diff options
author | Hugo Landau <hlandau@openssl.org> | 2023-06-12 14:13:33 +0100 |
---|---|---|
committer | Pauli <pauli@openssl.org> | 2023-06-16 09:26:48 +1000 |
commit | 2525109f90cf3a91a909621266ec6854a83805e2 (patch) | |
tree | 685dd38b75e74de35c0a1739f4b5f4771fbeccf0 /ssl | |
parent | 692a3cab11932d2aaa7b1b628cacc513ba73a5e5 (diff) | |
download | openssl-2525109f90cf3a91a909621266ec6854a83805e2.tar.gz |
QUIC: Allow application to trigger TXKU
Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Matt Caswell <matt@openssl.org>
Reviewed-by: Paul Dale <pauli@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/21029)
Diffstat (limited to 'ssl')
-rw-r--r-- | ssl/quic/quic_impl.c | 51 | ||||
-rw-r--r-- | ssl/ssl_lib.c | 10 |
2 files changed, 61 insertions, 0 deletions
diff --git a/ssl/quic/quic_impl.c b/ssl/quic/quic_impl.c index 548fcbc89e..4f379e32ed 100644 --- a/ssl/quic/quic_impl.c +++ b/ssl/quic/quic_impl.c @@ -1558,6 +1558,7 @@ SSL *ossl_quic_conn_stream_new(SSL *s, uint64_t flags) * (BIO/)SSL_write => ossl_quic_write * SSL_pending => ossl_quic_pending * SSL_stream_conclude => ossl_quic_conn_stream_conclude + * SSL_key_update => ossl_quic_key_update */ /* SSL_get_error */ @@ -2689,6 +2690,56 @@ int ossl_quic_get_conn_close_info(SSL *ssl, } /* + * SSL_key_update + * -------------- + */ +int ossl_quic_key_update(SSL *ssl, int update_type) +{ + QCTX ctx; + + if (!expect_quic_conn_only(ssl, &ctx)) + return 0; + + switch (update_type) { + case SSL_KEY_UPDATE_NOT_REQUESTED: + /* + * QUIC signals peer key update implicily by triggering a local + * spontaneous TXKU. Silently upgrade this to SSL_KEY_UPDATE_REQUESTED. + */ + case SSL_KEY_UPDATE_REQUESTED: + break; + + default: + /* Unknown type - error. */ + return 0; + } + + quic_lock(ctx.qc); + + /* Attempt to perform a TXKU. */ + if (!ossl_quic_channel_trigger_txku(ctx.qc->ch)) { + quic_unlock(ctx.qc); + return 0; + } + + quic_unlock(ctx.qc); + return 1; +} + +/* + * SSL_get_key_update_type + * ----------------------- + */ +int ossl_quic_get_key_update_type(const SSL *s) +{ + /* + * We always handle key updates immediately so a key update is never + * pending. + */ + return SSL_KEY_UPDATE_NONE; +} + +/* * QUIC Front-End I/O API: SSL_CTX Management * ========================================== */ diff --git a/ssl/ssl_lib.c b/ssl/ssl_lib.c index bad54e0955..1894be7d59 100644 --- a/ssl/ssl_lib.c +++ b/ssl/ssl_lib.c @@ -2727,6 +2727,11 @@ int SSL_key_update(SSL *s, int updatetype) { SSL_CONNECTION *sc = SSL_CONNECTION_FROM_SSL(s); +#ifndef OPENSSL_NO_QUIC + if (IS_QUIC(s)) + return ossl_quic_key_update(s, updatetype); +#endif + if (sc == NULL) return 0; @@ -2760,6 +2765,11 @@ int SSL_get_key_update_type(const SSL *s) { const SSL_CONNECTION *sc = SSL_CONNECTION_FROM_CONST_SSL(s); +#ifndef OPENSSL_NO_QUIC + if (IS_QUIC(s)) + return ossl_quic_get_key_update_type(s); +#endif + if (sc == NULL) return 0; |