | |
21 | if (qc == NULL) | |
22 | goto err; | |
23 | ||
a17c713a | 24 | ssl = &qc->stream.ssl; |
38b051a1 TM |
25 | if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) { |
26 | OPENSSL_free(qc); | |
27 | ssl = NULL; | |
28 | goto err; | |
29 | } | |
30 | qc->tls = ossl_ssl_connection_new(ctx); | |
31 | if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL) | |
32 | goto err; | |
33 | /* override the user_ssl of the inner connection */ | |
34 | sc->user_ssl = ssl; | |
35 | ||
36 | /* We'll need to set proper TLS method on qc->tls here */ | |
37 | return ssl; | |
38 | err: | |
39 | ossl_quic_free(ssl); | |
40 | return NULL; | |
41 | } | |
42 | ||
43 | int ossl_quic_init(SSL *s) | |
99e1cc7b TM |
44 | { |
45 | return s->method->ssl_clear(s); | |
46 | } | |
47 | ||
38b051a1 TM |
48 | void ossl_quic_deinit(SSL *s) |
49 | { | |
50 | return; | |
51 | } | |
52 | ||
99e1cc7b TM |
53 | void ossl_quic_free(SSL *s) |
54 | { | |
38b051a1 TM |
55 | QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s); |
56 | ||
57 | if (qc == NULL) { | |
a17c713a | 58 | /* TODO(QUIC): Temporarily needed to release the inner tls object */ |
38b051a1 TM |
59 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
60 | ||
61 | if (sc != NULL) | |
62 | ossl_ssl_connection_free(s); | |
63 | return; | |
64 | } | |
65 | ||
66 | SSL_free(qc->tls); | |
99e1cc7b TM |
67 | return; |
68 | } | |
69 | ||
38b051a1 TM |
70 | int ossl_quic_reset(SSL *s) |
71 | { | |
72 | QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s); | |
73 | ||
74 | if (qc == NULL) { | |
a17c713a | 75 | /* TODO(QUIC): Temporarily needed to reset the inner tls object */ |
38b051a1 TM |
76 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s); |
77 | ||
78 | return sc != NULL ? ossl_ssl_connection_reset(s) : 0; | |
79 | } | |
80 | ||
81 | return ossl_ssl_connection_reset(qc->tls); | |
82 | } | |
83 | ||
99e1cc7b TM |
84 | int ossl_quic_clear(SSL *s) |
85 | { | |
86 | return 1; | |
87 | } | |
88 | ||
e44795bd | 89 | int ossl_quic_accept(SSL *s) |
99e1cc7b | 90 | { |
38b051a1 TM |
91 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); |
92 | ||
93 | if (sc == NULL) | |
94 | return 0; | |
95 | ||
bfc0f10d | 96 | ossl_statem_set_in_init(sc, 0); |
99e1cc7b TM |
97 | return 1; |
98 | } | |
99 | ||
e44795bd | 100 | int ossl_quic_connect(SSL *s) |
99e1cc7b | 101 | { |
38b051a1 TM |
102 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); |
103 | ||
104 | if (sc == NULL) | |
105 | return 0; | |
106 | ||
bfc0f10d | 107 | ossl_statem_set_in_init(sc, 0); |
99e1cc7b TM |
108 | return 1; |
109 | } | |
110 | ||
e44795bd | 111 | int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes) |
99e1cc7b | 112 | { |
08e49012 | 113 | int ret; |
e44795bd | 114 | BIO *rbio = SSL_get_rbio(s); |
38b051a1 | 115 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); |
e44795bd | 116 | |
38b051a1 | 117 | if (sc == NULL || rbio == NULL) |
e44795bd TM |
118 | return 0; |
119 | ||
38b051a1 | 120 | sc->rwstate = SSL_READING; |
08e49012 TM |
121 | ret = BIO_read_ex(rbio, buf, len, readbytes); |
122 | if (ret > 0 || !BIO_should_retry(rbio)) | |
38b051a1 | 123 | sc->rwstate = SSL_NOTHING; |
08e49012 | 124 | return ret <= 0 ? -1 : ret; |
99e1cc7b TM |
125 | } |
126 | ||
e44795bd | 127 | int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes) |
99e1cc7b | 128 | { |
08e49012 | 129 | return -1; |
99e1cc7b TM |
130 | } |
131 | ||
e44795bd | 132 | int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written) |
99e1cc7b | 133 | { |
e44795bd | 134 | BIO *wbio = SSL_get_wbio(s); |
08e49012 | 135 | int ret; |
38b051a1 | 136 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); |
e44795bd | 137 | |
38b051a1 | 138 | if (sc == NULL || wbio == NULL) |
e44795bd TM |
139 | return 0; |
140 | ||
38b051a1 | 141 | sc->rwstate = SSL_WRITING; |
08e49012 TM |
142 | ret = BIO_write_ex(wbio, buf, len, written); |
143 | if (ret > 0 || !BIO_should_retry(wbio)) | |
38b051a1 | 144 | sc->rwstate = SSL_NOTHING; |
08e49012 | 145 | return ret; |
99e1cc7b TM |
146 | } |
147 | ||
e44795bd | 148 | int ossl_quic_shutdown(SSL *s) |
99e1cc7b TM |
149 | { |
150 | return 1; | |
151 | } | |
152 | ||
e44795bd | 153 | long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) |
99e1cc7b | 154 | { |
38b051a1 TM |
155 | SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s); |
156 | ||
157 | if (sc == NULL) | |
158 | return 0; | |
159 | ||
08e49012 TM |
160 | switch(cmd) { |
161 | case SSL_CTRL_CHAIN: | |
162 | if (larg) | |
38b051a1 | 163 | return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg); |
08e49012 | 164 | else |
38b051a1 | 165 | return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg); |
08e49012 | 166 | } |
99e1cc7b TM |
167 | return 0; |
168 | } | |
169 | ||
08e49012 | 170 | long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) |
99e1cc7b | 171 | { |
08e49012 TM |
172 | switch(cmd) { |
173 | case SSL_CTRL_CHAIN: | |
174 | if (larg) | |
175 | return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg); | |
176 | else | |
177 | return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg); | |
178 | ||
179 | case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: | |
180 | case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: | |
181 | /* TODO(QUIC): these will have to be implemented properly */ | |
182 | return 1; | |
183 | } | |
99e1cc7b TM |
184 | return 0; |
185 | } | |
186 | ||
e44795bd | 187 | long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) |
99e1cc7b TM |
188 | { |
189 | return 0; | |
190 | } | |
191 | ||
08e49012 | 192 | long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) |
99e1cc7b TM |
193 | { |
194 | return 0; | |
195 | } | |
196 | ||
e44795bd | 197 | size_t ossl_quic_pending(const SSL *s) |
99e1cc7b TM |
198 | { |
199 | return 0; | |
200 | } | |
e44795bd | 201 | |
f0131dc0 | 202 | OSSL_TIME ossl_quic_default_timeout(void) |
e44795bd | 203 | { |
f0131dc0 | 204 | return ossl_time_zero(); |
e44795bd TM |
205 | } |
206 | ||
207 | int ossl_quic_num_ciphers(void) | |
208 | { | |
209 | return 1; | |
210 | } | |
211 | ||
212 | const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u) | |
213 | { | |
08e49012 TM |
214 | /* |
215 | * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT"); | |
216 | * produces at least one valid TLS-1.2 cipher. | |
217 | * Later we should allow that there are none with QUIC protocol as | |
218 | * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL. | |
219 | */ | |
220 | static const SSL_CIPHER ciph = { | |
221 | 1, | |
222 | TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | |
223 | TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | |
224 | TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, | |
225 | SSL_kECDHE, | |
226 | SSL_aRSA, | |
227 | SSL_AES256GCM, | |
228 | SSL_AEAD, | |
229 | TLS1_2_VERSION, TLS1_2_VERSION, | |
230 | DTLS1_2_VERSION, DTLS1_2_VERSION, | |
231 | SSL_HIGH | SSL_FIPS, | |
232 | SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, | |
233 | 256, | |
234 | 256 | |
235 | }; | |
e44795bd TM |
236 | |
237 | return &ciph; | |
238 | } | |
239 | ||
240 | int ossl_quic_renegotiate_check(SSL *ssl, int initok) | |
241 | { | |
242 | return 1; | |
243 | } | |
d5ab48a1 RL |
244 | |
245 | QUIC_CONNECTION *ossl_quic_conn_from_ssl(SSL *ssl) | |
246 | { | |
247 | return QUIC_CONNECTION_FROM_SSL(ssl); | |
248 | } | |
249 | ||
250 | /* | |
251 | * The following are getters and setters of pointers, but they don't affect | |
252 | * the objects being pointed at. They are CURRENTLY to be freed separately | |
253 | * by the caller the set them in the first place. | |
254 | */ | |
255 | int ossl_quic_conn_set_qrx(QUIC_CONNECTION *qc, OSSL_QRX *qrx) | |
256 | { | |
257 | if (qc == NULL) | |
258 | return 0; | |
259 | qc->qrx = qrx; | |
260 | return 1; | |
261 | } | |
262 | ||
263 | OSSL_QRX *ossl_quic_conn_get_qrx(QUIC_CONNECTION *qc) | |
264 | { | |
265 | return qc != NULL ? qc->qrx : NULL; | |
266 | } | |
267 | ||
268 | int ossl_quic_conn_set_ackm(QUIC_CONNECTION *qc, OSSL_ACKM *ackm) | |
269 | { | |
270 | if (qc == NULL) | |
271 | return 0; | |
272 | qc->ackm = ackm; | |
273 | return 1; | |
274 | } | |
275 | ||
276 | OSSL_ACKM *ossl_quic_conn_set_akcm(QUIC_CONNECTION *qc) | |
277 | { | |
278 | return qc != NULL ? qc->ackm : NULL; | |
279 | } |