1 1.1 christos /* 2 1.1 christos * Copyright 2022-2025 The OpenSSL Project Authors. All Rights Reserved. 3 1.1 christos * 4 1.1 christos * Licensed under the Apache License 2.0 (the "License"). You may not use 5 1.1 christos * this file except in compliance with the License. You can obtain a copy 6 1.1 christos * in the file LICENSE in the source distribution or at 7 1.1 christos * https://www.openssl.org/source/license.html 8 1.1 christos */ 9 1.1 christos #include <openssl/ssl.h> 10 1.1 christos #include "internal/recordmethod.h" 11 1.1 christos #include "internal/quic_tls.h" 12 1.1 christos #include "../ssl_local.h" 13 1.1 christos #include "internal/quic_record_util.h" 14 1.1 christos #include "internal/quic_error.h" 15 1.1 christos #include "internal/quic_types.h" 16 1.1 christos #include "internal/ssl_unwrap.h" 17 1.1 christos 18 1.1.1.2 christos #define QUIC_TLS_FATAL(rl, ad, err) \ 19 1.1.1.2 christos do { \ 20 1.1.1.2 christos if ((rl) != NULL) \ 21 1.1.1.2 christos (rl)->alert = (ad); \ 22 1.1 christos ERR_raise(ERR_LIB_SSL, (err)); \ 23 1.1.1.2 christos if ((rl) != NULL) \ 24 1.1.1.2 christos (rl)->qtls->inerror = 1; \ 25 1.1.1.2 christos } while (0) 26 1.1 christos 27 1.1 christos struct quic_tls_st { 28 1.1 christos QUIC_TLS_ARGS args; 29 1.1 christos 30 1.1 christos /* 31 1.1 christos * Transport parameters which client should send. Buffer lifetime must 32 1.1 christos * exceed the lifetime of the QUIC_TLS object. 33 1.1 christos */ 34 1.1 christos const unsigned char *local_transport_params; 35 1.1 christos size_t local_transport_params_len; 36 1.1 christos 37 1.1 christos ERR_STATE *error_state; 38 1.1 christos 39 1.1 christos /* 40 1.1 christos * QUIC error code (usually in the TLS Alert-mapped CRYPTO_ERR range). Valid 41 1.1 christos * only if inerror is 1. 42 1.1 christos */ 43 1.1 christos uint64_t error_code; 44 1.1 christos 45 1.1 christos /* 46 1.1 christos * Error message with static storage duration. Valid only if inerror is 1. 47 1.1 christos * Should be suitable for encapsulation in a CONNECTION_CLOSE frame. 48 1.1 christos */ 49 1.1 christos const char *error_msg; 50 1.1 christos 51 1.1 christos /* Whether our SSL object for TLS has been configured for use in QUIC */ 52 1.1 christos unsigned int configured : 1; 53 1.1 christos 54 1.1 christos /* Set if we have hit any error state */ 55 1.1 christos unsigned int inerror : 1; 56 1.1 christos 57 1.1 christos /* Set if the handshake has completed */ 58 1.1 christos unsigned int complete : 1; 59 1.1 christos 60 1.1 christos /* Set if we have consumed the local transport parameters yet. */ 61 1.1 christos unsigned int local_transport_params_consumed : 1; 62 1.1 christos }; 63 1.1 christos 64 1.1 christos struct ossl_record_layer_st { 65 1.1 christos QUIC_TLS *qtls; 66 1.1 christos 67 1.1 christos /* Protection level */ 68 1.1 christos int level; 69 1.1 christos 70 1.1 christos /* Only used for retry flags */ 71 1.1 christos BIO *dummybio; 72 1.1 christos 73 1.1 christos /* Number of bytes written so far if we are part way through a write */ 74 1.1 christos size_t written; 75 1.1 christos 76 1.1 christos /* If we are part way through a write, a copy of the template */ 77 1.1 christos OSSL_RECORD_TEMPLATE template; 78 1.1 christos 79 1.1 christos /* 80 1.1 christos * If we hit an error, what alert code should be used 81 1.1 christos */ 82 1.1 christos int alert; 83 1.1 christos 84 1.1 christos /* Amount of crypto stream data we read in the last call to quic_read_record */ 85 1.1 christos size_t recread; 86 1.1 christos 87 1.1 christos /* Amount of crypto stream data read but not yet released */ 88 1.1 christos size_t recunreleased; 89 1.1 christos 90 1.1 christos /* Callbacks */ 91 1.1 christos OSSL_FUNC_rlayer_msg_callback_fn *msg_callback; 92 1.1 christos void *cbarg; 93 1.1 christos }; 94 1.1 christos 95 1.1 christos static int quic_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio); 96 1.1 christos static int quic_free(OSSL_RECORD_LAYER *r); 97 1.1 christos 98 1.1 christos static int 99 1.1 christos quic_new_record_layer(OSSL_LIB_CTX *libctx, const char *propq, int vers, 100 1.1.1.2 christos int role, int direction, int level, uint16_t epoch, 101 1.1.1.2 christos unsigned char *secret, size_t secretlen, 102 1.1.1.2 christos unsigned char *key, size_t keylen, unsigned char *iv, 103 1.1.1.2 christos size_t ivlen, unsigned char *mackey, size_t mackeylen, 104 1.1.1.2 christos const EVP_CIPHER *ciph, size_t taglen, 105 1.1.1.2 christos int mactype, 106 1.1.1.2 christos const EVP_MD *md, COMP_METHOD *comp, 107 1.1.1.2 christos const EVP_MD *kdfdigest, BIO *prev, BIO *transport, 108 1.1.1.2 christos BIO *next, BIO_ADDR *local, BIO_ADDR *peer, 109 1.1.1.2 christos const OSSL_PARAM *settings, const OSSL_PARAM *options, 110 1.1.1.2 christos const OSSL_DISPATCH *fns, void *cbarg, void *rlarg, 111 1.1.1.2 christos OSSL_RECORD_LAYER **retrl) 112 1.1 christos { 113 1.1 christos OSSL_RECORD_LAYER *rl = OPENSSL_zalloc(sizeof(*rl)); 114 1.1 christos int qdir; 115 1.1 christos uint32_t suite_id = 0; 116 1.1 christos 117 1.1 christos if (rl == NULL) { 118 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 119 1.1 christos return 0; 120 1.1 christos } 121 1.1 christos 122 1.1 christos rl->qtls = (QUIC_TLS *)rlarg; 123 1.1 christos rl->level = level; 124 1.1 christos if (!quic_set1_bio(rl, transport)) { 125 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 126 1.1 christos goto err; 127 1.1 christos } 128 1.1 christos rl->cbarg = cbarg; 129 1.1 christos *retrl = rl; 130 1.1 christos 131 1.1 christos if (fns != NULL) { 132 1.1 christos for (; fns->function_id != 0; fns++) { 133 1.1 christos switch (fns->function_id) { 134 1.1 christos break; 135 1.1 christos case OSSL_FUNC_RLAYER_MSG_CALLBACK: 136 1.1 christos rl->msg_callback = OSSL_FUNC_rlayer_msg_callback(fns); 137 1.1 christos break; 138 1.1 christos default: 139 1.1 christos /* Just ignore anything we don't understand */ 140 1.1 christos break; 141 1.1 christos } 142 1.1 christos } 143 1.1 christos } 144 1.1 christos 145 1.1 christos if (level == OSSL_RECORD_PROTECTION_LEVEL_NONE) 146 1.1 christos return 1; 147 1.1 christos 148 1.1 christos if (direction == OSSL_RECORD_DIRECTION_READ) 149 1.1 christos qdir = 0; 150 1.1 christos else 151 1.1 christos qdir = 1; 152 1.1 christos 153 1.1 christos if (rl->qtls->args.ossl_quic) { 154 1.1 christos #ifndef OPENSSL_NO_QUIC 155 1.1 christos /* 156 1.1 christos * We only look up the suite_id/MD for internal callers. Not used in the 157 1.1 christos * public API. We assume that a 3rd party QUIC stack will want to 158 1.1 christos * figure this out by itself (e.g. so that they could add new 159 1.1 christos * ciphersuites at a different pace to us) 160 1.1 christos */ 161 1.1 christos if (EVP_CIPHER_is_a(ciph, "AES-128-GCM")) { 162 1.1 christos suite_id = QRL_SUITE_AES128GCM; 163 1.1 christos } else if (EVP_CIPHER_is_a(ciph, "AES-256-GCM")) { 164 1.1 christos suite_id = QRL_SUITE_AES256GCM; 165 1.1 christos } else if (EVP_CIPHER_is_a(ciph, "CHACHA20-POLY1305")) { 166 1.1 christos suite_id = QRL_SUITE_CHACHA20POLY1305; 167 1.1 christos } else { 168 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, SSL_R_UNKNOWN_CIPHER_TYPE); 169 1.1 christos goto err; 170 1.1 christos } 171 1.1 christos 172 1.1 christos /* We pass a ref to the md in a successful yield_secret_cb call */ 173 1.1 christos /* TODO(QUIC FUTURE): This cast is horrible. We should try and remove it */ 174 1.1 christos if (!EVP_MD_up_ref((EVP_MD *)kdfdigest)) { 175 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 176 1.1 christos goto err; 177 1.1 christos } 178 1.1 christos #else 179 1.1 christos if (!ossl_assert("Should not happen" == NULL)) 180 1.1 christos goto err; 181 1.1 christos #endif 182 1.1 christos } else { 183 1.1 christos kdfdigest = NULL; 184 1.1 christos } 185 1.1 christos 186 1.1 christos if (!rl->qtls->args.yield_secret_cb(level, qdir, suite_id, 187 1.1.1.2 christos (EVP_MD *)kdfdigest, secret, secretlen, 188 1.1.1.2 christos rl->qtls->args.yield_secret_cb_arg)) { 189 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 190 1.1 christos EVP_MD_free((EVP_MD *)kdfdigest); 191 1.1 christos goto err; 192 1.1 christos } 193 1.1 christos 194 1.1 christos return 1; 195 1.1.1.2 christos err: 196 1.1 christos *retrl = NULL; 197 1.1 christos quic_free(rl); 198 1.1 christos return 0; 199 1.1 christos } 200 1.1 christos 201 1.1 christos static int quic_free(OSSL_RECORD_LAYER *rl) 202 1.1 christos { 203 1.1 christos if (rl == NULL) 204 1.1 christos return 1; 205 1.1 christos 206 1.1 christos BIO_free(rl->dummybio); 207 1.1 christos OPENSSL_free(rl); 208 1.1 christos return 1; 209 1.1 christos } 210 1.1 christos 211 1.1 christos static int quic_unprocessed_read_pending(OSSL_RECORD_LAYER *rl) 212 1.1 christos { 213 1.1 christos /* 214 1.1 christos * Read ahead isn't really a thing for QUIC so we never have unprocessed 215 1.1 christos * data pending 216 1.1 christos */ 217 1.1 christos return 0; 218 1.1 christos } 219 1.1 christos 220 1.1 christos static int quic_processed_read_pending(OSSL_RECORD_LAYER *rl) 221 1.1 christos { 222 1.1 christos /* 223 1.1 christos * This is currently only ever used by: 224 1.1 christos * - SSL_has_pending() 225 1.1 christos * - to check whether we have more records that we want to supply to the 226 1.1 christos * upper layers 227 1.1 christos * 228 1.1 christos * We only ever supply 1 record at a time to the upper layers, and 229 1.1 christos * SSL_has_pending() will go via the QUIC method not the TLS method so that 230 1.1 christos * use case doesn't apply here. 231 1.1 christos * Therefore we can ignore this for now and always return 0. We might 232 1.1 christos * eventually want to change this to check in the receive buffers to see if 233 1.1 christos * we have any more data pending. 