root
/
openssl
mirror of https://github.com/openssl/openssl.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

QUIC DISPATCH/APL: Add SSL_set_incoming_stream_reject_policy (unwired) 

Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tomas Mraz <tomas@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/20765)
This commit is contained in:
Hugo Landau 2023-04-18 19:30:55 +01:00
parent 8b7be3aa7e
commit 8a90df343e
6 changed files with 58 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
include/internal/quic_ssl.h
View File

@ -72,6 +72,8 @@ __owur uint64_t ossl_quic_get_stream_id(SSL *s);
__owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode); __owur int ossl_quic_set_default_stream_mode(SSL *s, uint32_t mode);
__owur SSL *ossl_quic_detach_stream(SSL *s); __owur SSL *ossl_quic_detach_stream(SSL *s);
__owur int ossl_quic_attach_stream(SSL *conn, SSL *stream); __owur int ossl_quic_attach_stream(SSL *conn, SSL *stream);
__owur int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy,
uint64_t aec);
/* /*
* Used to override ossl_time_now() for debug purposes. Must be called before * Used to override ossl_time_now() for debug purposes. Must be called before

5
include/openssl/ssl.h.in
View File

@ -2288,6 +2288,11 @@ __owur int SSL_attach_stream(SSL *conn, SSL *stream);
#define SSL_STREAM_FLAG_UNI (1U << 0) #define SSL_STREAM_FLAG_UNI (1U << 0)
__owur SSL *SSL_new_stream(SSL *s, uint64_t flags); __owur SSL *SSL_new_stream(SSL *s, uint64_t flags);
#define SSL_INCOMING_STREAM_REJECT_POLICY_AUTO 0
#define SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT 1
#define SSL_INCOMING_STREAM_REJECT_POLICY_REJECT 2
__owur int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec);
# ifndef OPENSSL_NO_QUIC # ifndef OPENSSL_NO_QUIC
__owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf, __owur int SSL_inject_net_dgram(SSL *s, const unsigned char *buf,
size_t buf_len, size_t buf_len,

34
ssl/quic/quic_impl.c
View File

@ -296,6 +296,8 @@ SSL *ossl_quic_new(SSL_CTX *ctx)
qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI; qc->default_stream_mode = SSL_DEFAULT_STREAM_MODE_AUTO_BIDI;
qc->default_ssl_mode = qc->ssl.ctx->mode; qc->default_ssl_mode = qc->ssl.ctx->mode;
qc->default_blocking = 1; qc->default_blocking = 1;
qc->incoming_stream_reject_policy
= SSL_INCOMING_STREAM_REJECT_POLICY_AUTO;
qc->last_error = SSL_ERROR_NONE; qc->last_error = SSL_ERROR_NONE;
if (!create_channel(qc)) if (!create_channel(qc))
@ -2093,6 +2095,38 @@ int ossl_quic_attach_stream(SSL *conn, SSL *stream)
return 1; return 1;
} }
/*
* SSL_set_incoming_stream_reject_policy
* -------------------------------------
*/
int ossl_quic_set_incoming_stream_reject_policy(SSL *s, int policy,
uint64_t aec)
{
int ret = 1;
QCTX ctx;
if (!expect_quic_conn_only(s, &ctx))
return 0;
quic_lock(ctx.qc);
switch (policy) {
case SSL_INCOMING_STREAM_REJECT_POLICY_AUTO:
case SSL_INCOMING_STREAM_REJECT_POLICY_ACCEPT:
case SSL_INCOMING_STREAM_REJECT_POLICY_REJECT:
ctx.qc->incoming_stream_reject_policy = policy;
ctx.qc->incoming_stream_reject_aec = aec;
break;
default:
ret = 0;
break;
}
quic_unlock(ctx.qc);
return ret;
}
/* /*
* QUIC Front-End I/O API: SSL_CTX Management * QUIC Front-End I/O API: SSL_CTX Management
* ========================================== * ==========================================

4
ssl/quic/quic_local.h
View File

@ -178,6 +178,10 @@ struct quic_conn_st {
/* SSL_set_mode. This is not used directly but inherited by new XSOs. */ /* SSL_set_mode. This is not used directly but inherited by new XSOs. */
uint32_t default_ssl_mode; uint32_t default_ssl_mode;
/* SSL_set_incoming_stream_reject_policy. */
int incoming_stream_reject_policy;
uint64_t incoming_stream_reject_aec;
/* /*
* Last 'normal' error during an app-level I/O operation, used by * Last 'normal' error during an app-level I/O operation, used by
* SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ * SSL_get_error(); used to track data-path errors like SSL_ERROR_WANT_READ

12
ssl/ssl_lib.c
View File

@ -7388,6 +7388,18 @@ int SSL_attach_stream(SSL *conn, SSL *stream)
#endif #endif
} }
int SSL_set_incoming_stream_reject_policy(SSL *s, int policy, uint64_t aec)
{
#ifndef OPENSSL_NO_QUIC
if (!IS_QUIC(s))
return 0;
return ossl_quic_set_incoming_stream_reject_policy(s, policy, aec);
#else
return 0;
#endif
}
int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk) int SSL_add_expected_rpk(SSL *s, EVP_PKEY *rpk)
{ {
unsigned char *data = NULL; unsigned char *data = NULL;

1
util/libssl.num
View File

@ -568,3 +568,4 @@ SSL_get_stream_id ? 3_2_0 EXIST::FUNCTION:
SSL_set_default_stream_mode ? 3_2_0 EXIST::FUNCTION: SSL_set_default_stream_mode ? 3_2_0 EXIST::FUNCTION:
SSL_detach_stream ? 3_2_0 EXIST::FUNCTION: SSL_detach_stream ? 3_2_0 EXIST::FUNCTION:
SSL_attach_stream ? 3_2_0 EXIST::FUNCTION: SSL_attach_stream ? 3_2_0 EXIST::FUNCTION:
SSL_set_incoming_stream_reject_policy ? 3_2_0 EXIST::FUNCTION: