1 /* 2 * ngtcp2 3 * 4 * Copyright (c) 2019 ngtcp2 contributors 5 * 6 * Permission is hereby granted, free of charge, to any person obtaining 7 * a copy of this software and associated documentation files (the 8 * "Software"), to deal in the Software without restriction, including 9 * without limitation the rights to use, copy, modify, merge, publish, 10 * distribute, sublicense, and/or sell copies of the Software, and to 11 * permit persons to whom the Software is furnished to do so, subject to 12 * the following conditions: 13 * 14 * The above copyright notice and this permission notice shall be 15 * included in all copies or substantial portions of the Software. 16 * 17 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, 18 * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 19 * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 20 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE 21 * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION 22 * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION 23 * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 24 */ 25 #ifndef NGTCP2_CRYPTO_OPENSSL_H 26 #define NGTCP2_CRYPTO_OPENSSL_H 27 28 #include <ngtcp2/ngtcp2.h> 29 30 #include <openssl/ssl.h> 31 32 #ifdef __cplusplus 33 extern "C" { 34 #endif 35 36 /** 37 * @macrosection 38 * 39 * OpenSSL specific error codes 40 */ 41 42 /** 43 * @macro 44 * 45 * :macro:`NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP` is the 46 * error code which indicates that TLS handshake routine is 47 * interrupted by X509 certificate lookup. See 48 * :macro:`SSL_ERROR_WANT_X509_LOOKUP` error description from 49 * `SSL_do_handshake`. 50 */ 51 #define NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_X509_LOOKUP -10001 52 53 /** 54 * @macro 55 * 56 * :macro:`NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB` is the 57 * error code which indicates that TLS handshake routine is 58 * interrupted by client hello callback. See 59 * :macro:`SSL_ERROR_WANT_CLIENT_HELLO_CB` error description from 60 * `SSL_do_handshake`. 61 */ 62 #define NGTCP2_CRYPTO_OPENSSL_ERR_TLS_WANT_CLIENT_HELLO_CB -10002 63 64 /** 65 * @function 66 * 67 * `ngtcp2_crypto_openssl_from_ossl_encryption_level` translates 68 * |ossl_level| to :type:`ngtcp2_crypto_level`. This function is only 69 * available for OpenSSL backend. 70 */ 71 NGTCP2_EXTERN ngtcp2_crypto_level 72 ngtcp2_crypto_openssl_from_ossl_encryption_level( 73 OSSL_ENCRYPTION_LEVEL ossl_level); 74 75 /** 76 * @function 77 * 78 * `ngtcp2_crypto_openssl_from_ngtcp2_crypto_level` translates 79 * |crypto_level| to OSSL_ENCRYPTION_LEVEL. This function is only 80 * available for OpenSSL backend. 81 */ 82 NGTCP2_EXTERN OSSL_ENCRYPTION_LEVEL 83 ngtcp2_crypto_openssl_from_ngtcp2_crypto_level( 84 ngtcp2_crypto_level crypto_level); 85 86 /** 87 * @function 88 * 89 * `ngtcp2_crypto_openssl_configure_server_context` configures 90 * |ssl_ctx| for server side QUIC connection. It performs the 91 * following modifications: 92 * 93 * - Set minimum and maximum TLS version to TLSv1.3. 94 * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method. 95 * 96 * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to 97 * SSL object by calling SSL_set_app_data, and 98 * :type:`ngtcp2_crypto_conn_ref` object must have 99 * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get 100 * :type:`ngtcp2_conn`. 101 * 102 * It returns 0 if it succeeds, or -1. 103 */ 104 NGTCP2_EXTERN int 105 ngtcp2_crypto_openssl_configure_server_context(SSL_CTX *ssl_ctx); 106 107 /** 108 * @function 109 * 110 * `ngtcp2_crypto_openssl_configure_client_context` configures 111 * |ssl_ctx| for client side QUIC connection. It performs the 112 * following modifications: 113 * 114 * - Set minimum and maximum TLS version to TLSv1.3. 115 * - Set SSL_QUIC_METHOD by calling SSL_CTX_set_quic_method. 116 * 117 * Application must set a pointer to :type:`ngtcp2_crypto_conn_ref` to 118 * SSL object by calling SSL_set_app_data, and 119 * :type:`ngtcp2_crypto_conn_ref` object must have 120 * :member:`ngtcp2_crypto_conn_ref.get_conn` field assigned to get 121 * :type:`ngtcp2_conn`. 122 * 123 * It returns 0 if it succeeds, or -1. 124 */ 125 NGTCP2_EXTERN int 126 ngtcp2_crypto_openssl_configure_client_context(SSL_CTX *ssl_ctx); 127 128 #ifdef __cplusplus 129 } 130 #endif 131 132 #endif /* NGTCP2_CRYPTO_OPENSSL_H */ 133