234 1.1 christos */ 235 1.1 christos return 0; 236 1.1 christos } 237 1.1 christos 238 1.1 christos static size_t quic_get_max_records(OSSL_RECORD_LAYER *rl, uint8_t type, 239 1.1.1.2 christos size_t len, 240 1.1.1.2 christos size_t maxfrag, size_t *preffrag) 241 1.1 christos { 242 1.1 christos return 1; 243 1.1 christos } 244 1.1 christos 245 1.1 christos static int quic_write_records(OSSL_RECORD_LAYER *rl, 246 1.1.1.2 christos OSSL_RECORD_TEMPLATE *template, 247 1.1.1.2 christos size_t numtempl) 248 1.1 christos { 249 1.1 christos size_t consumed; 250 1.1 christos unsigned char alert; 251 1.1 christos 252 1.1 christos if (!ossl_assert(numtempl == 1)) { 253 1.1 christos /* How could this be? quic_get_max_records() always returns 1 */ 254 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 255 1.1 christos return OSSL_RECORD_RETURN_FATAL; 256 1.1 christos } 257 1.1 christos 258 1.1 christos BIO_clear_retry_flags(rl->dummybio); 259 1.1 christos 260 1.1 christos if (rl->msg_callback != NULL) { 261 1.1 christos unsigned char dummyrec[SSL3_RT_HEADER_LENGTH]; 262 1.1 christos 263 1.1 christos /* 264 1.1 christos * For the purposes of the callback we "pretend" to be normal TLS, 265 1.1 christos * and manufacture a dummy record header 266 1.1 christos */ 267 1.1 christos dummyrec[0] = (rl->level == OSSL_RECORD_PROTECTION_LEVEL_NONE) 268 1.1.1.2 christos ? template->type 269 1.1.1.2 christos : SSL3_RT_APPLICATION_DATA; 270 1.1 christos dummyrec[1] = (unsigned char)((template->version >> 8) & 0xff); 271 1.1 christos dummyrec[2] = (unsigned char)(template->version & 0xff); 272 1.1 christos /* 273 1.1 christos * We assume that buflen is always <= UINT16_MAX. Since this is 274 1.1 christos * generated by libssl itself we actually expect it to never 275 1.1 christos * exceed SSL3_RT_MAX_PLAIN_LENGTH - so it should be a safe 276 1.1 christos * assumption 277 1.1 christos */ 278 1.1 christos dummyrec[3] = (unsigned char)((template->buflen >> 8) & 0xff); 279 1.1 christos dummyrec[4] = (unsigned char)(template->buflen & 0xff); 280 1.1 christos 281 1.1 christos rl->msg_callback(1, TLS1_3_VERSION, SSL3_RT_HEADER, dummyrec, 282 1.1.1.2 christos SSL3_RT_HEADER_LENGTH, rl->cbarg); 283 1.1 christos 284 1.1 christos if (rl->level != OSSL_RECORD_PROTECTION_LEVEL_NONE) { 285 1.1 christos rl->msg_callback(1, TLS1_3_VERSION, SSL3_RT_INNER_CONTENT_TYPE, 286 1.1.1.2 christos &template->type, 1, rl->cbarg); 287 1.1 christos } 288 1.1 christos } 289 1.1 christos 290 1.1 christos switch (template->type) { 291 1.1 christos case SSL3_RT_ALERT: 292 1.1 christos if (template->buflen != 2) { 293 1.1 christos /* 294 1.1 christos * We assume that libssl always sends both bytes of an alert to 295 1.1 christos * us in one go, and never fragments it. If we ever get more 296 1.1 christos * or less bytes than exactly 2 then this is very unexpected. 297 1.1 christos */ 298 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, SSL_R_BAD_VALUE); 299 1.1 christos return OSSL_RECORD_RETURN_FATAL; 300 1.1 christos } 301 1.1 christos /* 302 1.1 christos * Byte 0 is the alert level (we ignore it) and byte 1 is the alert 303 1.1 christos * description that we are actually interested in. 304 1.1 christos */ 305 1.1 christos alert = template->buf[1]; 306 1.1 christos 307 1.1 christos if (!rl->qtls->args.alert_cb(rl->qtls->args.alert_cb_arg, alert)) { 308 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 309 1.1 christos return OSSL_RECORD_RETURN_FATAL; 310 1.1 christos } 311 1.1 christos break; 312 1.1 christos 313 1.1 christos case SSL3_RT_HANDSHAKE: 314 1.1 christos /* 315 1.1 christos * We expect this to only fail on some fatal error (e.g. malloc 316 1.1 christos * failure) 317 1.1 christos */ 318 1.1 christos if (!rl->qtls->args.crypto_send_cb(template->buf + rl->written, 319 1.1.1.2 christos template->buflen - rl->written, 320 1.1.1.2 christos &consumed, 321 1.1.1.2 christos rl->qtls->args.crypto_send_cb_arg)) { 322 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 323 1.1 christos return OSSL_RECORD_RETURN_FATAL; 324 1.1 christos } 325 1.1 christos /* 326 1.1 christos * We might have written less than we wanted to if we have filled the 327 1.1 christos * send stream buffer. 328 1.1 christos */ 329 1.1 christos if (consumed + rl->written != template->buflen) { 330 1.1 christos if (!ossl_assert(consumed + rl->written < template->buflen)) { 331 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 332 1.1 christos return OSSL_RECORD_RETURN_FATAL; 333 1.1 christos } 334 1.1 christos 335 1.1 christos /* 336 1.1 christos * We've not written everything we wanted to. Take a copy of the 337 1.1 christos * template, remember how much we wrote so far and signal a retry. 