diff options
| author | Hugo Landau <hlandau@openssl.org> | 2023-04-18 19:30:55 +0100 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-05-12 14:47:12 +0100 |
| commit | 8a90df343edb194920b7a01c8b5e47d8b6e952c5 (patch) | |
| tree | 052a3bab9897e1f575b28b8b35143533378c6956 | |
| parent | 8b7be3aa7e90d85441f5012624cece4dca33291e (diff) | |
| download | openssl-new-8a90df343edb194920b7a01c8b5e47d8b6e952c5.tar.gz | |
QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
| -rw-r--r-- | include/internal/quic_ssl.h | 2 | ||||
| -rw-r--r-- | include/openssl/ssl.h.in | 5 | ||||
| -rw-r--r-- | ssl/quic/quic_impl.c | 34 | ||||
| -rw-r--r-- | ssl/quic/quic_local.h | 4 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 12 | ||||
| -rw-r--r-- | util/libssl.num | 1 |
6 files changed, 58 insertions, 0 deletions
diff --git a/include/internal/quic_ssl.h b/include/internal/quic_ssl.h index 986cd0e0d0..d307a9e196 100644 --- a/include/internal/quic_ssl.h +++ b/include/internal/quic_ssl.h @@ -72,6 +72,8 @@ __owur uint64_t ossl_quic_get_stream_id(SSL *s); __owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode); __owur SSL *ossl_quic_detach_stream(SSL *s); __owur int ossl_quic_attach_stream(SSL *conn, SSL *stream); +__owur int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy, + uint64_t aec); /* * Used to override ossl_time_now() for debug purposes. Must be called before diff --git a/include/openssl/ssl.h.in b/include/openssl/ssl.h.in index c5ab105816..d29ad85ece 100644 --- a/include/openssl/ssl.h.in +++ b/include/openssl/ssl.h.in @@ -2288,6 +2288,11 @@ __owur int SSL_attach_stream(SSL *conn, SSL *stream); #define SSL_STREAM_FLAG_UNI (1U << 0) __owur SSL *SSL_new_stream(SSL *s, uint64_t flags); +#define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO 0 +#define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT 1 +#define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT 2 +__owur int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec); + # ifndef OPENSSL_NO_QUIC __owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, size_t buf_len, diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 4550ee3be0..e76526a1b9 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -296,6 +296,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx) qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; qc->default_ssl_mode = qc->ssl.ctx->mode; qc->default_blocking = 1; + qc->incoming_stream_reject_policy + = SSL_INCOMING_STREAM_REJECT_POLICY_AUTO; qc->last_error = SSL_ERROR_NONE; if (!create_channel(qc)) @@ -2094,6 +2096,38 @@ int ossl_quic_attach_stream(SSL *conn, SSL *stream) } /* + * SSL_set_incoming_stream_reject_policy + * ------------------------------------- + */ +int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy, + uint64_t aec) +{ + int ret = 1; + QCTX ctx; + + if (!expect_quic_conn_only(s, &ctx)) + return 0; + + quic_lock(ctx.qc); + + switch (policy) { + case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO: + case SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT: + case SSL_INCOMING_STREAM_REJECT_POLICY_REJECT: + ctx.qc->incoming_stream_reject_policy = policy; + ctx.qc->incoming_stream_reject_aec = aec; + break; + + default: + ret = 0; + break; + } + + quic_unlock(ctx.qc); + return ret; +} + +/* * QUIC Front-End I/O API: SSL_CTX Management * ========================================== */ diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index edc82a415e..1e6f35482a 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -178,6 +178,10 @@ struct quic_conn_st { /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ uint32_t default_ssl_mode; + /* SSL_set_incoming_stream_reject_policy. */ + int incoming_stream_reject_policy; + uint64_t incoming_stream_reject_aec; + /* * Last 'normal' error during an app-level I/O operation, used by * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c6cd2dabda..6e3ef08376 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -7388,6 +7388,18 @@ int SSL_attach_stream(SSL *conn, SSL *stream) #endif } +int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec) +{ +#ifndef OPENSSL_NO_QUIC + if (!IS_QUIC(s)) + return 0; + + return ossl_quic_set_incoming_stream_reject_policy(s, policy, aec); +#else + return 0; +#endif +} + int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk) { unsigned char *data = NULL; diff --git a/util/libssl.num b/util/libssl.num index 8427cd1273..ab28742a81 100644 --- a/util/libssl.num +++ b/util/libssl.num @@ -568,3 +568,4 @@ SSL_get_stream_id ? 3_2_0 EXIST::FUNCTION: SSL_set_default_stream_mode ? 3_2_0 EXIST::FUNCTION: SSL_detach_stream ? 3_2_0 EXIST::FUNCTION: SSL_attach_stream ? 3_2_0 EXIST::FUNCTION: +SSL_set_incoming_stream_reject_policy ? 3_2_0 EXIST::FUNCTION: |