int ossl_quic_accept(SSL *s)
{
+ s->statem.in_init = 0;
return 1;
}
int ossl_quic_connect(SSL *s)
{
+ s->statem.in_init = 0;
return 1;
}
int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
{
+ int ret;
BIO *rbio = SSL_get_rbio(s);
if (rbio == NULL)
return 0;
- return BIO_read_ex(rbio, buf, len, readbytes);
+ s->rwstate = SSL_READING;
+ ret = BIO_read_ex(rbio, buf, len, readbytes);
+ if (ret > 0 || !BIO_should_retry(rbio))
+ s->rwstate = SSL_NOTHING;
+ return ret <= 0 ? -1 : ret;
}
int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
{
- return 1;
+ return -1;
}
int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
{
BIO *wbio = SSL_get_wbio(s);
+ int ret;
if (wbio == NULL)
return 0;
- return BIO_write_ex(wbio, buf, len, written);
+ s->rwstate = SSL_WRITING;
+ ret = BIO_write_ex(wbio, buf, len, written);
+ if (ret > 0 || !BIO_should_retry(wbio))
+ s->rwstate = SSL_NOTHING;
+ return ret;
}
int ossl_quic_shutdown(SSL *s)
long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
{
+ switch(cmd) {
+ case SSL_CTRL_CHAIN:
+ if (larg)
+ return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
+ else
+ return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
+ }
return 0;
}
-long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg)
+long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
{
+ switch(cmd) {
+ case SSL_CTRL_CHAIN:
+ if (larg)
+ return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+ else
+ return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+
+ case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+ case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+ /* TODO(QUIC): these will have to be implemented properly */
+ return 1;
+ }
return 0;
}
return 0;
}
-long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void))
+long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
{
return 0;
}
const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
{
- static const SSL_CIPHER ciph = { 0 };
+ /*
+ * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
+ * produces at least one valid TLS-1.2 cipher.
+ * Later we should allow that there are none with QUIC protocol as
+ * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
+ */
+ static const SSL_CIPHER ciph = {
+ 1,
+ TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+ SSL_kECDHE,
+ SSL_aRSA,
+ SSL_AES256GCM,
+ SSL_AEAD,
+ TLS1_2_VERSION, TLS1_2_VERSION,
+ DTLS1_2_VERSION, DTLS1_2_VERSION,
+ SSL_HIGH | SSL_FIPS,
+ SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+ 256,
+ 256
+ };
return &ciph;
}
# define OSSL_QUIC_ANY_VERSION 0xFFFFF
-# define IMPLEMENT_quic_meth_func(version, func_name, s_accept, \
- s_connect, enc_data) \
+# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
+ q_connect, enc_data) \
const SSL_METHOD *func_name(void) \
{ \
static const SSL_METHOD func_name##_data= { \
ossl_quic_new, \
ossl_quic_clear, \
ossl_quic_free, \
- s_accept, \
- s_connect, \
+ q_accept, \
+ q_connect, \
ossl_quic_read, \
ossl_quic_peek, \
ossl_quic_write, \
static const test_enum ssl_test_methods[] = {
{"TLS", SSL_TEST_METHOD_TLS},
{"DTLS", SSL_TEST_METHOD_DTLS},
+ {"QUIC", SSL_TEST_METHOD_QUIC}
};
__owur static int parse_test_method(SSL_TEST_CTX *test_ctx, const char *value)
typedef enum {
SSL_TEST_METHOD_TLS = 0, /* Default */
- SSL_TEST_METHOD_DTLS
+ SSL_TEST_METHOD_DTLS,
+ SSL_TEST_METHOD_QUIC
} ssl_test_method_t;
typedef enum {
@conf_srcs = glob(srctop_file("test", "ssl-tests", "*.cnf.in"));