338 1.1 christos * The buffer supplied in the template is guaranteed to be the same 339 1.1 christos * on a retry for handshake data 340 1.1 christos */ 341 1.1 christos rl->written += consumed; 342 1.1 christos rl->template = *template; 343 1.1 christos BIO_set_retry_write(rl->dummybio); 344 1.1 christos 345 1.1 christos return OSSL_RECORD_RETURN_RETRY; 346 1.1 christos } 347 1.1 christos rl->written = 0; 348 1.1 christos break; 349 1.1 christos 350 1.1 christos default: 351 1.1 christos /* Anything else is unexpected and an error */ 352 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 353 1.1 christos return OSSL_RECORD_RETURN_FATAL; 354 1.1 christos } 355 1.1 christos 356 1.1 christos return OSSL_RECORD_RETURN_SUCCESS; 357 1.1 christos } 358 1.1 christos 359 1.1 christos static int quic_retry_write_records(OSSL_RECORD_LAYER *rl) 360 1.1 christos { 361 1.1 christos return quic_write_records(rl, &rl->template, 1); 362 1.1 christos } 363 1.1 christos 364 1.1 christos static int quic_read_record(OSSL_RECORD_LAYER *rl, void **rechandle, 365 1.1.1.2 christos int *rversion, uint8_t *type, const unsigned char **data, 366 1.1.1.2 christos size_t *datalen, uint16_t *epoch, 367 1.1.1.2 christos unsigned char *seq_num) 368 1.1 christos { 369 1.1 christos if (rl->recread != 0 || rl->recunreleased != 0) 370 1.1 christos return OSSL_RECORD_RETURN_FATAL; 371 1.1 christos 372 1.1 christos BIO_clear_retry_flags(rl->dummybio); 373 1.1 christos 374 1.1 christos if (!rl->qtls->args.crypto_recv_rcd_cb(data, datalen, 375 1.1.1.2 christos rl->qtls->args.crypto_recv_rcd_cb_arg)) { 376 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 377 1.1 christos return OSSL_RECORD_RETURN_FATAL; 378 1.1 christos } 379 1.1 christos 380 1.1 christos if (*datalen == 0) { 381 1.1 christos BIO_set_retry_read(rl->dummybio); 382 1.1 christos return OSSL_RECORD_RETURN_RETRY; 383 1.1 christos } 384 1.1 christos 385 1.1 christos *rechandle = rl; 386 1.1 christos *rversion = TLS1_3_VERSION; 387 1.1 christos *type = SSL3_RT_HANDSHAKE; 388 1.1 christos rl->recread = rl->recunreleased = *datalen; 389 1.1 christos /* epoch/seq_num are not relevant for TLS */ 390 1.1 christos 391 1.1 christos if (rl->msg_callback != NULL) { 392 1.1 christos unsigned char dummyrec[SSL3_RT_HEADER_LENGTH]; 393 1.1 christos 394 1.1 christos /* 395 1.1 christos * For the purposes of the callback we "pretend" to be normal TLS, 396 1.1 christos * and manufacture a dummy record header 397 1.1 christos */ 398 1.1 christos dummyrec[0] = (rl->level == OSSL_RECORD_PROTECTION_LEVEL_NONE) 399 1.1.1.2 christos ? SSL3_RT_HANDSHAKE 400 1.1.1.2 christos : SSL3_RT_APPLICATION_DATA; 401 1.1 christos dummyrec[1] = (unsigned char)((TLS1_2_VERSION >> 8) & 0xff); 402 1.1 christos dummyrec[2] = (unsigned char)(TLS1_2_VERSION & 0xff); 403 1.1 christos /* 404 1.1 christos * *datalen will always fit into 2 bytes because our original buffer 405 1.1 christos * size is less than that. 406 1.1 christos */ 407 1.1 christos dummyrec[3] = (unsigned char)((*datalen >> 8) & 0xff); 408 1.1 christos dummyrec[4] = (unsigned char)(*datalen & 0xff); 409 1.1 christos 410 1.1 christos rl->msg_callback(0, TLS1_3_VERSION, SSL3_RT_HEADER, dummyrec, 411 1.1.1.2 christos SSL3_RT_HEADER_LENGTH, rl->cbarg); 412 1.1 christos rl->msg_callback(0, TLS1_3_VERSION, SSL3_RT_INNER_CONTENT_TYPE, type, 1, 413 1.1.1.2 christos rl->cbarg); 414 1.1 christos } 415 1.1 christos 416 1.1 christos return OSSL_RECORD_RETURN_SUCCESS; 417 1.1 christos } 418 1.1 christos 419 1.1 christos static int quic_release_record(OSSL_RECORD_LAYER *rl, void *rechandle, 420 1.1.1.2 christos size_t length) 421 1.1 christos { 422 1.1 christos if (!ossl_assert(rl->recread > 0) 423 1.1.1.2 christos || !ossl_assert(rl->recunreleased <= rl->recread) 424 1.1.1.2 christos || !ossl_assert(rl == rechandle) 425 1.1.1.2 christos || !ossl_assert(length <= rl->recunreleased)) { 426 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 427 1.1 christos return OSSL_RECORD_RETURN_FATAL; 428 1.1 christos } 429 1.1 christos 430 1.1 christos if (rl->recunreleased == length) { 431 1.1 christos if (!rl->qtls->args.crypto_release_rcd_cb(rl->recread, 432 1.1.1.2 christos rl->qtls->args.crypto_release_rcd_cb_arg)) { 433 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 434 1.1 christos return OSSL_RECORD_RETURN_FATAL; 435 1.1 christos } 436 1.1 christos rl->recread = 0; 437 1.1 christos } 438 1.1 christos rl->recunreleased -= length; 439 1.1 christos return OSSL_RECORD_RETURN_SUCCESS; 440 1.1 christos } 441 1.1 christos 442 1.1 christos static int quic_get_alert_code(OSSL_RECORD_LAYER *rl) 443 1.1 christos { 444 1.1 christos return rl->alert; 445 1.1 christos } 446 1.1 christos 447 1.1 christos static int quic_set_protocol_version(OSSL_RECORD_LAYER *rl, int version) 448 1.1 christos { 449 1.1 christos /* We only support TLSv1.3, so its bad if we negotiate anything else */ 450 1.1 christos if (!ossl_assert(version == TLS1_3_VERSION)) { 451 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_INTERNAL_ERROR); 452 1.1 christos return 0; 453 1.1 christos } 454 1.1 christos 455 1.1 christos return 1; 456 1.1 christos } 457 1.1 christos 458 1.1 christos static void quic_set_plain_alerts(OSSL_RECORD_LAYER *rl, int allow) 459 1.1 christos { 460 1.1 christos /* We don't care */ 461 1.1 christos } 462 1.1 christos 463 1.1 christos static void quic_set_first_handshake(OSSL_RECORD_LAYER *rl, int first) 464 1.1 christos { 465 1.1 christos /* We don't care */ 466 1.1 christos } 467 1.1 christos 468 1.1 christos static void quic_set_max_pipelines(OSSL_RECORD_LAYER *rl, size_t max_pipelines) 469 1.1 christos { 470 1.1 christos /* We don't care */ 471 1.1 christos } 472 1.1 christos 473 1.1 christos static void quic_get_state(OSSL_RECORD_LAYER *rl, const char **shortstr, 474 1.1.1.2 christos const char **longstr) 475 1.1 christos { 476 1.1 christos /* 477 1.1 christos * According to the docs, valid read state strings are: "RH"/"read header", 478 1.1 christos * "RB"/"read body", and "unknown"/"unknown". We don't read records in quite 479 1.1 christos * that way, so we report every "normal" state as "read header". In the 480 1.1 christos * event of error then we report "unknown". 481 1.1 christos */ 482 1.1 christos 483 1.1 christos if (rl->qtls->inerror) { 484 1.1 christos if (shortstr != NULL) 485 1.1 christos *shortstr = "unknown"; 486 1.1 christos if (longstr != NULL) 487 1.1 christos *longstr = "unknown"; 488 1.1 christos } else { 489 1.1 christos if (shortstr != NULL) 490 1.1 christos *shortstr = "RH"; 491 1.1 christos if (longstr != NULL) 492 1.1 christos *longstr = "read header"; 493 1.1 christos } 494 1.1 christos } 495 1.1 christos 496 1.1 christos static int quic_set_options(OSSL_RECORD_LAYER *rl, const OSSL_PARAM *options) 497 1.1 christos { 498 1.1 christos /* 499 1.1 christos * We don't support any options yet - but we might do at some point so 500 1.1 christos * this could be useful. 501 1.1 christos */ 502 1.1 christos return 1; 503 1.1 christos } 504 1.1 christos 505 1.1 christos static const COMP_METHOD *quic_get_compression(OSSL_RECORD_LAYER *rl) 506 1.1 christos { 507 1.1 christos /* We only support TLSv1.3 which doesn't have compression */ 508 1.1 christos return NULL; 509 1.1 christos } 510 1.1 christos 511 1.1 christos static void quic_set_max_frag_len(OSSL_RECORD_LAYER *rl, size_t max_frag_len) 512 1.1 christos { 513 1.1 christos /* This really doesn't make any sense for QUIC. Ignore it */ 514 1.1 christos } 515 1.1 christos 516 1.1 christos static int quic_alloc_buffers(OSSL_RECORD_LAYER *rl) 517 1.1 christos { 518 1.1 christos /* 519 1.1 christos * This is a hint only. We don't support it (yet), so just ignore the 520 1.1 christos * request 521 1.1 christos */ 522 1.1 christos return 1; 523 1.1 christos } 524 1.1 christos 525 1.1 christos static int quic_free_buffers(OSSL_RECORD_LAYER *rl) 526 1.1 christos { 527 1.1 christos /* 528 1.1 christos * This is a hint only. We don't support it (yet), so just ignore the 529 1.1 christos * request 530 1.1 christos */ 531 1.1 christos return 1; 532 1.1 christos } 533 1.1 christos 534 1.1 christos static int quic_set1_bio(OSSL_RECORD_LAYER *rl, BIO *bio) 535 1.1 christos { 536 1.1 christos if (bio != NULL && !BIO_up_ref(bio)) 537 1.1 christos return 0; 538 1.1 christos BIO_free(rl->dummybio); 539 1.1 christos rl->dummybio = bio; 540 1.1 christos 541 1.1 christos return 1; 542 1.1 christos } 543 1.1 christos 544 1.1 christos /* 545 1.1 christos * Never called functions 546 1.1 christos * 547 1.1 christos * Due to the way we are configured and used we never expect any of the next set 548 1.1 christos * of functions to be called. Therefore we set them to always fail. 549 1.1 christos */ 550 1.1 christos 551 1.1 christos static size_t quic_app_data_pending(OSSL_RECORD_LAYER *rl) 552 1.1 christos { 553 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 554 1.1 christos return (size_t)ossl_assert(0); 555 1.1 christos } 556 1.1 christos 557 1.1 christos static size_t quic_get_max_record_overhead(OSSL_RECORD_LAYER *rl) 558 1.1 christos { 559 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 560 1.1 christos return (size_t)ossl_assert(0); 561 1.1 christos } 562 1.1 christos 563 1.1 christos static int quic_increment_sequence_ctr(OSSL_RECORD_LAYER *rl) 564 1.1 christos { 565 1.1 christos QUIC_TLS_FATAL(rl, SSL_AD_INTERNAL_ERROR, ERR_R_SHOULD_NOT_HAVE_BEEN_CALLED); 566 1.1 christos return ossl_assert(0); 567 1.1 christos } 568 1.1 christos 569 1.1 christos /* End of never called functions */ 570 1.1 christos 571 1.1 christos static const OSSL_RECORD_METHOD quic_tls_record_method = { 572 1.1 christos quic_new_record_layer, 573 1.1 christos quic_free, 574 1.1 christos quic_unprocessed_read_pending, 575 1.1 christos quic_processed_read_pending, 576 1.1 christos quic_app_data_pending, /* Never called */ 577 1.1 christos quic_get_max_records, 578 1.1 christos quic_write_records, 579 1.1 christos quic_retry_write_records, 580 1.1 christos quic_read_record, 581 1.1 christos quic_release_record, 582 1.1 christos quic_get_alert_code, 583 1.1 christos quic_set1_bio, 584 1.1 christos quic_set_protocol_version, 585 1.1 christos quic_set_plain_alerts, 586 1.1 christos quic_set_first_handshake, 587 1.1 christos quic_set_max_pipelines, 588 1.1 christos NULL, /* set_in_init: Optional - we don't need it */ 589 1.1 christos quic_get_state, 590 1.1 christos quic_set_options, 591 1.1 christos quic_get_compression, 592 1.1 christos quic_set_max_frag_len, 593 1.1 christos quic_get_max_record_overhead, /* Never called */ 594 1.1 christos quic_increment_sequence_ctr, /* Never called */ 595 1.1 christos quic_alloc_buffers, 596 1.1 christos quic_free_buffers 597 1.1 christos }; 598 1.1 christos 599 1.1 christos static int add_transport_params_cb(SSL *s, unsigned int ext_type, 600 1.1.1.2 christos unsigned int context, 601 1.1.1.2 christos const unsigned char **out, size_t *outlen, 602 1.1.1.2 christos X509 *x, size_t chainidx, int *al, 603 1.1.1.2 christos void *add_arg) 604 1.1 christos { 605 1.1 christos QUIC_TLS *qtls = add_arg; 606 1.1 christos 607 1.1 christos *out = qtls->local_transport_params; 608 1.1 christos *outlen = qtls->local_transport_params_len; 609 1.1 christos qtls->local_transport_params_consumed = 1; 610 1.1 christos return 1; 611 1.1 christos } 612 1.1 christos 613 1.1 christos static void free_transport_params_cb(SSL *s, unsigned int ext_type, 614 1.1.1.2 christos unsigned int context, 615 1.1.1.2 christos const unsigned char *out, 616 1.1.1.2 christos void *add_arg) 617 1.1 christos { 618 1.1 christos } 619 1.1 christos 620 1.1 christos static int parse_transport_params_cb(SSL *s, unsigned int ext_type, 621 1.1.1.2 christos unsigned int context, 622 1.1.1.2 christos const unsigned char *in, 623 1.1.1.2 christos size_t inlen, X509 *x, 624 1.1.1.2 christos size_t chainidx, 625 1.1.1.2 christos int *al, void *parse_arg) 626 1.1 christos { 627 1.1 christos QUIC_TLS *qtls = parse_arg; 628 1.1 christos 629 1.1 christos return qtls->args.got_transport_params_cb(in, inlen, 630 1.1.1.2 christos qtls->args.got_transport_params_cb_arg); 631 1.1 christos } 632 1.1 christos 633 1.1 christos QUIC_TLS *ossl_quic_tls_new(const QUIC_TLS_ARGS *args) 634 1.1 christos { 635 1.1 christos QUIC_TLS *qtls; 636 1.1 christos 637 1.1 christos if (args->crypto_send_cb == NULL 638 1.1 christos || args->crypto_recv_rcd_cb == NULL 639 1.1 christos || args->crypto_release_rcd_cb == NULL) { 640 1.1 christos ERR_raise(ERR_LIB_SSL, ERR_R_PASSED_NULL_PARAMETER); 641 1.1 christos return NULL; 642 1.1 christos } 643 1.1 christos 644 1.1 christos qtls = OPENSSL_zalloc(sizeof(*qtls)); 645 1.1 christos if (qtls == NULL) 646 1.1 christos return NULL; 647 1.1 christos 648 1.1 christos if (args->ossl_quic && (qtls->error_state = OSSL_ERR_STATE_new()) == NULL) { 649 1.1 christos OPENSSL_free(qtls); 650 1.1 christos return NULL; 651 1.1 christos } 652 1.1 christos 653 1.1 christos qtls->args = *args; 654 1.1 christos return qtls; 655 1.1 christos } 656 1.1 christos 657 1.1 christos void ossl_quic_tls_free(QUIC_TLS *qtls) 658 1.1 christos { 659 1.1 christos if (qtls == NULL) 660 1.1 christos return; 661 1.1 christos OSSL_ERR_STATE_free(qtls->error_state); 662 1.1 christos OPENSSL_free(qtls); 663 1.1 christos } 664 1.1 christos 665 1.1 christos static int raise_error(QUIC_TLS *qtls, uint64_t error_code, 666 1.1.1.2 christos const char *error_msg, 667 1.1.1.2 christos const char *src_file, 668 1.1.1.2 christos int src_line, 669 1.1.1.2 christos const char *src_func) 670 1.1 christos { 671 1.1 christos /* 672 1.1 christos * When QTLS fails, add a "cover letter" error with information, potentially 673 1.1 christos * with any underlying libssl errors underneath it (but our cover error may 674 1.1 christos * be the only error in some cases). Then capture this into an ERR_STATE so 675 1.1 christos * we can report it later if need be when the QUIC_CHANNEL asks for it. 676 1.1 christos * For external QUIC TLS we just raise the error. 677 1.1 christos */ 678 1.1 christos ERR_new(); 679 1.1 christos ERR_set_debug(src_file, src_line, src_func); 680 1.1 christos ERR_set_error(ERR_LIB_SSL, SSL_R_QUIC_HANDSHAKE_LAYER_ERROR, 681 1.1.1.2 christos "handshake layer error, error code %llu (0x%llx) (\"%s\")", 682 1.1.1.2 christos error_code, error_code, error_msg); 683 1.1 christos 684 1.1 christos if (qtls->args.ossl_quic) { 685 1.1 christos OSSL_ERR_STATE_save_to_mark(qtls->error_state); 686 1.1 christos 687 1.1 christos /* 688 1.1 christos * We record the error information reported via the QUIC protocol 689 1.1 christos * separately. 690 1.1 christos */ 691 1.1.1.2 christos qtls->error_code = error_code; 692 1.1.1.2 christos qtls->error_msg = error_msg; 693 1.1.1.2 christos qtls->inerror = 1; 694 1.1 christos 695 1.1 christos ERR_pop_to_mark(); 696 1.1 christos } 697 1.1 christos return 0; 698 1.1 christos } 699 1.1 christos 700 1.1.1.2 christos #define RAISE_ERROR(qtls, error_code, error_msg) \ 701 1.1 christos raise_error((qtls), (error_code), (error_msg), \ 702 1.1.1.2 christos OPENSSL_FILE, OPENSSL_LINE, OPENSSL_FUNC) 703 1.1 christos 704 1.1 christos #ifndef OPENSSL_NO_QUIC 705 1.1.1.2 christos #define RAISE_INTERNAL_ERROR(qtls) \ 706 1.1 christos RAISE_ERROR((qtls), OSSL_QUIC_ERR_INTERNAL_ERROR, "internal error") 707 1.1 christos #else 708 1.1.1.2 christos #define RAISE_INTERNAL_ERROR(qtls) \ 709 1.1 christos RAISE_ERROR((qtls), 0x01, "internal error") 710 1.1 christos #endif 711 1.1 christos 712 1.1 christos int ossl_quic_tls_configure(QUIC_TLS *qtls) 713 1.1 christos { 714 1.1 christos SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s); 715 1.1 christos BIO *nullbio; 716 1.1 christos 717 1.1 christos if (sc == NULL || !SSL_set_min_proto_version(qtls->args.s, TLS1_3_VERSION)) 718 1.1 christos return RAISE_INTERNAL_ERROR(qtls); 719 1.1 christos 720 1.1 christos nullbio = BIO_new(BIO_s_null()); 721 1.1 christos if (nullbio == NULL) 722 1.1 christos return RAISE_INTERNAL_ERROR(qtls); 723 1.1 christos 724 1.1 christos /* 725 1.1 christos * Our custom record layer doesn't use the BIO - but libssl generally 726 1.1 christos * expects one to be present. 727 1.1 christos */ 728 1.1 christos SSL_set_bio(qtls->args.s, nullbio, nullbio); 729 1.1 christos 730 1.1 christos SSL_clear_options(qtls->args.s, SSL_OP_ENABLE_MIDDLEBOX_COMPAT); 731 1.1 christos ossl_ssl_set_custom_record_layer(sc, &quic_tls_record_method, qtls); 732 1.1 christos 733 1.1 christos if (!ossl_tls_add_custom_ext_intern(NULL, &sc->cert->custext, 734 1.1.1.2 christos qtls->args.is_server ? ENDPOINT_SERVER 735 1.1.1.2 christos : ENDPOINT_CLIENT, 736 1.1.1.2 christos TLSEXT_TYPE_quic_transport_parameters, 737 1.1.1.2 christos SSL_EXT_TLS1_3_ONLY 738 1.1.1.2 christos | SSL_EXT_CLIENT_HELLO 739 1.1.1.2 christos | SSL_EXT_TLS1_3_ENCRYPTED_EXTENSIONS, 740 1.1.1.2 christos add_transport_params_cb, 741 1.1.1.2 christos free_transport_params_cb, qtls, 742 1.1.1.2 christos parse_transport_params_cb, qtls)) 743 1.1 christos return 0; 744 1.1 christos 745 1.1 christos sc->s3.flags |= TLS1_FLAGS_QUIC; 746 1.1 christos 747 1.1 christos return 1; 748 1.1 christos } 749 1.1 christos 750 1.1 christos #ifndef OPENSSL_NO_QUIC 751 1.1 christos int ossl_quic_tls_tick(QUIC_TLS *qtls) 752 1.1 christos { 753 1.1 christos int ret, err; 754 1.1 christos const unsigned char *alpn; 755 1.1 christos unsigned int alpnlen; 756 1.1 christos 757 1.1 christos if (qtls->inerror) 758 1.1 christos return 0; 759 1.1 christos 760 1.1 christos /* 761 1.1 christos * SSL_get_error does not truly know what the cause of an SSL_read failure 762 1.1 christos * is and to some extent guesses based on contextual information. In 763 1.1 christos * particular, if there is _any_ ERR on the error stack, SSL_ERROR_SSL or 764 1.1 christos * SSL_ERROR_SYSCALL will be returned no matter what and there is no 765 1.1 christos * possibility of SSL_ERROR_WANT_READ/WRITE being returned, even if that was 766 1.1 christos * the actual cause of the SSL_read() failure. 767 1.1 christos * 768 1.1 christos * This means that ordinarily, the below code might not work right if the 769 1.1 christos * application has any ERR on the error stack. In order to make this code 770 1.1 christos * perform correctly regardless of prior ERR state, we use a variant of 771 1.1 christos * SSL_get_error() which ignores the error stack. However, some ERRs are 772 1.1 christos * raised by SSL_read() and actually indicate that something has gone wrong 773 1.1 christos * during the call to SSL_read(). We therefore adopt a strategy of marking 774 1.1 christos * the ERR stack and seeing if any errors get appended during the call to 775 1.1 christos * SSL_read(). If they are, we assume SSL_read() has raised an error and 776 1.1 christos * that we should use normal SSL_get_error() handling. 777 1.1 christos * 778 1.1 christos * NOTE: Ensure all escape paths from this function call 779 1.1 christos * ERR_clear_to_mark(). The RAISE macros handle this in failure cases. 780 1.1 christos */ 781 1.1 christos ERR_set_mark(); 782 1.1 christos 783 1.1 christos if (!qtls->configured) { 784 1.1 christos SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s); 785 1.1 christos SSL_CTX *sctx; 786 1.1 christos 787 1.1 christos if (sc == NULL) 788 1.1 christos return RAISE_INTERNAL_ERROR(qtls); 789 1.1 christos sctx = SSL_CONNECTION_GET_CTX(sc); 790 1.1 christos 791 1.1 christos /* 792 1.1 christos * No matter how the user has configured us, there are certain 793 1.1 christos * requirements for QUIC-TLS that we enforce 794 1.1 christos */ 795 1.1 christos 796 1.1 christos /* ALPN is a requirement for QUIC and must be set */ 797 1.1 christos if (qtls->args.is_server) { 798 1.1 christos if (sctx->ext.alpn_select_cb == NULL) 799 1.1 christos return RAISE_INTERNAL_ERROR(qtls); 800 1.1 christos } else { 801 1.1 christos if (sc->ext.alpn == NULL || sc->ext.alpn_len == 0) 802 1.1 christos return RAISE_ERROR(qtls, OSSL_QUIC_ERR_CRYPTO_NO_APP_PROTO, 803 1.1.1.2 christos "ALPN must be configured when using QUIC"); 804 1.1 christos } 805 1.1 christos 806 1.1 christos if (!ossl_quic_tls_configure(qtls)) 807 1.1 christos return RAISE_INTERNAL_ERROR(qtls); 808 1.1 christos 809 1.1 christos sc->s3.flags |= TLS1_FLAGS_QUIC_INTERNAL; 810 1.1 christos 811 1.1 christos if (qtls->args.is_server) 812 1.1 christos SSL_set_accept_state(qtls->args.s); 813 1.1 christos else 814 1.1 christos SSL_set_connect_state(qtls->args.s); 815 1.1 christos 816 1.1 christos qtls->configured = 1; 817 1.1 christos } 818 1.1 christos 819 1.1 christos if (qtls->complete) 820 1.1 christos /* 821 1.1 christos * There should never be app data to read, but calling SSL_read() will 822 1.1 christos * ensure any post-handshake messages are processed. 