diff options
author | Tomas Mraz <tomas@openssl.org> | 2022-05-16 18:08:54 +0200 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2022-06-03 12:07:18 +1000 |
commit | 08e4901298df12931b45c7115254a0e159727683 (patch) | |
tree | c76090a6a3c1aef6a4b34e57cada580e7782dfa0 /ssl | |
parent | e44795bd5db081260ef05c7be6fd17c080ed9437 (diff) | |
download | openssl-08e4901298df12931b45c7115254a0e159727683.tar.gz |
Add a test_ssl_new testcase
This requires some code being pulled into the empty protocol
implementation so the state machinery works.
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/18307)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/quic/quic_impl.c | 64 | ||||
-rw-r--r-- | ssl/quic/quic_local.h | 8 |
2 files changed, 62 insertions, 10 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 1c673d23b6..5d0c861c76 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -28,37 +28,49 @@ int ossl_quic_clear(SSL *s) int ossl_quic_accept(SSL *s) { + s->statem.in_init = 0; return 1; } int ossl_quic_connect(SSL *s) { + s->statem.in_init = 0; return 1; } int ossl_quic_read(SSL *s, void *buf, size_t len, size_t *readbytes) { + int ret; BIO *rbio = SSL_get_rbio(s); if (rbio == NULL) return 0; - return BIO_read_ex(rbio, buf, len, readbytes); + s->rwstate = SSL_READING; + ret = BIO_read_ex(rbio, buf, len, readbytes); + if (ret > 0 || !BIO_should_retry(rbio)) + s->rwstate = SSL_NOTHING; + return ret <= 0 ? -1 : ret; } int ossl_quic_peek(SSL *s, void *buf, size_t len, size_t *readbytes) { - return 1; + return -1; } int ossl_quic_write(SSL *s, const void *buf, size_t len, size_t *written) { BIO *wbio = SSL_get_wbio(s); + int ret; if (wbio == NULL) return 0; - return BIO_write_ex(wbio, buf, len, written); + s->rwstate = SSL_WRITING; + ret = BIO_write_ex(wbio, buf, len, written); + if (ret > 0 || !BIO_should_retry(wbio)) + s->rwstate = SSL_NOTHING; + return ret; } int ossl_quic_shutdown(SSL *s) @@ -68,11 +80,30 @@ int ossl_quic_shutdown(SSL *s) long ossl_quic_ctrl(SSL *s, int cmd, long larg, void *parg) { + switch(cmd) { + case SSL_CTRL_CHAIN: + if (larg) + return ssl_cert_set1_chain(s, NULL, (STACK_OF(X509) *)parg); + else + return ssl_cert_set0_chain(s, NULL, (STACK_OF(X509) *)parg); + } return 0; } -long ossl_quic_ctx_ctrl(SSL_CTX *s, int cmd, long larg, void *parg) +long ossl_quic_ctx_ctrl(SSL_CTX *ctx, int cmd, long larg, void *parg) { + switch(cmd) { + case SSL_CTRL_CHAIN: + if (larg) + return ssl_cert_set1_chain(NULL, ctx, (STACK_OF(X509) *)parg); + else + return ssl_cert_set0_chain(NULL, ctx, (STACK_OF(X509) *)parg); + + case SSL_CTRL_SET_TLSEXT_TICKET_KEYS: + case SSL_CTRL_GET_TLSEXT_TICKET_KEYS: + /* TODO(QUIC): these will have to be implemented properly */ + return 1; + } return 0; } @@ -81,7 +112,7 @@ long ossl_quic_callback_ctrl(SSL *s, int cmd, void (*fp) (void)) return 0; } -long ossl_quic_ctx_callback_ctrl(SSL_CTX *s, int cmd, void (*fp) (void)) +long ossl_quic_ctx_callback_ctrl(SSL_CTX *ctx, int cmd, void (*fp) (void)) { return 0; } @@ -103,7 +134,28 @@ int ossl_quic_num_ciphers(void) const SSL_CIPHER *ossl_quic_get_cipher(unsigned int u) { - static const SSL_CIPHER ciph = { 0 }; + /* + * TODO(QUIC): This is needed so the SSL_CTX_set_cipher_list("DEFAULT"); + * produces at least one valid TLS-1.2 cipher. + * Later we should allow that there are none with QUIC protocol as + * SSL_CTX_set_cipher_list should still allow setting a SECLEVEL. + */ + static const SSL_CIPHER ciph = { + 1, + TLS1_TXT_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_RFC_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + TLS1_CK_ECDHE_RSA_WITH_AES_256_GCM_SHA384, + SSL_kECDHE, + SSL_aRSA, + SSL_AES256GCM, + SSL_AEAD, + TLS1_2_VERSION, TLS1_2_VERSION, + DTLS1_2_VERSION, DTLS1_2_VERSION, + SSL_HIGH | SSL_FIPS, + SSL_HANDSHAKE_MAC_SHA384 | TLS1_PRF_SHA384, + 256, + 256 + }; return &ciph; } diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index 3b738e541b..8bd40cf916 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -15,8 +15,8 @@ # define OSSL_QUIC_ANY_VERSION 0xFFFFF -# define IMPLEMENT_quic_meth_func(version, func_name, s_accept, \ - s_connect, enc_data) \ +# define IMPLEMENT_quic_meth_func(version, func_name, q_accept, \ + q_connect, enc_data) \ const SSL_METHOD *func_name(void) \ { \ static const SSL_METHOD func_name##_data= { \ @@ -26,8 +26,8 @@ const SSL_METHOD *func_name(void) \ ossl_quic_new, \ ossl_quic_clear, \ ossl_quic_free, \ - s_accept, \ - s_connect, \ + q_accept, \ + q_connect, \ ossl_quic_read, \ ossl_quic_peek, \ ossl_quic_write, \ |