1 /*
2 * Copyright 2022 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the Apache License 2.0 (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <openssl/macros.h>
11 #include <openssl/objects.h>
12 #include "quic_local.h"
13
ossl_quic_new(SSL_CTX * ctx)14 SSL *ossl_quic_new(SSL_CTX *ctx)
15 {
16 QUIC_CONNECTION *qc;
17 SSL *ssl = NULL;
18 SSL_CONNECTION *sc;
19
20 qc = OPENSSL_zalloc(sizeof(*qc));
21 if (qc == NULL)
22 goto err;
23
24 ssl = &qc->ssl;
25 if (!ossl_ssl_init(ssl, ctx, SSL_TYPE_QUIC_CONNECTION)) {
26 OPENSSL_free(qc);
27 ssl = NULL;
28 goto err;
29 }
30 qc->tls = ossl_ssl_connection_new(ctx);
31 if (qc->tls == NULL || (sc = SSL_CONNECTION_FROM_SSL(qc->tls)) == NULL)
32 goto err;
33 /* override the user_ssl of the inner connection */
34 sc->user_ssl = ssl;
35
36 /* We'll need to set proper TLS method on qc->tls here */
37 return ssl;
38 err:
39 ossl_quic_free(ssl);
40 return NULL;
41 }
42
ossl_quic_init(SSL * s)43 int ossl_quic_init(SSL *s)
44 {
45 return s->method->ssl_clear(s);
46 }
47
ossl_quic_deinit(SSL * s)48 void ossl_quic_deinit(SSL *s)
49 {
50 return;
51 }
52
ossl_quic_free(SSL * s)53 void ossl_quic_free(SSL *s)
54 {
55 QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
56
57 if (qc == NULL) {
58 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
59
60 if (sc != NULL)
61 ossl_ssl_connection_free(s);
62 return;
63 }
64
65 SSL_free(qc->tls);
66 return;
67 }
68
ossl_quic_reset(SSL * s)69 int ossl_quic_reset(SSL *s)
70 {
71 QUIC_CONNECTION *qc = QUIC_CONNECTION_FROM_SSL(s);
72
73 if (qc == NULL) {
74 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL_ONLY(s);
75
76 return sc != NULL ? ossl_ssl_connection_reset(s) : 0;
77 }
78
79 return ossl_ssl_connection_reset(qc->tls);
80 }
81
ossl_quic_clear(SSL * s)82 int ossl_quic_clear(SSL *s)
83 {
84 return 1;
85 }
86
ossl_quic_accept(SSL * s)87 int ossl_quic_accept(SSL *s)
88 {
89 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
90
91 if (sc == NULL)
92 return 0;
93
94 ossl_statem_set_in_init(sc, 0);
95 return 1;
96 }
97
ossl_quic_connect(SSL * s)98 int ossl_quic_connect(SSL *s)
99 {
100 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
101
102 if (sc == NULL)
103 return 0;
104
105 ossl_statem_set_in_init(sc, 0);
106 return 1;
107 }
108
ossl_quic_read(SSL * s,void * buf,size_t len,size_t * readbytes)109 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
110 {
111 int ret;
112 BIO *rbio = SSL_get_rbio(s);
113 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
114
115 if (sc == NULL || rbio == NULL)
116 return 0;
117
118 sc->rwstate = SSL_READING;
119 ret = BIO_read_ex(rbio, buf, len, readbytes);
120 if (ret > 0 || !BIO_should_retry(rbio))
121 sc->rwstate = SSL_NOTHING;
122 return ret <= 0 ? -1 : ret;
123 }
124
ossl_quic_peek(SSL * s,void * buf,size_t len,size_t * readbytes)125 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
126 {
127 return -1;
128 }
129
ossl_quic_write(SSL * s,const void * buf,size_t len,size_t * written)130 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
131 {
132 BIO *wbio = SSL_get_wbio(s);
133 int ret;
134 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
135
136 if (sc == NULL || wbio == NULL)
137 return 0;
138
139 sc->rwstate = SSL_WRITING;
140 ret = BIO_write_ex(wbio, buf, len, written);
141 if (ret > 0 || !BIO_should_retry(wbio))
142 sc->rwstate = SSL_NOTHING;
143 return ret;
144 }
145
ossl_quic_shutdown(SSL * s)146 int ossl_quic_shutdown(SSL *s)
147 {
148 return 1;
149 }
150
ossl_quic_ctrl(SSL * s,int cmd,long larg,void * parg)151 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
152 {
153 SSL_CONNECTION *sc = SSL_CONNECTION_FROM_QUIC_SSL(s);
154
155 if (sc == NULL)
156 return 0;
157
158 switch(cmd) {
159 case SSL_CTRL_CHAIN:
160 if (larg)
161 return ssl_cert_set1_chain(sc, NULL, (STACK_OF(X509) *)parg);
162 else
163 return ssl_cert_set0_chain(sc, NULL, (STACK_OF(X509) *)parg);
164 }
165 return 0;
166 }
167
ossl_quic_ctx_ctrl(SSL_CTX * ctx,int cmd,long larg,void * parg)168 long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
169 {
170 switch(cmd) {
171 case SSL_CTRL_CHAIN:
172 if (larg)
173 return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
174 else
175 return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
176
177 case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
178 case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
179 /* TODO(QUIC): these will have to be implemented properly */
180 return 1;
181 }
182 return 0;
183 }
184
ossl_quic_callback_ctrl(SSL * s,int cmd,void (* fp)(void))185 long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
186 {
187 return 0;
188 }
189
ossl_quic_ctx_callback_ctrl(SSL_CTX * ctx,int cmd,void (* fp)(void))190 long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
191 {
192 return 0;
193 }
194
ossl_quic_pending(const SSL * s)195 size_t ossl_quic_pending(const SSL *s)
196 {
197 return 0;
198 }
199
ossl_quic_default_timeout(void)200 long ossl_quic_default_timeout(void)
201 {
202 return 0;
203 }
204
ossl_quic_num_ciphers(void)205 int ossl_quic_num_ciphers(void)
206 {
207 return 1;
208 }
209
ossl_quic_get_cipher(unsigned int u)210 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
211 {
212 /*
213 * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
214 * produces at least one valid TLS-1.2 cipher.
215 * Later we should allow that there are none with QUIC protocol as
216 * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
217 */
218 static const SSL_CIPHER ciph = {
219 1,
220 TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
221 TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
222 TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
223 SSL_kECDHE,
224 SSL_aRSA,
225 SSL_AES256GCM,
226 SSL_AEAD,
227 TLS1_2_VERSION, TLS1_2_VERSION,
228 DTLS1_2_VERSION, DTLS1_2_VERSION,
229 SSL_HIGH | SSL_FIPS,
230 SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
231 256,
232 256
233 };
234
235 return &ciph;
236 }
237
ossl_quic_renegotiate_check(SSL * ssl,int initok)238 int ossl_quic_renegotiate_check(SSL *ssl, int initok)
239 {
240 return 1;
241 }
242