823 1.1 christos */ 824 1.1 christos ret = SSL_read(qtls->args.s, NULL, 0); 825 1.1 christos else 826 1.1 christos ret = SSL_do_handshake(qtls->args.s); 827 1.1 christos 828 1.1 christos if (ret <= 0) { 829 1.1 christos err = ossl_ssl_get_error(qtls->args.s, ret, 830 1.1.1.2 christos /*check_err=*/ERR_count_to_mark() > 0); 831 1.1 christos 832 1.1 christos switch (err) { 833 1.1 christos case SSL_ERROR_WANT_READ: 834 1.1 christos case SSL_ERROR_WANT_WRITE: 835 1.1 christos case SSL_ERROR_WANT_CLIENT_HELLO_CB: 836 1.1 christos case SSL_ERROR_WANT_X509_LOOKUP: 837 1.1 christos case SSL_ERROR_WANT_RETRY_VERIFY: 838 1.1 christos ERR_pop_to_mark(); 839 1.1 christos return 1; 840 1.1 christos 841 1.1 christos default: 842 1.1 christos return RAISE_INTERNAL_ERROR(qtls); 843 1.1 christos } 844 1.1 christos } 845 1.1 christos 846 1.1 christos if (!qtls->complete) { 847 1.1 christos /* Validate that we have ALPN */ 848 1.1 christos SSL_get0_alpn_selected(qtls->args.s, &alpn, &alpnlen); 849 1.1 christos if (alpn == NULL || alpnlen == 0) 850 1.1 christos return RAISE_ERROR(qtls, OSSL_QUIC_ERR_CRYPTO_NO_APP_PROTO, 851 1.1.1.2 christos "no application protocol negotiated"); 852 1.1 christos 853 1.1 christos qtls->complete = 1; 854 1.1 christos ERR_pop_to_mark(); 855 1.1 christos return qtls->args.handshake_complete_cb(qtls->args.handshake_complete_cb_arg); 856 1.1 christos } 857 1.1 christos 858 1.1 christos ERR_pop_to_mark(); 859 1.1 christos return 1; 860 1.1 christos } 861 1.1 christos #endif 862 1.1 christos 863 1.1 christos void ossl_quic_tls_clear(QUIC_TLS *qtls) 864 1.1 christos { 865 1.1 christos if (qtls == NULL) 866 1.1 christos return; 867 1.1 christos qtls->local_transport_params_consumed = 0; 868 1.1 christos } 869 1.1 christos 870 1.1 christos int ossl_quic_tls_set_transport_params(QUIC_TLS *qtls, 871 1.1.1.2 christos const unsigned char *transport_params, 872 1.1.1.2 christos size_t transport_params_len) 873 1.1 christos { 874 1.1 christos if (qtls->local_transport_params_consumed) 875 1.1 christos return 0; 876 1.1 christos 877 1.1.1.2 christos qtls->local_transport_params = transport_params; 878 1.1.1.2 christos qtls->local_transport_params_len = transport_params_len; 879 1.1 christos return 1; 880 1.1 christos } 881 1.1 christos 882 1.1 christos int ossl_quic_tls_get_error(QUIC_TLS *qtls, 883 1.1.1.2 christos uint64_t *error_code, 884 1.1.1.2 christos const char **error_msg, 885 1.1.1.2 christos ERR_STATE **error_state) 886 1.1 christos { 887 1.1 christos if (qtls->inerror) { 888 1.1.1.2 christos *error_code = qtls->error_code; 889 1.1.1.2 christos *error_msg = qtls->error_msg; 890 1.1.1.2 christos *error_state = qtls->error_state; 891 1.1 christos } 892 1.1 christos 893 1.1 christos return qtls->inerror; 894 1.1 christos } 895 1.1 christos 896 1.1 christos /* 897 1.1 christos * Returns true if the last handshake record message we processed was a 898 1.1 christos * CertificateRequest 899 1.1 christos */ 900 1.1 christos int ossl_quic_tls_is_cert_request(QUIC_TLS *qtls) 901 1.1 christos { 902 1.1 christos SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s); 903 1.1 christos 904 1.1 christos if (sc == NULL) 905 1.1 christos return 0; 906 1.1 christos 907 1.1 christos return sc->s3.tmp.message_type == SSL3_MT_CERTIFICATE_REQUEST; 908 1.1 christos } 909 1.1 christos 910 1.1 christos /* 911 1.1 christos * Returns true if the last session associated with the connection has an 912 1.1 christos * invalid max_early_data value for QUIC. 913 1.1 christos */ 914 1.1 christos int ossl_quic_tls_has_bad_max_early_data(QUIC_TLS *qtls) 915 1.1 christos { 916 1.1 christos uint32_t max_early_data = SSL_get0_session(qtls->args.s)->ext.max_early_data; 917 1.1 christos 918 1.1 christos /* 919 1.1 christos * If max_early_data was present we always ensure a non-zero value is 920 1.1 christos * stored in the session for QUIC. Therefore if max_early_data == 0 here 921 1.1 christos * we can be confident that it was not present in the NewSessionTicket 922 1.1 christos */ 923 1.1 christos return max_early_data != 0xffffffff && max_early_data != 0; 924 1.1 christos } 925 1.1 christos 926 1.1 christos int ossl_quic_tls_set_early_data_enabled(QUIC_TLS *qtls, int enabled) 927 1.1 christos { 928 1.1 christos SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(qtls->args.s); 929 1.1 christos 930 1.1 christos if (sc == NULL || !SSL_IS_QUIC_HANDSHAKE(sc) || !SSL_in_before(qtls->args.s)) 931 1.1 christos return 0; 932 1.1 christos 933 1.1 christos if (!enabled) { 934 1.1 christos sc->max_early_data = 0; 935 1.1 christos sc->early_data_state = SSL_EARLY_DATA_NONE; 936 1.1 christos return 1; 937 1.1 christos } 938 1.1 christos 939 1.1 christos if (sc->server) { 940 1.1 christos sc->max_early_data = 0xffffffff; 941 1.1 christos sc->early_data_state = SSL_EARLY_DATA_ACCEPTING; 942 1.1 christos return 1; 943 1.1 christos } 944 1.1 christos 945 1.1 christos if ((sc->session == NULL || sc->session->ext.max_early_data != 0xffffffff) 946 1.1 christos && sc->psk_use_session_cb == NULL) 947 1.1 christos return 0; 948 1.1 christos 949 1.1 christos sc->early_data_state = SSL_EARLY_DATA_CONNECTING; 950 1.1 christos return 1; 951 1.1 christos } 952
Indexes created Sun Mar 01 05:31:48 UTC 2026