# We hard-code the number of tests to double-check that the globbing above
# finds all files as expected.
- plan tests => 30;
+ plan tests => 31;
}
map { s/;.*// } @conf_srcs if $^O eq "VMS";
my @conf_files = map { basename($_, ".in") } @conf_srcs;
}
my $no_pre_tls1_3 = alldisabled(@all_pre_tls1_3);
my $no_dtls = alldisabled(available_protocols("dtls"));
+my $no_quic = disabled("quic");
my $no_npn = disabled("nextprotoneg");
my $no_ct = disabled("ct");
my $no_ec = disabled("ec");
"25-cipher.cnf" => disabled("ec") || disabled("tls1_2"),
"26-tls13_client_auth.cnf" => disabled("tls1_3") || ($no_ec && $no_dh),
"29-dtls-sctp-label-bug.cnf" => disabled("sctp") || disabled("sock"),
+ "31-quic.cnf" => $no_quic || $no_ec
);
foreach my $conf (@conf_files) {
--- /dev/null
+# Generated with generate_ssl_tests.pl
+
+num_tests = 1
+
+test-0 = 0-certstatus-good
+# ===========================================================
+
+[0-certstatus-good]
+ssl_conf = 0-certstatus-good-ssl
+
+[0-certstatus-good-ssl]
+server = 0-certstatus-good-server
+client = 0-certstatus-good-client
+
+[0-certstatus-good-server]
+Certificate = ${ENV::TEST_CERTS_DIR}/servercert.pem
+CipherString = DEFAULT
+PrivateKey = ${ENV::TEST_CERTS_DIR}/serverkey.pem
+
+[0-certstatus-good-client]
+CipherString = DEFAULT
+VerifyCAFile = ${ENV::TEST_CERTS_DIR}/rootcert.pem
+VerifyMode = Peer
+
+[test-0]
+ExpectedResult = Success
+Method = QUIC
+
+
--- /dev/null
+# -*- mode: perl; -*-
+# Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
+#
+# Licensed under the Apache License 2.0 (the "License"). You may not use
+# this file except in compliance with the License. You can obtain a copy
+# in the file LICENSE in the source distribution or at
+# https://www.openssl.org/source/license.html
+
+
+## Basic test of the QUIC protocol
+
+use strict;
+use warnings;
+
+package ssltests;
+
+
+our @tests = (
+ {
+ name => "certstatus-good",
+ server => {},
+ client => {},
+ test => {
+ "Method" => "QUIC",
+ "ExpectedResult" => "Success"
+ }
+ }
+);
#include <openssl/err.h>
#include <openssl/ssl.h>
#include <openssl/provider.h>
+#ifndef OPENSSL_NO_QUIC
+#include <openssl/quic.h>
+#endif
#include "helpers/handshake.h"
#include "helpers/ssl_test_ctx.h"
goto err;
}
}
+#ifndef OPENSSL_NO_QUIC
+ if (test_ctx->method == SSL_TEST_METHOD_QUIC) {
+ server_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_server_method());
+ if (test_ctx->extra.server.servername_callback !=
+ SSL_TEST_SERVERNAME_CB_NONE) {
+ if (!TEST_ptr(server2_ctx =
+ SSL_CTX_new_ex(libctx, NULL,
+ OSSL_QUIC_server_method())))
+ goto err;
+ }
+ client_ctx = SSL_CTX_new_ex(libctx, NULL, OSSL_QUIC_client_method());
+ if (test_ctx->handshake_mode == SSL_TEST_HANDSHAKE_RESUME) {
+ resume_server_ctx = SSL_CTX_new_ex(libctx, NULL,
+ OSSL_QUIC_server_method());
+ resume_client_ctx = SSL_CTX_new_ex(libctx, NULL,
+ OSSL_QUIC_client_method());
+ if (!TEST_ptr(resume_server_ctx)
+ || !TEST_ptr(resume_client_ctx))
+ goto err;
+ }
+ }
+#endif
#ifdef OPENSSL_NO_AUTOLOAD_CONFIG
if (!TEST_true(OPENSSL_init_ssl(OPENSSL_INIT_LOAD_CONFIG, NULL)))
projects / thirdparty / openssl.git / commitdiff
