diff options
| author | Hugo Landau <hlandau@openssl.org> | 2023-04-18 19:30:55 +0100 |
|---|---|---|
| committer | Hugo Landau <hlandau@openssl.org> | 2023-05-12 14:47:12 +0100 |
| commit | 8a90df343edb194920b7a01c8b5e47d8b6e952c5 (patch) | |
| tree | 052a3bab9897e1f575b28b8b35143533378c6956 /ssl | |
| parent | 8b7be3aa7e90d85441f5012624cece4dca33291e (diff) | |
| download | openssl-new-8a90df343edb194920b7a01c8b5e47d8b6e952c5.tar.gz | |
QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired)
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
Diffstat (limited to 'ssl')
| -rw-r--r-- | ssl/quic/quic_impl.c | 34 | ||||
| -rw-r--r-- | ssl/quic/quic_local.h | 4 | ||||
| -rw-r--r-- | ssl/ssl_lib.c | 12 |
3 files changed, 50 insertions, 0 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 4550ee3be0..e76526a1b9 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -296,6 +296,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx) qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; qc->default_ssl_mode = qc->ssl.ctx->mode; qc->default_blocking = 1; + qc->incoming_stream_reject_policy + = SSL_INCOMING_STREAM_REJECT_POLICY_AUTO; qc->last_error = SSL_ERROR_NONE; if (!create_channel(qc)) @@ -2094,6 +2096,38 @@ int ossl_quic_attach_stream(SSL *conn, SSL *stream) } /* + * SSL_set_incoming_stream_reject_policy + * ------------------------------------- + */ +int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy, + uint64_t aec) +{ + int ret = 1; + QCTX ctx; + + if (!expect_quic_conn_only(s, &ctx)) + return 0; + + quic_lock(ctx.qc); + + switch (policy) { + case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO: + case SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT: + case SSL_INCOMING_STREAM_REJECT_POLICY_REJECT: + ctx.qc->incoming_stream_reject_policy = policy; + ctx.qc->incoming_stream_reject_aec = aec; + break; + + default: + ret = 0; + break; + } + + quic_unlock(ctx.qc); + return ret; +} + +/* * QUIC Front-End I/O API: SSL_CTX Management * ========================================== */ diff --git a/ssl/quic/quic_local.h b/ssl/quic/quic_local.h index edc82a415e..1e6f35482a 100644 --- a/ssl/quic/quic_local.h +++ b/ssl/quic/quic_local.h @@ -178,6 +178,10 @@ struct quic_conn_st { /* SSL_set_mode. This is not used directly but inherited by new XSOs. */ uint32_t default_ssl_mode; + /* SSL_set_incoming_stream_reject_policy. */ + int incoming_stream_reject_policy; + uint64_t incoming_stream_reject_aec; + /* * Last 'normal' error during an app-level I/O operation, used by * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index c6cd2dabda..6e3ef08376 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -7388,6 +7388,18 @@ int SSL_attach_stream(SSL *conn, SSL *stream) #endif } +int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec) +{ +#ifndef OPENSSL_NO_QUIC + if (!IS_QUIC(s)) + return 0; + + return ossl_quic_set_incoming_stream_reject_policy(s, policy, aec); +#else + return 0; +#endif +} + int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk) { unsigned char *data = NULL; |