diff options
author | Hugo Landau <hlandau@openssl.org> | 2024-02-15 09:14:41 +0000 |
---|---|---|
committer | Hugo Landau <hlandau@openssl.org> | 2024-03-07 23:48:49 +0000 |
commit | 5f02bbd5a6e7157faefb944ac5f11e0f6b024740 (patch) | |
tree | 9913be5cf876c899f27332056bd08388848fc8f9 | |
parent | c38558357de693ac9807d42c5f700ee59de7f20d (diff) | |
download | openssl-5f02bbd5a6e7157faefb944ac5f11e0f6b024740.tar.gz |
QUIC: Define error code for stateless reset
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Tim Hudson <tjh@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/23598)
-rw-r--r-- | doc/man3/SSL_get_conn_close_info.pod | 28 | ||||
-rw-r--r-- | include/openssl/quic.h | 4 | ||||
-rw-r--r-- | ssl/quic/quic_channel.c | 2 | ||||
-rw-r--r-- | util/other.syms | 1 |
4 files changed, 33 insertions, 2 deletions
diff --git a/doc/man3/SSL_get_conn_close_info.pod b/doc/man3/SSL_get_conn_close_info.pod index bb5bc72b7a..badb3bf7a6 100644 --- a/doc/man3/SSL_get_conn_close_info.pod +++ b/doc/man3/SSL_get_conn_close_info.pod @@ -23,7 +23,8 @@ OSSL_QUIC_ERR_AEAD_LIMIT_REACHED, OSSL_QUIC_ERR_NO_VIABLE_PATH, OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN, OSSL_QUIC_ERR_CRYPTO_ERR_END, -OSSL_QUIC_ERR_CRYPTO_ERR +OSSL_QUIC_ERR_CRYPTO_ERR, +OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT - get information about why a QUIC connection was closed =head1 SYNOPSIS @@ -67,6 +68,8 @@ OSSL_QUIC_ERR_CRYPTO_ERR #define OSSL_QUIC_ERR_CRYPTO_ERR(X) + #define OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT + =head1 DESCRIPTION The SSL_get_conn_close_info() function provides information about why and how a @@ -124,6 +127,29 @@ by the local or remote application. =back +The B<OSSL_QUIC_ERR> macro definitions provide the QUIC transport error codes as +defined by RFC 9000. The OSSL_QUIC_ERR_CRYPTO_ERR() macro can be used to convert +a TLS alert code into a QUIC transport error code by mapping it into the range +reserved for such codes by RFC 9000. This range begins at +B<OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN> and ends at B<OSSL_QUIC_ERR_CRYPTO_ERR_END> +inclusive. + +=head1 NON-STANDARD TRANSPORT ERROR CODES + +Some conditions which can cause QUIC connection termination are not signalled on +the wire and therefore do not have standard error codes. OpenSSL indicates these +errors via SSL_get_conn_close_info() by setting B<SSL_CONN_CLOSE_FLAG_TRANSPORT> +and using one of the following error values. These codes are specific to +OpenSSL, and cannot be sent over the wire, as they are above 2**62. + +=over 4 + +=item B<OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT> + +The connection was terminated immediately due to the idle timeout expiring. + +=back + =head1 RETURN VALUES SSL_get_conn_close_info() returns 1 on success and 0 on failure. This function diff --git a/include/openssl/quic.h b/include/openssl/quic.h index 853b944316..f66d643261 100644 --- a/include/openssl/quic.h +++ b/include/openssl/quic.h @@ -58,6 +58,10 @@ __owur const SSL_METHOD *OSSL_QUIC_client_thread_method(void); # define OSSL_QUIC_ERR_CRYPTO_ERR(X) \ (OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN + (X)) +/* Local errors. */ +# define OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT \ + ((uint64_t)0xFFFFFFFFFFFFFFFFULL) + # ifdef __cplusplus } # endif diff --git a/ssl/quic/quic_channel.c b/ssl/quic/quic_channel.c index 9bab5d005b..5bc08fad91 100644 --- a/ssl/quic/quic_channel.c +++ b/ssl/quic/quic_channel.c @@ -3325,7 +3325,7 @@ static void ch_on_idle_timeout(QUIC_CHANNEL *ch) * TERMINATED anyway. */ ch->terminate_cause.app = 0; - ch->terminate_cause.error_code = UINT64_MAX; + ch->terminate_cause.error_code = OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT; ch->terminate_cause.frame_type = 0; ch_record_state_transition(ch, QUIC_CHANNEL_STATE_TERMINATED); diff --git a/util/other.syms b/util/other.syms index b12aba44e6..e8a813c9bb 100644 --- a/util/other.syms +++ b/util/other.syms @@ -510,6 +510,7 @@ OSSL_QUIC_ERR_NO_VIABLE_PATH define OSSL_QUIC_ERR_CRYPTO_ERR_BEGIN define OSSL_QUIC_ERR_CRYPTO_ERR_END define OSSL_QUIC_ERR_CRYPTO_ERR define +OSSL_QUIC_LOCAL_ERR_IDLE_TIMEOUT define PEM_FLAG_EAY_COMPATIBLE define PEM_FLAG_ONLY_B64 define PEM_FLAG_SECURE define |