Add a test_ssl_new testcase

This requires some code being pulled into the empty protocol implementation so the state machinery works. Reviewed-by: Matt Caswell <matt@openssl.org> Reviewed-by: Paul Dale <pauli@openssl.org> (Merged from https://github.com/openssl/openssl/pull/18307)
author: Tomas Mraz <tomas@openssl.org> 2022-05-16 18:08:54 +0200
committer: Pauli <pauli@openssl.org> 2022-06-03 12:07:18 +1000
commit: 08e4901298df12931b45c7115254a0e159727683 (patch)
tree: c76090a6a3c1aef6a4b34e57cada580e7782dfa0 /ssl
parent: e44795bd5db081260ef05c7be6fd17c080ed9437 (diff)
download: openssl-08e4901298df12931b45c7115254a0e159727683.tar.gz
2 files changed, 62 insertions, 10 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c
index 1c673d23b6..5d0c861c76 100644
--- a/ssl/quic/quic_impl.c
+++ b/ssl/quic/quic_impl.c
@@ -28,37 +28,49 @@ int ossl_quic_clear(SSL *s)
 
 int ossl_quic_accept(SSL *s)
 {
+    s->statem.in_init = 0;
     return 1;
 }
 
 int ossl_quic_connect(SSL *s)
 {
+    s->statem.in_init = 0;
     return 1;
 }
 
 int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes)
 {
+    int ret;
     BIO *rbio = SSL_get_rbio(s);
 
     if (rbio == NULL)
         return 0;
 
-    return BIO_read_ex(rbio, buf, len, readbytes);
+    s->rwstate = SSL_READING;
+    ret = BIO_read_ex(rbio, buf, len, readbytes);
+    if (ret > 0 || !BIO_should_retry(rbio))
+        s->rwstate = SSL_NOTHING;
+    return ret <= 0 ? -1 : ret;
 }
 
 int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes)
 {
-    return 1;
+    return -1;
 }
 
 int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written)
 {
     BIO *wbio = SSL_get_wbio(s);
+    int ret;
 
     if (wbio == NULL)
         return 0;
 
-    return BIO_write_ex(wbio, buf, len, written);
+    s->rwstate = SSL_WRITING;
+    ret = BIO_write_ex(wbio, buf, len, written);
+    if (ret > 0 || !BIO_should_retry(wbio))
+        s->rwstate = SSL_NOTHING;
+    return ret;
 }
 
 int ossl_quic_shutdown(SSL *s)
@@ -68,11 +80,30 @@ int ossl_quic_shutdown(SSL *s)
 
 long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg)
 {
+    switch(cmd) {
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg);
+    }
     return 0;
 }
 
-long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg)
+long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg)
 {
+    switch(cmd) {
+    case SSL_CTRL_CHAIN:
+        if (larg)
+            return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+        else
+            return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg);
+
+    case SSL_CTRL_SET_TLSEXT_TICKET_KEYS:
+    case SSL_CTRL_GET_TLSEXT_TICKET_KEYS:
+        /* TODO(QUIC): these will have to be implemented properly */
+        return 1;
+    }
     return 0;
 }
 
@@ -81,7 +112,7 @@ long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void))
     return 0;
 }
 
-long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void))
+long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void))
 {
     return 0;
 }
@@ -103,7 +134,28 @@ int ossl_quic_num_ciphers(void)
 
 const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u)
 {
-    static const SSL_CIPHER ciph = { 0 };
+    /*
+     * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT");
+     * produces at least one valid TLS-1.2 cipher.
+     * Later we should allow that there are none with QUIC protocol as
+     * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL.
+     */
+    static const SSL_CIPHER ciph = {
+        1,
+        TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+        TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+        TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+        SSL_kECDHE,
+        SSL_aRSA,
+        SSL_AES256GCM,
+        SSL_AEAD,
+        TLS1_2_VERSION, TLS1_2_VERSION,
+        DTLS1_2_VERSION, DTLS1_2_VERSION,
+        SSL_HIGH | SSL_FIPS,
+        SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384,
+        256,
+        256
+    };
 
     return &ciph;
 }
diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h
index 3b738e541b..8bd40cf916 100644
--- a/ssl/quic/quic_local.h
+++ b/ssl/quic/quic_local.h
@@ -15,8 +15,8 @@
 
 # define OSSL_QUIC_ANY_VERSION 0xFFFFF
 
-# define IMPLEMENT_quic_meth_func(version, func_name, s_accept, \
-                                 s_connect, enc_data) \
+# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \
+                                 q_connect, enc_data) \
 const SSL_METHOD *func_name(void)  \
         { \
         static const SSL_METHOD func_name##_data= { \
@@ -26,8 +26,8 @@ const SSL_METHOD *func_name(void)  \
                 ossl_quic_new, \
                 ossl_quic_clear, \
                 ossl_quic_free, \
-                s_accept, \
-                s_connect, \
+                q_accept, \
+                q_connect, \
                 ossl_quic_read, \
                 ossl_quic_peek, \
                 ossl_quic_write, \
author	Tomas Mraz <tomas@openssl.org>	2022-05-16 18:08:54 +0200
committer	Pauli <pauli@openssl.org>	2022-06-03 12:07:18 +1000
commit	08e4901298df12931b45c7115254a0e159727683 (patch)
tree	c76090a6a3c1aef6a4b34e57cada580e7782dfa0 /ssl
parent	e44795bd5db081260ef05c7be6fd17c080ed9437 (diff)
download	openssl-08e4901298df12931b45c7115254a0e159727683.tar.gz